Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Power User Security - Lock Down App Installs

Power User Security - Lock Down App Installs

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Power User Security - Lock Down App Installs

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
nick   12-09-2004 at 01:53:12 PM

Archived from groups: microsoft.public.win2000.security (More info?)

 

There are many appliacations in my environment that require users to be
members of the "Power Users" group.

How can I lock down these users so that they cannot install unapproved
software?

Add a reply
Sponsored Links
Register or log in to remove.
Marco   12-10-2004 at 02:48:25 AM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

"Nick" <Nick@discussions.microsoft.com> wrote in message
news:381B28E0-3911-4159-B222-DDA2B24DC5E3@microsoft.com...
> There are many appliacations in my environment that require users to be
> members of the "Power Users" group.
>
> How can I lock down these users so that they cannot install unapproved
> software?

Nick

one possible solution is to trace where these apps read/write by means of
filemon/regmon (www.sysinternals.com), change the ACLs and then remove the
users from the Power Users group. One disadvantage of this solution is that
you will basically have to open the ACLs to everyone.

Another solution, not free, is our own product which allows you to manage
privileges on a per-application basis.

cheers,

Marco
www.neovalens.com

Reply to Marco
Anonymous   12-11-2004 at 05:40:26 AM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

If you can not modify the application permissions to run as a regular user
which usually are permissions to the application folder, registry key in
local machine, and/or all users profile then your options are to use
Software Restriction Policies on XP Pro computers only or to look at the
Group Policy options under user configuration/administrative
templates/system for do not run these Windows applications or run only these
Windows applications. It can help to add install.exe and setup.exe to the
disallowed Windows applications list. Another option is a strict computer
user policy with stated consequences. --- Steve


"Nick" <Nick@discussions.microsoft.com> wrote in message
news:381B28E0-3911-4159-B222-DDA2B24DC5E3@microsoft.com...
> There are many appliacations in my environment that require users to be
> members of the "Power Users" group.
>
> How can I lock down these users so that they cannot install unapproved
> software?

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Power User Security - Lock Down App Installs
Go to:

There are 1078 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.469 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?