Some things to try.
1. Make sure they are only regular users.
2. Make sure that everyone/users have no more than read/list/execute
permissions to the root/drive folder and be sure to check advanced
permissions also.
3. You might try changing the ntfs permissions to the profile under
documents and settings using special permissions to deny them creating new
folders for apply onto "folders and subfolders". It will make it more
difficult for them to install software in their profiles as many
applications will try to create a folder during the install.
4. In Internet Explorer configure the internet zone properties to not allow
downloads. You will have to configure local Group Policy so they can not
access those settings.
5. Consider a personal firewall so that they can only use authorized
applications for the internet such as Internet Explorer and not other
browsers or things like kazzaa.
6. Use local Group policy via gpedit.msc. Keep in mind that local Group
Policy will apply to ALL users on a computer by default. Administrators can
still manage a computer locked down via Group Plicy remotely however while
logged onto another network computer with admin credentials on the target
computer via mmc Group Policy snapin and select "other computer" In local GP
go to user configuration/administrative templates/system where you can
populate the disallowed Windows Applications list [after reading the full
explaination of the setting]. I would put minimum of command.com, setup.exe,
and install.exe in that list. You may also want to disable the command
prompt and registry editing while there. Good luck. In extreme cases you may
want to lock the computer down with the "allow only" list of Windows
Applications. That setting FYI will allow a user to logon to a computer and
not do much else if that setting is enabled but no entries are in the
st. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;323525 --- use GP
to restrict software applications.
