General discussion

  • Creator
    Topic
  • #2304368

    deny users access to local disks

    Locked

    by kez_97 ·

    i have a problem where users are installing games and other programs on work machines i’m sick of re formatting the damn things all use win 2k pro but i have so far been unsuccesful in denying access to local drives and settings e.g. control panel etc i know in nt you can make “dumb” accounts but 2k allows too much access to the settings for my liking some help please people!

    thanks

    Scott

All Comments

  • Author
    Replies
    • #2739720

      Reply To: deny users access to local disks

      by voldar ·

      In reply to deny users access to local disks

      Hmmm .. you said you have problems with user installing programs and games. I sugest you to make them simple users in your domain (they don’t have the right to install programs on their computers), change the local administrator password and never give it to anyone. That’s it! If the users have to share folders so that they can communicate – create only one folder in each user computer – under the local administrator account – and share it and that’s it.

      • #2738822

        Reply To: deny users access to local disks

        by voldar ·

        In reply to Reply To: deny users access to local disks

        And because you said they are using laptops – you can create on each laptop a profile that is not using the CD-ROM and make it the default profile. Then you make the users on the laptop part of simple users (and they again – have no rights to modify or install anything else). What I said before, about the domain users is applied also for local users.

    • #2739705

      Reply To: deny users access to local disks

      by cg it ·

      In reply to deny users access to local disks

      Viadolar has it, but most users don’t need a CD Rom to do their work. Just remove the CD Rom [same with the floppy drive] or take the data cable off.

    • #2739645

      Reply To: deny users access to local disks

      by jeaster ·

      In reply to deny users access to local disks

      Assuming you are using a domain, you can also use group policy to hide control panel, the local disks, and limit what programs a user can actually run.

    • #2739637

      Reply To: deny users access to local disks

      by budthegrey ·

      In reply to deny users access to local disks

      All the above selections are perfectly viable. If you want to be even more heavy handed, you could purchase and install a program like:
      Deep Freeze (http://www.deepfreezeusa.com),

      Fool-Proof (http://www.smartstuff.com/fps/fpsinfo.html), or

      Clean Slate (http://www.fortres.com/products/cleanslate.htm)

      All of which protect the computer by returning it to a known state at power-up, un-doing any changes made by the user. At least one of them (FoolProof, I think) can lock down so hard that a “no-no” message is displayed if the users tries to drag a icon to a different area on the desktop.

      All a matter of how far you want to go…

    • #2738500

      Reply To: deny users access to local disks

      by abubin ·

      In reply to deny users access to local disks

      i think method will work but method 4 is a little extreme especially when you have to pay extra to handle things.

      To add to those already good suggestions, here is what I would do (to make my life easy) :

      Leave the cdrom in the system but disable it. either through hardware like disabling the secondary ide or through computer management (under removable storage) in each PC.

      Or you can use group policy. Under group policy, you can make all CDROM as D drive and then disable access to D drive. OR you can specify to disallow installation of program from removable drives under “windows installer” group policy. But then this does not mean they can’t copy the installation to HDD and then install from there.

      I guess it all depends on how extreme you want to implement the policies. If the network is small, my preference would be to limit the cdrom access only to administrators. That way, if the users really need to use the cdrom, they just give you a call and you use “run as…” to give temporary access until the logoff.

      If you have large clients, the best method is to use group policy but as you know group policy takes time. But then really have few methods to implement this. For example, you can allow only certain person to use cdrom (someone you can trust or manager). This cdrom is shared among a few person maybe among same deparment. So, blame it on this person if you find that department is playing games.

      Hope it helps…

    • #2738364

      Reply To: deny users access to local disks

      by tink56 ·

      In reply to deny users access to local disks

      We resolved the problem completely by incorporating statements in our Information Security Policy that say before any software is installed on a PC you must get the approval of the IT department.

      This not only prevents games and such from being installed; it protects us from unlicensed software being installed which creates a liability for the company.

      All employees receive the policy when they are hired. I follow up with new employees a month later to see if they have any questions. Once a year, employees are encouraged to reveiw the policies and if any changes are made, everyone is required to read them and sign a statement saying they understand them.

      If you violate the policy it could be grounds for termination. I developed all my policies for computer, internet and email use using some of the resources and downloads available on this site.

    • #2738946

      Reply To: deny users access to local disks

      by kez_97 ·

      In reply to deny users access to local disks

      thanks for all the advice but the problem is they are laptops so are not always connected to the network meaning domain groups and rights need to work away from the office as well as in it i’m still stuck!

    • #2738898

      Reply To: deny users access to local disks

      by montelski ·

      In reply to deny users access to local disks

      Have you tried to logon to the laptops as admin and set the user rights at the pc level ? Rights don’t have to be administerd across a domain. They can be restricted at the pc for the user and/or user groups. You can tighten them down pretty tight.

      • #2738896

        Reply To: deny users access to local disks

        by montelski ·

        In reply to Reply To: deny users access to local disks

        As Theresa said, that is good policy. I know people that have lost their jobs because the installed unauthorized software.

    • #2738776

      Reply To: deny users access to local disks

      by kez_97 ·

      In reply to deny users access to local disks

      the problem i hve is as follows. after much messing and fiddling with share permissions i can’t stop the user accessing the cd rom and floppy drives as soon as you put in a cd it autostarts or you can run it from explorer i would like to set it so they get a flat no access message or your administrator has not given you access to this as it used to be in windows nt as i remember it working but can’t for the life of me remember how we went about it. This is a pressure from the top problem so a speedy solution would be much appreciated.

      thanks guys

      Scott

    • #2694856

      Reply To: deny users access to local disks

      by ttct ·

      In reply to deny users access to local disks

      AHey dody, i run into the same issues until I installed GoBack find out more about this program at Symantec’s website. Also DipFreeze would do it. These are imaging applications that restore the original settings everytime a reboot occurs.

      Good luck.

      Fredy

Viewing 9 reply threads