Prohibiting user software-installation

It is very common to find software on your managed desktop computers that you (the admin) did not put there, because users are very good at figuring out ways to install applications and software that they use at home. Sometimes, this is with good intentions, utilizing an online tool to help their productivity at work, but other times—perhaps most of the time—what you find are apps installed for entertainment purposes. Maybe a user has installed the Chrome browser because your company-issued Internet Explorer is too restrictive for their tastes, or you sit down to troubleshoot a computer only to find a personal Dropbox application or Spotify running in the systray. I am not saying these applications are bad  in fact, I use all three. The scary part of this scenario is that the user was able to download and install these applications in the first place, without administrative input.

There are actually many different places inside Group Policy where software installation restrictions can be put into place, some are vastly more complex than others. If you're interested in diving into one of the more complex ways (which in the end will provide you with more granular control over your restriction policies), make sure to do some additional reading on these topics:

While these technologies can offer comprehensive options for deciding what can or cannot be installed, or even what applications can or cannot be opened on a computer, they are both complex topics that require a bit of research before you will be ready to make use of them. Today we are here to discuss a simpler and more straightforward approach to denying software installations:

Computer Configuration | Policies | Administrative Templates | Windows Components | Windows Installer | Prohibit User Installs

Once enabled, the Prohibit User Installs option is a quick and easy way to stop per-user installs from happening. When an application is installed at the computer level, it is available to all users and so everyone would still have access to run the programs that you have installed at the administrative level. The difference in this setting is that users would be unable to install applications inside their user context, those apps that do not require administrative rights to install and run. Without this setting in place (or one of the other restriction technologies), you will most certainly find applications on your workstations that you did not place there. By enabling Prohibit User Installs, you at least take some initial steps to keep games, entertainment software, and other potentially malicious programs away from your corporate machines.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.93.133