Re: How to prevent users from installing programs.
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 8 Aug 2008 22:25:29 -0400
RandyH <RHollaw@xxxxxxxxxxx> wrote:
ugh...you guys are right....Thanks for the all the help.
You're welcome. I know this isn't much fun when you're dealing with badly
written software, but 99.9999% of the time you can work around it. Oh, and
don't forget to holler at the developers who wrote the POS. And you know
which definition of that abbreviation I mean.
Lanwench [MVP - Exchange] wrote:
RandyH <RHollaw@xxxxxxxxxxx> wrote:
I was looking at Disable Windows Installer setting and see another
setting called, Prohibit User Installs.
Would that prevent users from installing programs?
The Disable Windows Installer, would that only apply to MSI's?
Thanks again,
RandyH
Did you try my suggestion? I think you're going to make yourself
crazy with this one. The right answer is to revoke the admin rights
(as well as run general policy lockdown). Anything else you do will
be a kluge and not a simple one.
Lanwench [MVP - Exchange] wrote:
RandyH <RHollaw@xxxxxxxxxxx> wrote:
I guess Disable Windows Installer could have been a good answerNo prob. I presume that by POS you don't mean "point of sale" but
too. Thanks for the KB, I had followed most of that article minus
the Disable Windows Installer setting.
do you know anything about Worldox? it's a POS and we've tried
what you have suggested in the past without success.
again, thanks for the KB...
something else. ;-)
And no, I'm not familiar with it. Just try the sysinternals
tool...it's very handy.
Lanwench [MVP - Exchange] wrote:
RandyH <RHollaw@xxxxxxxxxxx> wrote:
We have an app that requires users to be local admins, crappy IYou can lock down most everything you need to --and should-- but
know, but I how can i prevent users from installing programs?
If the TS has be in admin mode anyway, why would MS let programs
get installed otherwise????? - rant..
why not fix the underlying problem with this application first?
You should be able to identify the file system & registry areas
to which it wants access - try using Process Monitor from
Sysinternals (available for download on the MS website). Users
should not be admins on workstations, let alone servers & you
shouldn't have to leave them that way. Basics: you should be
running Terminal Services on a dedicated
member server with *no* other roles on the network. It should be
set up in its own OU, with a policy specifically for TS
(including loopback processing so that all users who log in get
the same settings, regardless of their own inherited user policy
settings). See KB 278295 for some good lockdown suggestions.
Also see MVP Patrick Rouse's articles at
http://www.sessioncomputing.com/articles.htm
.
- References:
- How to prevent users from installing programs.
- From: RandyH
- Re: How to prevent users from installing programs.
- From: Lanwench [MVP - Exchange]
- Re: How to prevent users from installing programs.
- From: RandyH
- Re: How to prevent users from installing programs.
- From: Lanwench [MVP - Exchange]
- Re: How to prevent users from installing programs.
- From: RandyH
- Re: How to prevent users from installing programs.
- From: Lanwench [MVP - Exchange]
- Re: How to prevent users from installing programs.
- From: RandyH
- How to prevent users from installing programs.
- Prev by Date: Re: Terminal Services, why is the clock being removed? GPOs?
- Next by Date: Re: Deactivate Server (ts licensing server) greyed out
- Previous by thread: Re: How to prevent users from installing programs.
- Next by thread: Re: How to prevent users from installing programs.
- Index(es):
Relevant Pages
|
