Just so you know they are only domain users not admins. -----Original Message----- From: Frank Monroe [mailto:Frank.Monroe@xxxxxxxxxxx] Sent: Thursday, September 09, 2004 9:18 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Users installing programs Yes. But, if he is adding his users as administrators, this entire thread is moot. -----Original Message----- From: Joel Stolk [mailto:JStolk@xxxxxxxxxxxxxxxx] Sent: Thursday, September 09, 2004 10:04 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Users installing programs It will run for admins if you enable the policy setting to do so. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Abshire Sent: Thursday, September 09, 2004 8:55 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Users installing programs Good point. -----Original Message----- From: Frank Monroe [mailto:Frank.Monroe@xxxxxxxxxxx] Sent: Thursday, September 09, 2004 8:37 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: Users installing programs Keep in mind, Windows Installer doesn't run in a terminal server session, so if stuff is being installed, its not via windows installer anyway. -----Original Message----- From: Jim Abshire [mailto:Jim.Abshire@xxxxxxxxxxx] Sent: Thursday, September 09, 2004 9:30 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Users installing programs Thanks Joel but I checked and that policy is already in place, enabled. I'm thinking about looking into the HKLM read only and the Full Security mode that a couple of people have requested. My concerns are other programs such as Office and Adobe will not work. -----Original Message----- From: Joel Stolk [mailto:JStolk@xxxxxxxxxxxxxxxx] Sent: Wednesday, September 08, 2004 4:59 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Users installing programs The locations are: Computer Settings/Windows Components/Windows Installer/Policy Setting/Prohibit User Installs User Settings/Windows Components/Internet Explorer/Browser menus/Disable Save this program to disk These come from the out of box ADM templates that come with the GPMC with SP1 from Microsoft. If you need the GPMC go to http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4 B35-9272-DD3CBFC81887 <http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD- 4B35-9272-DD3CBFC81887&displaylang=en> &displaylang=en -Joel _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Abshire Sent: Wednesday, September 08, 2004 4:46 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Users installing programs I have searched the GPO but cannot find either of these policies, is there a specific .adm I need to load? -----Original Message----- From: Joel Stolk [mailto:JStolk@xxxxxxxxxxxxxxxx] Sent: Wednesday, September 08, 2004 4:43 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Users installing programs One quick tip I can think of is to change the permissions in the registry on the HKLM\Software key to read only for the users. A lot of program installs will fail and/or not execute if they cannot write information to this key. Also, a GPO or local policy to Prohibit User Installs (under Computer Configuration) could help. Additionally, use a GPO or local policy to not allow downloads from Internet Explorer. -Joel _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Abshire Sent: Wednesday, September 08, 2004 2:54 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Users installing programs I have a question, I work for a property management company and we provide Internet via Citrix to students. I have tried desperately to lock down the servers but they seem to still be able to install Internet based programs, (e.g. AOL instant messenger, Poker Party, etc) to name a few. Is there a way to lock the server down tight so this cannot continue without prohibiting the users to run necessary programs such as Office? Jim Abshire Network Administrator Dinerstein Management 713-570-0373 ++++++CONFIDENTIALITY NOTICE++++++ The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ++++++CONFIDENTIALITY NOTICE++++++ The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ++++++CONFIDENTIALITY NOTICE++++++ The information in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email and its attachments, if any, or the information contained herein is prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system.