Power User Security - Lock Down App Installs

Toggle sidebar Toggle sidebar
nick

nick

Distinguished
Dec 31, 2007
994
0
18,980
Archived from groups: microsoft.public.win2000.security (More info?)

There are many appliacations in my environment that require users to be
members of the "Power Users" group.

How can I lock down these users so that they cannot install unapproved
software?
 
M

Marco

Distinguished
Apr 2, 2004
105
0
18,680
Archived from groups: microsoft.public.win2000.security (More info?)

"Nick" <Nick@discussions.microsoft.com> wrote in message
news:381B28E0-3911-4159-B222-DDA2B24DC5E3@microsoft.com...
> There are many appliacations in my environment that require users to be
> members of the "Power Users" group.
>
> How can I lock down these users so that they cannot install unapproved
> software?

Nick

one possible solution is to trace where these apps read/write by means of
filemon/regmon (www.sysinternals.com), change the ACLs and then remove the
users from the Power Users group. One disadvantage of this solution is that
you will basically have to open the ACLs to everyone.

Another solution, not free, is our own product which allows you to manage
privileges on a per-application basis.

cheers,

Marco
www.neovalens.com
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

If you can not modify the application permissions to run as a regular user
which usually are permissions to the application folder, registry key in
local machine, and/or all users profile then your options are to use
Software Restriction Policies on XP Pro computers only or to look at the
Group Policy options under user configuration/administrative
templates/system for do not run these Windows applications or run only these
Windows applications. It can help to add install.exe and setup.exe to the
disallowed Windows applications list. Another option is a strict computer
user policy with stated consequences. --- Steve


"Nick" <Nick@discussions.microsoft.com> wrote in message
news:381B28E0-3911-4159-B222-DDA2B24DC5E3@microsoft.com...
> There are many appliacations in my environment that require users to be
> members of the "Power Users" group.
>
> How can I lock down these users so that they cannot install unapproved
> software?
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom