Re: Restricting users fron installing

[Rob Creely <programmingart () gmail com>]

The first thing you should do is remove all users from the local admin
groups.  Is there a reason they were made local admins(developers,
etc..)?  If you have many computers, you can probably find or write a
script to automate removing your users from the admin group.  Having
your users run as Restricted User and not Local Admins will prevent
them from installing/uninstalling most software, among other dangerous
things they can do as Local Admins.

You should then look to deploy Group Policy Restrictions.  Within
Group Policy you can restrict many things, including disabling the
Windows Installer and removing the Add/Remove Programs control panel
applet.  A quick Google Search returned this article on Group Policy
Restrictions from Tech Republic:
http://techrepublic.com.com/5100-6270-1059493.html.

As far as restricting meddling with Norton Anti-virus, it sounds like
your running the consumer version of their product.  If this is so,
you should really consider upgrading to Norton Anti-Virus Corporate
Edition.  Corporate Edition makes it easy to control your anti-virus
organization wide.  It has the ability to prevent unloading of
services, changing of any settings and even to toggle if the icon is
shown next to the clock.  Also, you can setup a NAV Parent Server
which can download the virus definition updates and distribute them to
all your NAV clients.  This obviously reduces bandwidth since you
don't have every single computer looking to Symantec's servers to pull
updates from. Many other antivirus vendors offer similar products such
as Computer Associates, F-Prot, and Grisoft to name a few.  If your
upgrading, you should probably shop around for the best bang for your
buck.

As for restricting Norton Anti-Virus non-corporate edition, I'm not
familiar with or know of any way to prevent user meddling.  This is
the whole reason they offer a Corporate Edition of their product.

Hope this helps.

Cheers.

--Rob

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------