how can I restrict users from installing ...

  • Thread starter Thread starter Kelvin Beaton
  • Start date Start date
K

Kelvin Beaton

How can restrict users from installing things like Yahoo toolbars and the
like?

I'm also having trouble with them installing screensavers.

Any help would be appreciated.

Thanks

Kelvin
 
Kelvin Beaton said:
How can restrict users from installing things like Yahoo
toolbars and the
like?

I'm also having trouble with them installing screensavers.

Any help would be appreciated.

Thanks

Kelvin

Hi,

NTFS is the only way to prevent users from installing. However, you
can run into problems if you are running specific programs.

1> Users need to be "Users" not administrators
2> Use NTFS - Remove the "Everyone Group". Give "Users" Read and
Execute over Everything.
3> Use Mandatory profiles that delete on logoff.

Reply if you need more specific details

Cheers,

Lara
 
Thanks for the reply.
I check the user I was questioning and found she was part of the local
Administrators group. I can't remember why she was setup that way, but have
removed her and we'll see what problems that might cause.

Where can I find info on "Use Mandatory profiles that delete on logoff"? I
have the users accounts set to store on the network. I like this so they can
login anywhere and have their email and documents. I'm not sure I would want
them to delete on logoff.

I'd be curious to hear your thoughts on the profile topic.

Thanks

Kelvin
 
Kelvin Beaton said:
Thanks for the reply.
I check the user I was questioning and found she was part of
the local
Administrators group. I can't remember why she was setup that
way, but have
removed her and we'll see what problems that might cause.

Where can I find info on "Use Mandatory profiles that delete
on logoff"? I
have the users accounts set to store on the network. I like
this so they can
login anywhere and have their email and documents. I'm not
sure I would want
them to delete on logoff.

I'd be curious to hear your thoughts on the profile topic.

Thanks

Kelvin



 > > How can restrict users from installing things like
Yahoo
 > > toolbars and the
 > > like?
 > >
 > > I'm also having trouble with them installing
screensavers.
 > >
 > > Any help would be appreciated.
 > >
 > > Thanks
 > >
 > > Kelvin

Hi,

I use Mandatory Profiles in my Windows 2000 Server. Basically they are
roaming profiles that a user can’t modify. The My Documents is
redirected to a Home Directory share on the server with Group Policy
so it isn’t part of the profile. I redirect the Favourites to the
server share as well using a VBScript or modifying the Mandatory
Profile in regedit.

Basically I create a profile using my directions on my website
http://www.sd61.bc.ca/windows2000/

I then allow "read" only access to the roaming profile and change
the user.dat to user.man. In Active Directory I point the users
profile to the share I created with the profile in it. I use group
policy to redirect the Users home folders. To make any additional
modifications like redirecting the Favourites I open Regedit, do a
"load hive" under HKUsers and then load the user.dat to modify. The
Fav location in in
software-microsoft-windows-currentversion-Explorer-Shell Folders and
User Shell Folders. Eg. I change to H:\

This may be too restrictive for your user though. Removing from admin
group may do the trick. To find out what registry keys and files need
’write’ access for certain programs, I use this cool program called
inctrl5 http://www.sd61.bc.ca/windows2000/downloads/inctrl5.zip to
scan the HD (logged in as admin), run the program, and scan the HD
again recording any files/keys modified.

I have gotten pretty much every program to run under Read Only Access
by simply giving write access to only one or two files or registry
keys. All my users have Read Only on the whole HD.

Cheers,

Lara
 
Back
Top