Security Basics mailing list archives
Re: Restricting users fron installing
From: Rob Creely <programmingart () gmail com>
Date: Tue, 20 Jul 2004 00:48:01 -0400
The first thing you should do is remove all users from the local admin groups. Is there a reason they were made local admins(developers, etc..)? If you have many computers, you can probably find or write a script to automate removing your users from the admin group. Having your users run as Restricted User and not Local Admins will prevent them from installing/uninstalling most software, among other dangerous things they can do as Local Admins. You should then look to deploy Group Policy Restrictions. Within Group Policy you can restrict many things, including disabling the Windows Installer and removing the Add/Remove Programs control panel applet. A quick Google Search returned this article on Group Policy Restrictions from Tech Republic: http://techrepublic.com.com/5100-6270-1059493.html. As far as restricting meddling with Norton Anti-virus, it sounds like your running the consumer version of their product. If this is so, you should really consider upgrading to Norton Anti-Virus Corporate Edition. Corporate Edition makes it easy to control your anti-virus organization wide. It has the ability to prevent unloading of services, changing of any settings and even to toggle if the icon is shown next to the clock. Also, you can setup a NAV Parent Server which can download the virus definition updates and distribute them to all your NAV clients. This obviously reduces bandwidth since you don't have every single computer looking to Symantec's servers to pull updates from. Many other antivirus vendors offer similar products such as Computer Associates, F-Prot, and Grisoft to name a few. If your upgrading, you should probably shop around for the best bang for your buck. As for restricting Norton Anti-Virus non-corporate edition, I'm not familiar with or know of any way to prevent user meddling. This is the whole reason they offer a Corporate Edition of their product. Hope this helps. Cheers. --Rob --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Restricting users fron installing Juan B (Jul 19)
- Re: Restricting users fron installing Rob Creely (Jul 20)
- RE: Restricting users fron installing phillip gay (Jul 20)
- <Possible follow-ups>
- RE: Restricting users fron installing Damon Brinkley (Jul 20)
- Re: Restricting users fron installing Greg Lansink (Jul 20)
- RE: Restricting users fron installing Roger A. Grimes (Jul 20)
- RE: Restricting users fron installing Teo Gomez (Jul 21)