General discussion
-
CreatorTopic
-
August 9, 2003 at 3:58 am #2304368
deny users access to local disks
Lockedby kez_97 · about 18 years, 9 months ago
i have a problem where users are installing games and other programs on work machines i’m sick of re formatting the damn things all use win 2k pro but i have so far been unsuccesful in denying access to local drives and settings e.g. control panel etc i know in nt you can make “dumb” accounts but 2k allows too much access to the settings for my liking some help please people!
thanks
Scott
This conversation is currently closed to new comments. -
CreatorTopic
All Comments
-
AuthorReplies
-
-
August 9, 2003 at 7:34 am #2739720
Reply To: deny users access to local disks
by voldar · about 18 years, 9 months ago
In reply to deny users access to local disks
Hmmm .. you said you have problems with user installing programs and games. I sugest you to make them simple users in your domain (they don’t have the right to install programs on their computers), change the local administrator password and never give it to anyone. That’s it! If the users have to share folders so that they can communicate – create only one folder in each user computer – under the local administrator account – and share it and that’s it.
-
August 12, 2003 at 9:23 pm #2738822
Reply To: deny users access to local disks
by voldar · about 18 years, 9 months ago
In reply to Reply To: deny users access to local disks
And because you said they are using laptops – you can create on each laptop a profile that is not using the CD-ROM and make it the default profile. Then you make the users on the laptop part of simple users (and they again – have no rights to modify or install anything else). What I said before, about the domain users is applied also for local users.
-
-
August 9, 2003 at 10:51 am #2739705
Reply To: deny users access to local disks
by cg it · about 18 years, 9 months ago
In reply to deny users access to local disks
Viadolar has it, but most users don’t need a CD Rom to do their work. Just remove the CD Rom [same with the floppy drive] or take the data cable off.
-
August 10, 2003 at 8:31 am #2739645
Reply To: deny users access to local disks
by jeaster · about 18 years, 9 months ago
In reply to deny users access to local disks
Assuming you are using a domain, you can also use group policy to hide control panel, the local disks, and limit what programs a user can actually run.
-
August 10, 2003 at 10:13 am #2739637
Reply To: deny users access to local disks
by budthegrey · about 18 years, 9 months ago
In reply to deny users access to local disks
All the above selections are perfectly viable. If you want to be even more heavy handed, you could purchase and install a program like:
Deep Freeze (http://www.deepfreezeusa.com),Fool-Proof (http://www.smartstuff.com/fps/fpsinfo.html), or
Clean Slate (http://www.fortres.com/products/cleanslate.htm)
All of which protect the computer by returning it to a known state at power-up, un-doing any changes made by the user. At least one of them (FoolProof, I think) can lock down so hard that a “no-no” message is displayed if the users tries to drag a icon to a different area on the desktop.
All a matter of how far you want to go…
-
August 11, 2003 at 8:42 pm #2738500
Reply To: deny users access to local disks
by abubin · about 18 years, 9 months ago
In reply to deny users access to local disks
i think method will work but method 4 is a little extreme especially when you have to pay extra to handle things.
To add to those already good suggestions, here is what I would do (to make my life easy) :
Leave the cdrom in the system but disable it. either through hardware like disabling the secondary ide or through computer management (under removable storage) in each PC.
Or you can use group policy. Under group policy, you can make all CDROM as D drive and then disable access to D drive. OR you can specify to disallow installation of program from removable drives under “windows installer” group policy. But then this does not mean they can’t copy the installation to HDD and then install from there.
I guess it all depends on how extreme you want to implement the policies. If the network is small, my preference would be to limit the cdrom access only to administrators. That way, if the users really need to use the cdrom, they just give you a call and you use “run as…” to give temporary access until the logoff.
If you have large clients, the best method is to use group policy but as you know group policy takes time. But then really have few methods to implement this. For example, you can allow only certain person to use cdrom (someone you can trust or manager). This cdrom is shared among a few person maybe among same deparment. So, blame it on this person if you find that department is playing games.
Hope it helps…
-
August 12, 2003 at 9:54 am #2738364
Reply To: deny users access to local disks
by tink56 · about 18 years, 9 months ago
In reply to deny users access to local disks
We resolved the problem completely by incorporating statements in our Information Security Policy that say before any software is installed on a PC you must get the approval of the IT department.
This not only prevents games and such from being installed; it protects us from unlicensed software being installed which creates a liability for the company.
All employees receive the policy when they are hired. I follow up with new employees a month later to see if they have any questions. Once a year, employees are encouraged to reveiw the policies and if any changes are made, everyone is required to read them and sign a statement saying they understand them.
If you violate the policy it could be grounds for termination. I developed all my policies for computer, internet and email use using some of the resources and downloads available on this site.
-
August 12, 2003 at 2:29 pm #2738946
Reply To: deny users access to local disks
by kez_97 · about 18 years, 9 months ago
In reply to deny users access to local disks
thanks for all the advice but the problem is they are laptops so are not always connected to the network meaning domain groups and rights need to work away from the office as well as in it i’m still stuck!
-
August 12, 2003 at 4:38 pm #2738898
Reply To: deny users access to local disks
by montelski · about 18 years, 9 months ago
In reply to deny users access to local disks
Have you tried to logon to the laptops as admin and set the user rights at the pc level ? Rights don’t have to be administerd across a domain. They can be restricted at the pc for the user and/or user groups. You can tighten them down pretty tight.
-
August 12, 2003 at 4:40 pm #2738896
Reply To: deny users access to local disks
by montelski · about 18 years, 9 months ago
In reply to Reply To: deny users access to local disks
As Theresa said, that is good policy. I know people that have lost their jobs because the installed unauthorized software.
-
-
August 13, 2003 at 3:24 am #2738776
Reply To: deny users access to local disks
by kez_97 · about 18 years, 9 months ago
In reply to deny users access to local disks
the problem i hve is as follows. after much messing and fiddling with share permissions i can’t stop the user accessing the cd rom and floppy drives as soon as you put in a cd it autostarts or you can run it from explorer i would like to set it so they get a flat no access message or your administrator has not given you access to this as it used to be in windows nt as i remember it working but can’t for the life of me remember how we went about it. This is a pressure from the top problem so a speedy solution would be much appreciated.
thanks guys
Scott
-
March 30, 2004 at 8:05 am #2694856
Reply To: deny users access to local disks
by ttct · about 18 years, 1 month ago
In reply to deny users access to local disks
AHey dody, i run into the same issues until I installed GoBack find out more about this program at Symantec’s website. Also DipFreeze would do it. These are imaging applications that restore the original settings everytime a reboot occurs.
Good luck.
Fredy
-
-
AuthorReplies
