We have a Windows Server 2012 domain, with Windows 7 and Windows 8.1 cliënt computers. After adding the user to the local Power Users Group, they have obviously have more priviliges on their computers. They also can run every executable. Our security specialist says that this is a risk. For example malware could be installed in the background.
In my search to solve this issue, i came accross 'Software Restriction Policies'. Is this the only way to prevent users from starting only the software they need to use?