asked on

I need to monitor and/or restrict the install/uninstall of software on my server

I want to monitor my prod servers for install/uninstall of software. Can this be done with a GPO. My first thought is a GPO that only allows installation from a certain group. This could at least be a secondary measure. Thus I've seen some third party tools that that monitor the event log but that could be too late, whereby the GPO's ACL may be more of a measure.

ASKER CERTIFIED SOLUTION

arnold

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Cliff Galiher

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

William Miller

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mark Owens

ASKER

Thank I appreciate the input.

Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security Officer

Best practices it to grant permissions only to those who need access to do their jobs and only those permissions specific to accomplishing their jobs. So I ensure that only authorized users are accessing my servers in the first place and then turn on auditing for those servers. So for example, I need my techs to be able to add users to my DC, but not make any changes to any other OU or anything else on the server, I would restrict them to just that.

Mark Owens

ASKER

Thanks. I appreciate your input.