how can I restrict users from installing ...

Archived from groups: microsoft.public.win2000.group_policy (More info?)

How can restrict users from installing things like Yahoo toolbars and the
like?

I'm also having trouble with them installing screensavers.

Any help would be appreciated.

Thanks

Kelvin
3 answers Last reply
More about restrict users installing
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    "Kelvin Beaton" wrote:
    > How can restrict users from installing things like Yahoo
    > toolbars and the
    > like?
    >
    > I'm also having trouble with them installing screensavers.
    >
    > Any help would be appreciated.
    >
    > Thanks
    >
    > Kelvin

    Hi,

    NTFS is the only way to prevent users from installing. However, you
    can run into problems if you are running specific programs.

    1> Users need to be "Users" not administrators
    2> Use NTFS - Remove the "Everyone Group". Give "Users" Read and
    Execute over Everything.
    3> Use Mandatory profiles that delete on logoff.

    Reply if you need more specific details

    Cheers,

    Lara

    --
    http://www.WindowsForumz.com/ This article was posted by author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.WindowsForumz.com/Group-Policy-restrict-users-installing-ftopict242793.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.WindowsForumz.com/eform.php?p=740981
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Thanks for the reply.
    I check the user I was questioning and found she was part of the local
    Administrators group. I can't remember why she was setup that way, but have
    removed her and we'll see what problems that might cause.

    Where can I find info on "Use Mandatory profiles that delete on logoff"? I
    have the users accounts set to store on the network. I like this so they can
    login anywhere and have their email and documents. I'm not sure I would want
    them to delete on logoff.

    I'd be curious to hear your thoughts on the profile topic.

    Thanks

    Kelvin


    "lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
    news:41d4508a$1_2@alt.athenanews.com...
    > "Kelvin Beaton" wrote:
    > > How can restrict users from installing things like Yahoo
    > > toolbars and the
    > > like?
    > >
    > > I'm also having trouble with them installing screensavers.
    > >
    > > Any help would be appreciated.
    > >
    > > Thanks
    > >
    > > Kelvin
    >
    > Hi,
    >
    > NTFS is the only way to prevent users from installing. However, you
    > can run into problems if you are running specific programs.
    >
    > 1> Users need to be "Users" not administrators
    > 2> Use NTFS - Remove the "Everyone Group". Give "Users" Read and
    > Execute over Everything.
    > 3> Use Mandatory profiles that delete on logoff.
    >
    > Reply if you need more specific details
    >
    > Cheers,
    >
    > Lara
    >
    > --
    > http://www.WindowsForumz.com/ This article was posted by author's request
    > Articles individually checked for conformance to usenet standards
    > Topic URL:
    > http://www.WindowsForumz.com/Group-Policy-restrict-users-installing-ftopict242793.html
    > Visit Topic URL to contact author (reg. req'd). Report abuse:
    > http://www.WindowsForumz.com/eform.php?p=740981
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    "Kelvin Beaton" wrote:
    > Thanks for the reply.
    > I check the user I was questioning and found she was part of
    > the local
    > Administrators group. I can't remember why she was setup that
    > way, but have
    > removed her and we'll see what problems that might cause.
    >
    > Where can I find info on "Use Mandatory profiles that delete
    > on logoff"? I
    > have the users accounts set to store on the network. I like
    > this so they can
    > login anywhere and have their email and documents. I'm not
    > sure I would want
    > them to delete on logoff.
    >
    > I'd be curious to hear your thoughts on the profile topic.
    >
    > Thanks
    >
    > Kelvin
    >
    >
    > "lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
    > news:41d4508a$1_2@alt.athenanews.com...
    > > "Kelvin Beaton" wrote:
    >  > > How can restrict users from installing things like
    > Yahoo
    >  > > toolbars and the
    >  > > like?
    >  > >
    >  > > I'm also having trouble with them installing
    > screensavers.
    >  > >
    >  > > Any help would be appreciated.
    >  > >
    >  > > Thanks
    >  > >
    >  > > Kelvin
    > >
    > > Hi,
    > >
    > > NTFS is the only way to prevent users from installing.
    > However, you
    > > can run into problems if you are running specific programs.
    > >
    > > 1> Users need to be "Users" not administrators
    > > 2> Use NTFS - Remove the "Everyone Group". Give "Users"
    > Read and
    > > Execute over Everything.
    > > 3> Use Mandatory profiles that delete on logoff.
    > >
    > > Reply if you need more specific details
    > >
    > > Cheers,
    > >
    > > Lara
    > >
    > > --
    > > http://www.WindowsForumz.com/ This article was posted by author's request
    > > Articles individually checked for conformance to usenet
    > standards
    > > Topic URL:
    > > http://www.WindowsForumz.com/Group-Policy-restrict-users-installing-ftopict242793.html
    > > Visit Topic URL to contact author (reg. req'd). Report
    > abuse:
    > > http://www.WindowsForumz.com/eform.php?p=740981

    Hi,

    I use Mandatory Profiles in my Windows 2000 Server. Basically they are
    roaming profiles that a user can’t modify. The My Documents is
    redirected to a Home Directory share on the server with Group Policy
    so it isn’t part of the profile. I redirect the Favourites to the
    server share as well using a VBScript or modifying the Mandatory
    Profile in regedit.

    Basically I create a profile using my directions on my website
    http://www.sd61.bc.ca/windows2000/

    I then allow "read" only access to the roaming profile and change
    the user.dat to user.man. In Active Directory I point the users
    profile to the share I created with the profile in it. I use group
    policy to redirect the Users home folders. To make any additional
    modifications like redirecting the Favourites I open Regedit, do a
    "load hive" under HKUsers and then load the user.dat to modify. The
    Fav location in in
    software-microsoft-windows-currentversion-Explorer-Shell Folders and
    User Shell Folders. Eg. I change to H:\

    This may be too restrictive for your user though. Removing from admin
    group may do the trick. To find out what registry keys and files need
    ’write’ access for certain programs, I use this cool program called
    inctrl5 http://www.sd61.bc.ca/windows2000/downloads/inctrl5.zip to
    scan the HD (logged in as admin), run the program, and scan the HD
    again recording any files/keys modified.

    I have gotten pretty much every program to run under Read Only Access
    by simply giving write access to only one or two files or registry
    keys. All my users have Read Only on the whole HD.

    Cheers,

    Lara
Ask a new question

Read More

Policy Microsoft Yahoo Windows