|
Posted by <param on July 27, 2005, 10:16 pm
Please log in for more thread options How would I go about setting up an OU and will that new OU disrupt my SBS
configuration? I know SBS does a bunch of unique A/D stuff..
TIA!
> Nathan is correct, that if you client machines are XP at a relatively
> native state as per initial install, then just making the domain users
> log in as on Users group members will go a long way to restricting
> their install capabilities (not stop it totally however).
> The main vehicle today to go the next step is the same software
> restriction policies you have been trying. Just take a machine in
> a new test OU, a test domain user account also in the OU, and
> evolve your software restrictions in a new GPO that is linked to
> that test OU. When you get the desired result, link the GPO to
> the OU that holds the real client machines.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)
> MCDBA, MCSE W2k3+W2k+Nt4
>> Hi all,
>>
>> We run a single Server 2003 domain running on SBS2003. What I want to do
>> is restrict users from installing programs on their machine. If they want
>> to install a program they would have to call an Admin to do it. Ideally,
>> it would be nice if I can have an approved list of programs that they can
>> install, and anything not in the list they would have to contact an
>> admin. Any suggestions/best practices on this? I have tried messing with
>> the Software Restriction Policies in the gpedit tool, but that ended up
>> giving all kinds of errors on the machines including error messages when
>> Outlook was opened. Probably because of Adobe Professional plugins that
>> get installed into Outlook & Office products.
>>
>> thanks!
>>
>
>
| 
XML Sitemap