User Rights

[moram]

Can I stop a single workstation user from being able to install applications, or is there a policy that must be set for all users? If it ain't broken, play with it till it breaks.

 

[kjonnnnn]

If they are only in the USER group, I dont think they can install anything

 

[Fagan]

That's right. On NT you need Admin rights to be able to install most software. Make sure the user does not have admin rights and there's not much they will be able to install.

 

[moram]

Thanks everyone, but will they be able to map drives as "Users"? If it ain't broken, play with it till it breaks.

 

[dsi]

Yes, a user can typically map drives. A user can also try to install software. It may or may not work depending on the install program. I have had several instances where users installed software, even though they were not logged in as admin. Unfortunately, this has caused problems since the install was not completely sucessful because they lacked certain rights. I think that you can completely take away basic rights such as modifying the desktop, but that may be a bit excessive.

 

[CitrixEngineer]

You could also be really cruel and use a policy to only allow them to run specified applications. It takes a bit of tweaking, but you can really tighten up your system this way.

You could include the hide drives feature of the ZAK. That way, a user could map a drive, but wouldn't see it in Network Neighborhood, or My Computer.

As dsi says, you can lock the desktop down as well. Depends how free your company policies are in allowing internal users to break your servers ;-)

Hope this Helps