Preventing Users From Circumventing Group Policy
Given enough privileges, a user can often circumvent Group Policy restrictions. Here’s what you can do about it.
If users have local admin privileges on their workstations, they can circumvent many Group Policy settings by editing the registry directly (provided they know enough to know where to look in the registry). This is bad news for administrators, and I’m often asked how they can prevent users from doing this. Here’s a way one administrator does it on his network–it might work for you if your needs and environment are similar enough:
- Use software restriction policies to prevent users from running executables in any path except those you specify.
- Use Group Policy to restrict users from accessing the paths to executables in Windows Explorer.
- Use Group Policy to deny users access to the command prompt and regedit.
- Give users read-only mandatory user profiles.
- Use Group Policy to cause users’ computers to forcibly log them off if Group Policy settings are not applied when they log on.
Combining these five restrictions together gives users very little wiggle room for doing things like installing unauthorized apps on their machines.
Article written by MyComputerAid.com
2003 server - Sep 30, 2008 22:34 - 0 Comments
instant messaging srv records
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments
Outlook: Duplicates in Mailbox
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Desktop, Web browsers and Internet, Windows 2000, Windows 7, Windows 98, Windows Firewall and networking, Windows Vista, Windows XP - Feb 8, 2010 18:09 - 0 Comments
Disable Proxy settings in IE
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Leave a Reply
You must be logged in to post a comment.