Hi DinhDuy, and all
- I deploy Power Users rights to all users in my Domain. - After deploying, everyone can setup software on their computer, so I want to prevent this action. How can I do that?
Here's the best solution to this problem (flame sheilds up): 1. Prevent your users from running as power users. Giving a user power user rights on a desktop is akin to giving them administrator privileges. Here's how this kind of thing typically plays out: 1. You give your users Power User rights. 2. You want to lock down a specific aspect (such as installing software) 3. You invest large amounts of time/money obtaining a "solution" and making it "work" 4. Your users find some (not very difficult) way around this "solution" 5. Repeat steps 3 and 4 ad infinitum. Take the time to work out how enable your users to work as members of the users group, and you'll save a significant amount of time in the long run. You *could* always enable software restriction policies make the default policy "disallowed" and then enable access to *only* those apps you need to run, but your users will likely work out that they can get around this with admin rights in short order - and the process is quite tedious and very very difficult. Option 1 is undoubtedly the way to go on this. -- MacLeonard Starkey CISSP, MCSA Email: winsec@xxxxxxxxx *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************