Sign in with
Sign up | Sign in
Your question

how can I restrict users from installing ...

Last response: in Windows 2000/NT
Share
Anonymous
December 28, 2004 4:51:36 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

How can restrict users from installing things like Yahoo toolbars and the
like?

I'm also having trouble with them installing screensavers.

Any help would be appreciated.

Thanks

Kelvin
Anonymous
December 30, 2004 5:01:30 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"Kelvin Beaton" wrote:
> How can restrict users from installing things like Yahoo
> toolbars and the
> like?
>
> I'm also having trouble with them installing screensavers.
>
> Any help would be appreciated.
>
> Thanks
>
> Kelvin

Hi,

NTFS is the only way to prevent users from installing. However, you
can run into problems if you are running specific programs.

1> Users need to be "Users" not administrators
2> Use NTFS - Remove the "Everyone Group". Give "Users" Read and
Execute over Everything.
3> Use Mandatory profiles that delete on logoff.

Reply if you need more specific details

Cheers,

Lara

--
http://www.WindowsForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.WindowsForumz.com/Group-Policy-restrict-user...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.WindowsForumz.com/eform.php?p=740981
Anonymous
December 30, 2004 5:26:29 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks for the reply.
I check the user I was questioning and found she was part of the local
Administrators group. I can't remember why she was setup that way, but have
removed her and we'll see what problems that might cause.

Where can I find info on "Use Mandatory profiles that delete on logoff"? I
have the users accounts set to store on the network. I like this so they can
login anywhere and have their email and documents. I'm not sure I would want
them to delete on logoff.

I'd be curious to hear your thoughts on the profile topic.

Thanks

Kelvin


"lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
news:41d4508a$1_2@alt.athenanews.com...
> "Kelvin Beaton" wrote:
> > How can restrict users from installing things like Yahoo
> > toolbars and the
> > like?
> >
> > I'm also having trouble with them installing screensavers.
> >
> > Any help would be appreciated.
> >
> > Thanks
> >
> > Kelvin
>
> Hi,
>
> NTFS is the only way to prevent users from installing. However, you
> can run into problems if you are running specific programs.
>
> 1> Users need to be "Users" not administrators
> 2> Use NTFS - Remove the "Everyone Group". Give "Users" Read and
> Execute over Everything.
> 3> Use Mandatory profiles that delete on logoff.
>
> Reply if you need more specific details
>
> Cheers,
>
> Lara
>
> --
> http://www.WindowsForumz.com/ This article was posted by author's request
> Articles individually checked for conformance to usenet standards
> Topic URL:
> http://www.WindowsForumz.com/Group-Policy-restrict-user...
> Visit Topic URL to contact author (reg. req'd). Report abuse:
> http://www.WindowsForumz.com/eform.php?p=740981
Anonymous
December 31, 2004 12:39:09 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"Kelvin Beaton" wrote:
> Thanks for the reply.
> I check the user I was questioning and found she was part of
> the local
> Administrators group. I can't remember why she was setup that
> way, but have
> removed her and we'll see what problems that might cause.
>
> Where can I find info on "Use Mandatory profiles that delete
> on logoff"? I
> have the users accounts set to store on the network. I like
> this so they can
> login anywhere and have their email and documents. I'm not
> sure I would want
> them to delete on logoff.
>
> I'd be curious to hear your thoughts on the profile topic.
>
> Thanks
>
> Kelvin
>
>
> "lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
> news:41d4508a$1_2@alt.athenanews.com...
> > "Kelvin Beaton" wrote:
>  > > How can restrict users from installing things like
> Yahoo
>  > > toolbars and the
>  > > like?
>  > >
>  > > I'm also having trouble with them installing
> screensavers.
>  > >
>  > > Any help would be appreciated.
>  > >
>  > > Thanks
>  > >
>  > > Kelvin
> >
> > Hi,
> >
> > NTFS is the only way to prevent users from installing.
> However, you
> > can run into problems if you are running specific programs.
> >
> > 1> Users need to be "Users" not administrators
> > 2> Use NTFS - Remove the "Everyone Group". Give "Users"
> Read and
> > Execute over Everything.
> > 3> Use Mandatory profiles that delete on logoff.
> >
> > Reply if you need more specific details
> >
> > Cheers,
> >
> > Lara
> >
> > --
> > http://www.WindowsForumz.com/ This article was posted by author's request
> > Articles individually checked for conformance to usenet
> standards
> > Topic URL:
> > http://www.WindowsForumz.com/Group-Policy-restrict-user...
> > Visit Topic URL to contact author (reg. req'd). Report
> abuse:
> > http://www.WindowsForumz.com/eform.php?p=740981

Hi,

I use Mandatory Profiles in my Windows 2000 Server. Basically they are
roaming profiles that a user can’t modify. The My Documents is
redirected to a Home Directory share on the server with Group Policy
so it isn’t part of the profile. I redirect the Favourites to the
server share as well using a VBScript or modifying the Mandatory
Profile in regedit.

Basically I create a profile using my directions on my website
http://www.sd61.bc.ca/windows2000/

I then allow "read" only access to the roaming profile and change
the user.dat to user.man. In Active Directory I point the users
profile to the share I created with the profile in it. I use group
policy to redirect the Users home folders. To make any additional
modifications like redirecting the Favourites I open Regedit, do a
"load hive" under HKUsers and then load the user.dat to modify. The
Fav location in in
software-microsoft-windows-currentversion-Explorer-Shell Folders and
User Shell Folders. Eg. I change to H:\

This may be too restrictive for your user though. Removing from admin
group may do the trick. To find out what registry keys and files need
’write’ access for certain programs, I use this cool program called
inctrl5 http://www.sd61.bc.ca/windows2000/downloads/inctrl5.zip to
scan the HD (logged in as admin), run the program, and scan the HD
again recording any files/keys modified.

I have gotten pretty much every program to run under Read Only Access
by simply giving write access to only one or two files or registry
keys. All my users have Read Only on the whole HD.

Cheers,

Lara
!