Restricting access to program installation

  • Thread starter Thread starter Jamie
  • Start date Start date
J

Jamie

Hi, I do a lot of network installations at nursing homes.
The maintenance problems that have ocurred have always
been due to someone installing a program like a firewall
program. Is there a way to restrict programs from being
installed all together to avoid conflicts. I hate
continuing to charge these homes for something that could
be prevented.

Thanks,
Jamie
 
It is hard to totaly stop. First off, if they have access other than
regular user it will be very difficult. Assuming that they have only regular
user access, be sure to restrict ntfs permissions on the root/drive folder
to be no more than read/list/execute for the users and everyone group being
sure to check the advanced permissions page. You can also configure Group
Policy [gpedit.msc] to configure "don't run specified Windows programs" [see
link below] in a domain or on local computers. Entering install.exe,
setup.exe, etc., may help prevent installing software assuming a user does
not rename the executable to bypass policy. Keep in mind that doing such on
a stand alone machine will apply to all users including administrators
although an administrator can temporily disable the setting to install
software. Windows XP Pro has the very powerful Software Restriction Policies
[second link below] that can lock a computer down using
hash/certificate/path rules which can also exempt local administrators via
the enforcement rule. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
http://support.microsoft.com/?kbid=310791
 
You can use the local group policy to restrict program loads. Go to Start/run. Type in GPEDIT.MSC. Under User Configuration, Administrator Templates there are several ways to either remove or lock down the users ability to install programs.
 
Back
Top