How to prevent user from installing DropBox

You can block the DropBox IPs - cumbersome, since there are probably a lot of them.
You can block execution of the installer or the DropBox app itself by setting up a group policy. Never dd that myself, though.

Some users are allowed to use DropBox so I can't block it altogether.

GPOs can be set up very specific by asigning to OUs, or defining LDAP filler expressions.

I'm hoping to find a specific solution to stop the user from installing Dropbox.

User has no admin rights. I have tested this and Dropbox actually asks if you want to install it without admin rights.

Can you possibly provide some screen shots for us to see?

I have done some quick research on enforcing UAC on application installs see below a few links which might help you.

http://www.urtech.ca/2012/02/solved-how-to-set-user-access-control-uac-to-the-default-level-via-group-policy/comment-page-1/

https://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx

Kind Regards,
Lewis

As Qlemo hints, you'd be able to block setup by blacklisting. Applocker and software restriction policies can both be used. Much effort to block every new setup but you can block their digital signature.

How do I do that?

With applocker or software restriction policies. If dropbox is signing their setup, of course. Tutorials are found quickly.

That is the difficulty when some can and some can not.
software restriction as was pointed out is the only way to do a user by user but managing that will become difficult.
The GPO restricting access would need to use WMI filter to exclude a person or a member of a group from having the GPO applying...

Where do you see a difficulty, if I may ask?

Comparatively, to no access to Dropbox.
Some do and some don't means additional consider has to be in place whether the GPO applies to all with a wmi filter that excludes some. Or have restriction applies only to members of a group. The issue deals based on the choice of exclusionary rule, user needing access will request and will need to be placed in the exclude from software restricting GPO or a user observed using Dropbox and added to the restriction....


Basically, a criteria of who/how one gets access to drop box....

Applying a restriction only to members of a certain group is no difficulty. Admins do that all the time.

McKnife, I guess I am not putting my thought through clearly.
The decision has to be to apply a Restrictive GPO that denies everyone access to dropbox application and the GPO contains a WMI exclusionary filter that would exclude a member of a specific group from having the GPO apply to them.
A user that needs access will then have to ask for access the issue is then auditing of this group to make sure a user that needed and was granted access to this application in the past still needs this access.

It is complicated compared to an outright policy denying this application from running.

Another option could be to use a login/logout script for members of a group that will on login and logout would uninstall dropbox if it is installed......

one could also push computer GPO with software restriction if only a certain set of systems have access to drop box....

If Dropbox is a desktop application, you can configure software restriction in the group policy:
https://technet.microsoft.com/en-us/library/hh831534.aspx

More generally, it's a good idea to block downloading any executables and MSI. Software should be installed only from trusted locations on your LAN, even better from "install a program from the network" in Control Panel / Programs and Features.

I have tried setting various policies on the PC but DropBox still installs. It doesn't install in the Program Files folder, it installs under the user's profile. DropBox offers the user the option of installing without admin rights if it can't install the regular way. It seems DropBox somehow circumvent the usual safeguards at the user's option.
I have resolved the immediate problem by leaving DropBox installed and then removing the user's access to the folder it installed in. I restarted the PC and DropBox doesn't run and I get no errors. I tried to re-install DropBox and it gave me errors and wouldn't re-install.
I am interested in blocking the downloading of any executables and MSI, but I guess that is the topic of a different question.

The restriction is to prevent the dropbox.exe or the appropriate executeable from running.
Blocking of download of any exe or msi can be done via the router/firewall/proxy or imposing the restriction in IE.

But you always run into the issue of those who do install, that they will install either by bringing the installer on a USB stick, or installing another browser by the same method.

Given that install of local directory is ..
you can add a restriction that user can not run exes from the locations such as %localappdata%\*.exe %localappdata%\dropbox

etc.
this way only sunctioned systems that have dropbox installed in the programs will allow users loging into them access to drop box.

