Limit Software Installation for End Users

Home Forums Microsoft Networking and Management Services GPO Limit Software Installation for End Users

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    Pre Question statement: Most, if not every single one, of the users at all of my clients are local admins on their computers.

    I want to see if I can limit the ability of the end users to install software. I know this can be done a myriad of ways, the easiest and most common is to dump all of the users out of the “Local Admin” group on their computers and put them in a power user type role.

    But, say we don’t do that.. Say we want to keep those users as local admins… My job gets a little tougher.

    I know I can restrict software installation via GPO using things like AppLocker and editing the security levels in Software Restriction Policies.

    I’ve never done that before so I’m not 100% sure it’s going to work as I am planning. Some of the questions I have…

    1) If I use Software Restriction Policies, should I use Computer or User based policies?
    2) Is AppLocker worth setting up? I’ve never used it.
    3) Should I create an OU specific GPO for software restrictions or use the default domain policy, I’m still a little hazy as to whether or not OU overrides default domain…

    Again, and as always, any help or guidance would be greatly appreciated!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.