Archived from groups: microsoft.public.win2000.security (More info?)
If they have any more rights/permissions than regular users they will be able to
install a lot of software. You can use Group Policy to assign or publish authorized
applications that can install as .msi programs. There are utilities than can convert
existing programs into .msi installs if need be. If you have any XP Pro computers,
the built in Software Restriction Policy can be extremely helpful in controlling what
users can install on their computers. There is no magic W2K Group Policy to allow or
disallow installing of applications other that giving regular users elevated
privileges to install .msi programs which is generally not a good thing to do.---
"sancho" <firstname.lastname@example.org> wrote in message
> I dont want users on my domain to be able to install or remove applications
> ( power users can and also orednery users can do it.)
> I think maybe put the users in the power users group and modify there
> priviliges so they cant install or remove any application ( maybe throw
> GPO ).
> is it possible ?