Search for GPO to deal with ransomware which you can adapt the GPO examples to include locations where dropbox installs in the local user profile .......

...last but not least, some problems can be more effectively solved by administrative measures, rather than by IT. Have HR make announcement, then maybe catch someone, and in no time they will be reporting each other to you.

The company already has policies in place but I keep on catching them out. If it were my business I'd sack the offenders!

If they continue, then perhaps it signifies a legitimate business need they have, that is not satisfied by what you offered them?  Maybe that solution even would be the same Dropbox, but using corporate account under your control? from dropbox own webpage: "You use Dropbox. Why doesn’t your company? Upgrade to Dropbox Business and get the solution that employees love, with the controls that IT admins need." Seems like your situation exactly.

No, the offending employee is using it for personal use.

What?

Hi akb.
I read your request for attention and I am pretty baffled.
See, my point is: this is an easy task and I outlined its solution. Your feedback was "How do I do that?" and I told you to look for tutorials for yourself because they are found on the net, easily. No further feedback came, instead, other directions were tried. So I came back and offered you the steps it takes.

I participate in many questions and often I see this: if the asker faces a difficulty to follow a proposal, he just drops it and stops giving feedback on it, silently. This was, what I saw here.
If you find a sentence of mine "what are you waiting for" provoking or even somewhat aggressive - sorry, no. It was meant to motivate you to go and try it, pretty bluntly, indeed. But not aggressive, sorry if that could be mistaken, sorry for the wrong tone.

Given that "what are you waiting for?" is the core question of the pop hit "Love me like you do", it's proven that it's not aggressive at all :-) McKnife certainly has offered a solution, and a very detailed one,  which he has personally tested it and verified that it woks. One needs quite a determination to avoid a solution to take that as an offense.

Telling me to look for tutorials for myself is not helpful. I spent much time googling for solutions unsuccessfully. That is why I posted the question here.
Maybe it is a cultural thing but I was offended by the tone of your post.
"Ok, anyone feel like solving this? Yes? Ok, then why not just do it?"
 "what are you waiting for?"
Maybe if you had offered me the detailed solution earlier then I could had tried it.
I accept that you did not mean offence and will try your solution - thanks for your assistance.

...besides, in order to use dropbox one does not even need their applet, it's only a matter of convenience. In the next minute after you finally block the application. the offending user will simply open web browser and will do the same.

http://mspmentor.net/blog/three-ways-block-dropbox-workplace discusses several ways to block dropbox by the firewall, including listing their servers.

Dropbox is only a tool. Besides dropbox, there's also mediafire and X other similar file-hosting websites, there's ftp, and there's simply sending the attachment to yourself by email, especially by using personal webmail in the same browser.

That is true. The only way a business can hope to prevent employees stealing their data is with policies which some employees will choose to ignore.
The big problem my client is having with dropbox is that the employee loads a couple of gigabytes of private photo's on his PC and then dropbox automatically uploads them to the internet. Internet speed is 10MB down and 1MB up - the fastest available here at the moment. This kills the internet for everyone else in the office.
They call me in to work out what the problem is and when the employee sees I'm in the building he exits his dropbox. Total waste of time for me and money for my client.
As I said previously, I have resolved the immediate problem by leaving DropBox installed and then removing the user's access to the folder it installed in using security setting in windows explorer.

Thanks Vadim Rapp. I like the way you think. I will explore the possibilities.

Thanks for all your assistance with this.
Again, I apologise for misinterpreting comments which, in hind site, were obviously not malicious.
I am going down the GPO route, and having problems, but that is the topic of another question.
Thanks again.

No need to apologize, I obviously chose a wrong tone.
Frustration on my side is high sometimes with all the questions I participate in and that little feedback my comments sometimes get.
And I really welcome your "Maybe it is a cultural thing" - because it often is. I know many german forums, where helpers are really, really impatient up to rudeness with the people they were trying to help in the first place :| Sorry again.