You can make sure that the user in a group that has no or deny permissions
to the folders that the applications reside in. For instance you could give
the guest and/or guests group full deny permissions to program
files\sensitive application folder for full control. If a user is in a group
that does not have any permissions to an application/executable then they
have an implicit deny permission. What I would do is to logon as that
account or as a user in that group to make sure that the user can not access
the application. The best solution is to not let the user logon to or be
able to access the computer if it has sensitive applications if possible. Be
careful with deny permissions and keep in mind that administrators are also
members of the users and everyone groups. --- Steve
In addition to the Always Sage Steven's reply - applications aren't
sensitive. The DATA they create & access is.
Lock that down securely, ideally not even on the computer itself, but on a
properly configured server located in a locked room - and who really cares
if someone can launch an executable?
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.