Software installation rights
Results 1 to 8 of 8

Thread: Software installation rights

  1. #1
    Junior Member
    Join Date
    May 2003
    Posts
    2

    Software installation rights

    I am a network admin at a manufacture comapny. I have users with W2k and WinXP OS, I often run into users adding little software games and dodas on their computer. I have looked in local security and user rights in the security admin plug in, but I can't seem to find the right setting to enforce the installation rights. can any one help me. Many thanks in advance.

    Chen

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Hire new admin please.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  3. #3
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    Do you have a Server or is it a peer-to-peer environment? If you have a server, you can use Active Directory to restrict installations to admins. If you don't, there's a way to do it (I believe) through the group policy manager. I thought there was a way to do it through the Local Security Policies, but if you can't find it there, I'm probably mistaken.

    AJ

  4. #4
    Junior Member
    Join Date
    May 2003
    Posts
    23
    As avdven mentioned, if you are running in a domain environment (doesn't have to be AD) you can force them to use domain logons rather than local logons. Then delete the local accounts on each machine. Domain accounts cannot install software on local machines unless they have domain admin privileges.

    An alternative is to demote their local user accounts to regular user accounts (for those who are Power Users or local Admins).

    - Qualm

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    As long as you are running a network, you can change the local Admin password on each machine (time consuming, I know), as well as change the rights of the user on each local machine. Just open up Computer Management by right-clicking and choosing Manage for My Computer. Next, right click on the local machine in the left pane and choose to Connect to Remote Computer. Of course, this is only feasible if you have a relatively small network. Qualm is right, if they are not local Admin on the box, then they will not be able to install software. The only thing is that this step alone may be circumvented since some of the users may have changed the local Admin password (if they know how to do so).


    Good luck.
    Opinions are like holes - everybody\'s got\'em.

    Smile

  6. #6
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    There is a nice little security hole in 2000 and XP that will allow a user even if restricted to install 16bit apps through a command prompt. There is a registry key or a Group Policy option to disable this...Google it. You can also pull this off by choosing another install directory other than Program Files sometimes which is usually read only if locked down properly as long as the proggie doesn't dump anything to windows/system32, etc. Good ole Microsoft eh....Happy Locking Down.
    "It is a shame that stupidity is not painful" - Anton LaVey

  7. #7
    Junior Member
    Join Date
    Apr 2003
    Posts
    17
    Download http://www.xteq.com/products/xset/ and hide the drives.

  8. #8
    Junior Member
    Join Date
    May 2003
    Posts
    2
    Thanks guys. Thank you for your answers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •