Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Users are able to install programs on 2003 domain 2

Status
Not open for further replies.
kulakat

kulakat

Technical User
Nov 20, 2003
4
0
0
GB
I have installed a windows server operating system and applied a gpo to a group of users which greatly restricts them.(ie no control panel no run command etc.)However i must have done something wrong as all these users are able to install programs. I thought by default users are restricted this ability. But I cannot see why they are able to do this.

I have disabled the gpo and this makes no difference to their ability to install progs. When gpo enabled all gpo restrictions seem ok.
Any ideas on what i should be looking for?
 
Sort by date Sort by votes
Software restriction policy

Lars

Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
Yes, I have heard of this but I did not think i needed to set this up as users are not supposed to be able to install by default.
I was hoping for an answer that might shed some light on why users can install??
I.e maybe i've given them rights somehow but don't realise etc..

Could I deny them admin rights ??
would that be an option.
 
Upvote 0 Downvote
Are you saying that you've given all users admin rights? If so then that is why they can install apps amongst other things. End users should never have admin rights to the domain, we don't even give them local admin rights to their PC's.

-------------------------------

If it doesn't leak oil it must be empty!!
 
Upvote 0 Downvote
Of course i haven't - i don't know why they have ability to install stuff - thats why I'm asking the question.

 
Upvote 0 Downvote
Group Policy - Windows Components
Windows Installer
* 'Always install with elevated privileges' will ensure that programs will install properly without you having to logon as administrator. I have seen administrators placing users in powerful administrative groups, just because they did not know about this elevated privilege setting.
Trap: 'Elevated privileges' must also be enabled in the Computer Configuration for it to be effective.
 
Upvote 0 Downvote
It sounds like they have either admin privs to the domain or at least admin privs to their local pc. - Are you sure these guys dont know the admin pwd you are using or at least someone who does ?

Someone could have made them admin/power user etc on their local machine
 
Upvote 0 Downvote
The users either have admin rights or power user rights on the local station. Power users have write access to the Program Files directory and some areas of the Windows directory, this allows them to install some applications.

You can use the restricted groups feature to remove any accounts from the local admins group and keep it that way.

 
Upvote 0 Downvote
It was admin rights on local pcs...
Domain users were part of administrators

Thx for all replies
I thought it would be a simple one but just couldn't locate it. Was having a bad day...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
181
goombawaho
goombawaho
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
132
gbaughma
gbaughma
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
80
ADB100
ADB100
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
90
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
107
microsGuy16
microsGuy16

Part and Inventory Search

Sponsor

Back
Top