Re: Deny install software by Helpdeskadmin@server.local
- From: "Anthony" <anthony.spam@xxxxxxxxxxxxxx>
- Date: Mon, 6 Aug 2007 17:26:01 +0100
Matt,
It sounds like they are using that account to push out the software. That
account probably has admin rights on the server, which is how it can install
it. It must have admin rights either directly, or as a member of a group.
If it is direct, you can remove it. If it is put there by a Restricted
Groups policy, you can't. If it is a member of a group, you can only remove
it from the group.
You could try the Local Security Policy, User Rights Assignment, and try the
Denies, but it is a bit of a hackaround. You could also put a Deny on the
whole file system and registry for that account so the whole installation
will fail.
Anthony,
http://www.airdesk.co.uk
"Matt Carter" <MLCarter1976@xxxxxxxxxx(doNOTspam)> wrote in message
news:FCA3347F-DD7F-41D7-8009-DE60D329FEC5@xxxxxxxxxxxxxxxx
The software is trying to install on systems and they do not support
trying
to prevent it from going to systems, so I want to set it up to have AD do
that. I do not need to install any software such as by using a GPO. The
software is already installed and working. I want to STOP someone from
logging on, installing, using the servers. I created a user account that
I
want to use that will do that. I need to know how to do that and that way
I
can say OK when YOU try to log on, YOU can NOT do anything, don't even TRY
To
get onto this server. That's what I want.
"Jorge Silva" wrote:
Hi
If your software is smart enough to discover and install, then it should
be
smart enough to include exclusion list giving you the ability to exclude
the
computers that you want.
If you want to use GPO to deply the software and you only want to apply
it
to the Computers, then you should link the GPO only to the computers OU,
or
use WMI filter to filter out the DCs.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Matt Carter" <MLCarter1976@xxxxxxxxxx(doNOTspam)> wrote in message
news:60B0D1F5-3660-4A69-AE2E-B273B6016EE9@xxxxxxxxxxxxxxxx
Steve B., the helpdesk software goes out I believe IP address by IP
address
and looks for the ability to update the system.
"Steve B" wrote:
Just to clarify - are you saying that when the helpdeskadministrator
logs
onto any machine some software is installed? You don't want this to
happen
on servers?
"Matt Carter" wrote:
We have a helpdesk software that likes to install itself on all the
systems
in the company. For the servers, we do NOT want this. I spoke with
tech
support and they said to create a user, as I have, that has domain
permissions to install on the local user systems, and to great a GPO
in
AD on
Server 2003 that has HelpdeskAdministrator@xxxxxxxxxx account and
then
set
that account to DENIED to the member servers and the domain
controllers.
I am not sure where in the GPO to go to edit and do I make it
enabled,
etc.
Basically:
I want to have Group Policy see that the user helpdeskadministrator
is
trying to install and to have the group policy DENY that
installation
of the
software.
Thank you for your help.
.
- References:
- Re: Deny install software by Helpdeskadmin@server.local
- From: Jorge Silva
- Re: Deny install software by Helpdeskadmin@server.local
- From: Matt Carter
- Re: Deny install software by Helpdeskadmin@server.local
- Prev by Date: trust issue
- Next by Date: Re: server performance
- Previous by thread: Re: Deny install software by Helpdeskadmin@server.local
- Next by thread: Re: Deny install software by Helpdeskadmin@server.local
- Index(es):
Relevant Pages
|
