Stopping users from downloading software

We are a small company 100 users.  It's not a big problem, but is there a way to restrict specific computers or users from downloading software on to their computers.

We are non-profit, so it would have to be "CHEAP"
J.R. SitmanIT DirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mal OsborneAlpha GeekCommented:
The first thing to do would be to ensure that users don't have local administrator rights. This means most software cannot be installed by end users, and also limits the spread of Malware. It does of course mean users will need to contact helpdesk to add a printer driver, or perform other tasks that require admin access.
You can also set group policies to stop software from being installed from certain locations such as the download folders. This won't make it impossible to install software but will make it more difficult. It will also help protect you from ransomware.
This task might be bigger than you think and will need administrative expertise.
akb mentions a method that blocks all but known, defined executables - not only from the download folders but from anywhere. So you'd have to define a so-called whitelist of applications that you allow to run and the rest is prevented from running.
If interested: it's called "software restriction policies" and is a GPO feature. On enterprise editions of windows, there is applocker which is the successor to this SRP.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

J.R. SitmanIT DirectorAuthor Commented:
Do you have an example of the GPO for the download folder restriction.
J.R. SitmanIT DirectorAuthor Commented:
Thanks to all
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.