Power User Security - Lock Down App Installs

Archived from groups: microsoft.public.win2000.security (More info?)

There are many appliacations in my environment that require users to be
members of the "Power Users" group.

How can I lock down these users so that they cannot install unapproved
software?
2 answers Last reply
More about power user security lock installs
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    "Nick" <Nick@discussions.microsoft.com> wrote in message
    news:381B28E0-3911-4159-B222-DDA2B24DC5E3@microsoft.com...
    > There are many appliacations in my environment that require users to be
    > members of the "Power Users" group.
    >
    > How can I lock down these users so that they cannot install unapproved
    > software?

    Nick

    one possible solution is to trace where these apps read/write by means of
    filemon/regmon (www.sysinternals.com), change the ACLs and then remove the
    users from the Power Users group. One disadvantage of this solution is that
    you will basically have to open the ACLs to everyone.

    Another solution, not free, is our own product which allows you to manage
    privileges on a per-application basis.

    cheers,

    Marco
    www.neovalens.com
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    If you can not modify the application permissions to run as a regular user
    which usually are permissions to the application folder, registry key in
    local machine, and/or all users profile then your options are to use
    Software Restriction Policies on XP Pro computers only or to look at the
    Group Policy options under user configuration/administrative
    templates/system for do not run these Windows applications or run only these
    Windows applications. It can help to add install.exe and setup.exe to the
    disallowed Windows applications list. Another option is a strict computer
    user policy with stated consequences. --- Steve


    "Nick" <Nick@discussions.microsoft.com> wrote in message
    news:381B28E0-3911-4159-B222-DDA2B24DC5E3@microsoft.com...
    > There are many appliacations in my environment that require users to be
    > members of the "Power Users" group.
    >
    > How can I lock down these users so that they cannot install unapproved
    > software?
Ask a new question

Read More

Security Microsoft Power Windows