How to deprive Power Users of the rights to install any software

G

Guest

We are in a Workgroup environment and using XP SP2. I have to give my users
Power Users rights otherwise some software like Citrix client cannot run.
However, with Power Users right they can still install some small software
(not big one) like google I.E. tool bar, chat software, and etc. I wonder if
anyone can tell me how to deprive Power Users of the rights to install any
software? Thanks.
 
S

Steven L Umbach

You should be able to configure the software to run as a regular user by
modifying the ntfs permissions and possibly registry permissions to be what
a power user has for that application by starting with the folder where the
application is [probably under program folders] and also checking the all
users profile for the application data folder and a subfolder used by the
application for the application. There is also a security template called
compatws.inf that can be imported via Local Security Policy though it would
give the users excessive permissions in my opinion. Beyond that you can
implement Software Restriction Policies in XP Pro to very effectively
restrict a user with the proper hash or path rules. Just keep in mind that
..lnk shortcuts such as the desktop are considered restricted by SRP. For any
XP SP2 computers the Shared Computer Toolkit free from MS is something to
look at and it does enable a version of SRP for XP Home which is really
great. The links below may help. --- Steve

http://www.microsoft.com/resources/...windows/xp/all/reskit/en-us/prdd_sec_umgs.asp

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- SRP
http://www.microsoft.com/windowsxp/sharedaccess/overview.mspx -- Shared
computer toolkit.
 
G

Guest

These information are very educational and helpful. I've finally sorted out
my problem!

Steven L Umbach said:
You should be able to configure the software to run as a regular user by
modifying the ntfs permissions and possibly registry permissions to be what
a power user has for that application by starting with the folder where the
application is [probably under program folders] and also checking the all
users profile for the application data folder and a subfolder used by the
application for the application. There is also a security template called
compatws.inf that can be imported via Local Security Policy though it would
give the users excessive permissions in my opinion. Beyond that you can
implement Software Restriction Policies in XP Pro to very effectively
restrict a user with the proper hash or path rules. Just keep in mind that
..lnk shortcuts such as the desktop are considered restricted by SRP. For any
XP SP2 computers the Shared Computer Toolkit free from MS is something to
look at and it does enable a version of SRP for XP Home which is really
great. The links below may help. --- Steve

http://www.microsoft.com/resources/...windows/xp/all/reskit/en-us/prdd_sec_umgs.asp

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- SRP
http://www.microsoft.com/windowsxp/sharedaccess/overview.mspx -- Shared
computer toolkit.

Crystal said:
We are in a Workgroup environment and using XP SP2. I have to give my
users
Power Users rights otherwise some software like Citrix client cannot run.
However, with Power Users right they can still install some small software
(not big one) like google I.E. tool bar, chat software, and etc. I wonder
if
anyone can tell me how to deprive Power Users of the rights to install any
software? Thanks.
Click to expand...
Click to expand...
 
G

Guest

how exactly did you go about it then? thanks.

Crystal said:
These information are very educational and helpful. I've finally sorted out
my problem!

Steven L Umbach said:
You should be able to configure the software to run as a regular user by
modifying the ntfs permissions and possibly registry permissions to be what
a power user has for that application by starting with the folder where the
application is [probably under program folders] and also checking the all
users profile for the application data folder and a subfolder used by the
application for the application. There is also a security template called
compatws.inf that can be imported via Local Security Policy though it would
give the users excessive permissions in my opinion. Beyond that you can
implement Software Restriction Policies in XP Pro to very effectively
restrict a user with the proper hash or path rules. Just keep in mind that
..lnk shortcuts such as the desktop are considered restricted by SRP. For any
XP SP2 computers the Shared Computer Toolkit free from MS is something to
look at and it does enable a version of SRP for XP Home which is really
great. The links below may help. --- Steve

http://www.microsoft.com/resources/...windows/xp/all/reskit/en-us/prdd_sec_umgs.asp

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- SRP
http://www.microsoft.com/windowsxp/sharedaccess/overview.mspx -- Shared
computer toolkit.

Crystal said:
We are in a Workgroup environment and using XP SP2. I have to give my
users
Power Users rights otherwise some software like Citrix client cannot run.
However, with Power Users right they can still install some small software
(not big one) like google I.E. tool bar, chat software, and etc. I wonder
if
anyone can tell me how to deprive Power Users of the rights to install any
software? Thanks.
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remove permissions to install software from Power Users group 5
User Rights Install Fonts? 1
Running programs with Admin-Rights 6
How to allow user to install the printer& fax drivers but not software 3
Granting permission rights to Power users to modify Environment Variables 8
Editing user rights 2
Modifiying power users rights. 1
Need help on Power users to install software 3

Top