Alerts on Application Launch

  • Thread starter Thread starter jmiddleton
  • Start date Start date
J

jmiddleton

Hi. I'm hoping someone can help me with figuring out a solution to a
problem I have. We have many users who are set as Local Admins on
their computers (for different purposes but they all have valid reasons
to have it). I would like to find a small solution that would simply
pop up an alert when the user ran any application that they were not
supposed to run. It would be a simple warning that would say, "Here's
our policy and if you would like to install anyway, click OK". And
then I would like it to either log this or email it.

I'm sure that there is something out there that can do this but I have
yet to find it. Any help would be greatly appreciated. Thanks.

-Jesse
 
In
jmiddleton said:
Hi. I'm hoping someone can help me with figuring out a solution to a
problem I have. We have many users who are set as Local Admins on
their computers (for different purposes but they all have valid
reasons to have it). I would like to find a small solution that
would simply pop up an alert when the user ran any application that
they were not supposed to run. It would be a simple warning that
would say, "Here's our policy and if you would like to install
anyway, click OK". And then I would like it to either log this or
email it.

I'm sure that there is something out there that can do this but I have
yet to find it. Any help would be greatly appreciated. Thanks.

-Jesse
Click to expand...

I can't think of any way to do this, but I'll bet there's a workaround for
your users 'needing' admin rights (so you can stop them from installing
stuff they aren't supposed to). There is *rarely* a situation you will
encounter that absolutely requires it....FileMon and RegMon from
www.sysinternals.com should help you find out where your errant software
expects to write to in the file system & registry. And complain to any
software developer whose product 'requires' admin rights to run.

Beyond that, you ought to look into group policy "Software Restriction"
settings for controlling access to applications installed on the
workstation. You can set up a list of allowed applications therein. Be very
careful that you don't lock yourself (or admins!) out when you do this, tho.
 
Well another reason for having this software is so that there are not
hard set restrictions. I want more of an annoyance factor to remind
them about our policy. I'm sure that someone must have used this
method before. It's not just a software reason for having admin, it's
also an ease of managing a computer when they are remote. We can talk
them through control panel changes, etc when something gets messed up.
With 200 sales people worldwide and them not always able to get online
-- this can be helpful.
 
In
jmiddleton said:
Well another reason for having this software is so that there are not
hard set restrictions. I want more of an annoyance factor to remind
them about our policy. I'm sure that someone must have used this
method before. It's not just a software reason for having admin, it's
also an ease of managing a computer when they are remote. We can talk
them through control panel changes, etc when something gets messed up.
With 200 sales people worldwide and them not always able to get online
-- this can be helpful.
Click to expand...

If these are widely scattered/dispersed users, you can't really do much from
a centralized group policy standpoint - so even if you *could* do what you
wish, you couldn't centrally control it. I'd give up on that idea. As far as
remote support is concerned - I know where you're coming from, but another
way to look at it is that a seriously locked down workstation stands a lot
lower chance of needing support ;-)
 
Back
Top