Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to lock CDrom ?? Prevent software installs ? 11

Status
Not open for further replies.
protos

protos

IS-IT--Management
Apr 28, 2002
127
US
How can you lock the cdrom
so users cannot install software/games

then at the end of the day, uninstall them ??

i need to do this ASAP for 1 user, but probably long term for others later.

thanks

 
Sort by date Sort by votes
If you setup a user account as Restricted user, they cannot install apps. If the answer is here, mark it, others can benefit from it too.
Free Tip: The F1 Key does NOT destroy your PC!
 
Upvote 0 Downvote
how can you change/check that after the fact now ??

thanks
 
Upvote 0 Downvote
i only know this for nt policies applied to 2k clients...

in a policy u can hide drive letters. if u hide the cdrom drive letter and turn off autorun.

i cant see any way of getting to it.

i dont understand this:
"then at the end of the day, uninstall them ??"
===============
Security Forums
 
Upvote 0 Downvote
pctekk, look in Computer Management (Start, Run, compmgmt.msc) at the Users and Groups section. A limited user is listed as 'user', not 'administrator' or 'power user' for more info use XP's Help and Support to look for 'Users and Groups'

browolf, I think he means the users uninstall the game to cover their tracks.
 
Upvote 0 Downvote
You can also accomplish this throug gpedit.msc. Under system policies there is a choice to restrict access to cdrom for local users.

Good luck,
Van
 
Upvote 0 Downvote
thanks gang,
yes at the end of the day, they uninstall it.

I thought there was a way to change the user login
after the fact in the registry to "Restricted User"
 
Upvote 0 Downvote
You don't need to do it in the registry. Use Computer Management, Local Users & Groups. Double click the User account, go to Member Of tab, Add [restricted] User, Remove Power User or Administrator.

Or uset the Group Policy that Vansplatter mentioned.
 
Upvote 0 Downvote
yeah, have to do group policy, because i'm trying to do this Remotely and Descreetly

thanks Gang !!
 
Upvote 0 Downvote
If i set the gpedit.msc for local users, will i be able to use cdrom when i login as Domain Admin(not the local troublemaking user)
:)

???

thanks gang
 
Upvote 0 Downvote
Yes If the answer is here, mark it, others can benefit from it too.
Free Tip: The F1 Key does NOT destroy your PC!
 
Upvote 0 Downvote
Do you have an NT domain or AD domain? Doomhamur
Network Engineer
"Certifications? we dont need no stinking certifiaction."
yahoo IM handle: greater_vortex
 
Upvote 0 Downvote
AD domain

"no stinking certifications" ?
:)
you got it !!
 
Upvote 0 Downvote
then you need to use GPO and group permissions. One way is to make sure the user does not have Administrator from built ins or a group that you created and gave install permision to. Without that they will not be able to install software at all.

Another is in GPO. User Configuration > Administrative Templates > windows components > windows installer > disable media source for any install > set to enable

see Computer Configuration > Administrative Templates > Windows Components > Windows Installer > Enable user to use media source while elevated.

See User Configuration > Administrative Templates > Control Panel > Add/Remove Programs > Hide the "Add a program from CD-ROM or floppy disk"

and get Active Directory Black Book from Coriolis, excelent book Doomhamur
Network Engineer
"Certifications? we dont need no stinking certifiaction."
yahoo IM handle: greater_vortex
 
Upvote 0 Downvote
LOL!! im with GHZ! Fire Them LOL! "Never Argue with an Idiot. They will Lower You to Their Level, Then Beat YOU with Experience"
 
Upvote 0 Downvote
thats the next step :)
we need to catch them in the act, so far its he"re/say/she/say

thanks dudES
 
Upvote 0 Downvote
Click on start | run| type in [control userpasswords2] without the brackets, of course. You can change your user to restricted from here.
 
Upvote 0 Downvote
thanks traycee !!
can u do that remotely though w/out user knowing ?
thats the whole idea

thanks to ALL
 
Upvote 0 Downvote
If you want proof of what someone does, audit logging is your freind.

open the mmc and connect to the pc remotely (you must have domain admin permissions.)

open the local security policy, open the audit policy and enable "privlege use" and "system events". These will tell you if they try to install software. They can also be very verbose so dont let them work for too long without checking (mayber 2 days)

Use the MMC to check the event viewer logs remotely.

Doomhamur
Network Engineer
"Certifications? we dont need no stinking certifiaction."
yahoo IM handle: greater_vortex
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Rick_
  • Locked
  • Question
Reliance Automax Exec V3 software
Replies
6
Views
261
Andrzejek
Andrzejek
pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
238
pjw001
pjw001
Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
364
combo
combo
TrekBiker
  • Locked
  • Question
Version 23H2 preventing full shut down
Replies
5
Views
328
pjw001
pjw001
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
262
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top