You should be able to configure the software to run as a regular user by
modifying the ntfs permissions and possibly registry permissions to be what
a power user has for that application by starting with the folder where the
application is [probably under program folders] and also checking the all
users profile for the application data folder and a subfolder used by the
application for the application. There is also a security template called
compatws.inf that can be imported via Local Security Policy though it would
give the users excessive permissions in my opinion. Beyond that you can
implement Software Restriction Policies in XP Pro to very effectively
restrict a user with the proper hash or path rules. Just keep in mind that
..lnk shortcuts such as the desktop are considered restricted by SRP. For any
XP SP2 computers the Shared Computer Toolkit free from MS is something to
look at and it does enable a version of SRP for XP Home which is really
great. The links below may help. --- Steve
http://www.microsoft.com/resources/...windows/xp/all/reskit/en-us/prdd_sec_umgs.asp
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- SRP
http://www.microsoft.com/windowsxp/sharedaccess/overview.mspx -- Shared
computer toolkit.
Crystal said:
We are in a Workgroup environment and using XP SP2. I have to give my
users
Power Users rights otherwise some software like Citrix client cannot run.
However, with Power Users right they can still install some small software
(not big one) like google I.E. tool bar, chat software, and etc. I wonder
if
anyone can tell me how to deprive Power Users of the rights to install any
software? Thanks.
