Coming Soon: GET-IT: Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET-IT: Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Limit Software Installation for End Users

Home Forums Microsoft Networking and Management Services GPO Limit Software Installation for End Users

Viewing 1 post (of 1 total)
  • Author

  • todd231

    Pre Question statement: Most, if not every single one, of the users at all of my clients are local admins on their computers.

    I want to see if I can limit the ability of the end users to install software. I know this can be done a myriad of ways, the easiest and most common is to dump all of the users out of the “Local Admin” group on their computers and put them in a power user type role.

    But, say we don’t do that.. Say we want to keep those users as local admins… My job gets a little tougher.

    I know I can restrict software installation via GPO using things like AppLocker and editing the security levels in Software Restriction Policies.

    I’ve never done that before so I’m not 100% sure it’s going to work as I am planning. Some of the questions I have…

    1) If I use Software Restriction Policies, should I use Computer or User based policies?
    2) Is AppLocker worth setting up? I’ve never used it.
    3) Should I create an OU specific GPO for software restrictions or use the default domain policy, I’m still a little hazy as to whether or not OU overrides default domain…

    Again, and as always, any help or guidance would be greatly appreciated!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: