Software Restrictions versus Revoke Local Admin Rights
- From: "Blenky" <sblenkhorn@xxxxxxxxx>
- Date: 10 Aug 2006 11:00:35 -0700
I am in the process of installing and configuring SBS 2003 for our
small network. I am looking for the best way to stop employees from
downloading and/or installing software without consent (basically
attempting to stop malware/badware/spyware). I know one option is to
use Software Restrictions. My two choices for Software Restrictions
seem to be a) Blacklist software I don't want or b) Whitelist the
software that is allowed to run. While these would work, it seems
Blacklisting software would be next to impossible, because who knows
how many apps are out there that I don't want installed. Whitelisting
would work, but it seems difficult to get a handle on all the apps that
must run in order for employees to do their jobs correctly (all the
Windows components, etc).
I read somewhere that you could revoke the Local Admin Rights that the
user had. I wasn't aware this was an option. A couple of questions...
1) Is there a way to change SBS configuration so that when
computers/users are configured, the users aren't given Local Admin
privileges when they certainly shouldn't be Admins to the machine (big
security breach in my mind)?
2) Is simply making them a User versus an Admin of the machine going to
stop the installation of software (spyware, etc)?
Thanks,
Sean
.
- Follow-Ups:
- Re: Software Restrictions versus Revoke Local Admin Rights
- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: Software Restrictions versus Revoke Local Admin Rights
- Prev by Date: Re: SBS Client logon slow, once more
- Next by Date: Re: Connect to Small Business Server VPN
- Previous by thread: IIS not serving
- Next by thread: Re: Software Restrictions versus Revoke Local Admin Rights
- Index(es):
Relevant Pages
|
