Security Basics mailing list archives
RE: What is the best way to lock a local box on a network?
From: "Ramsdell, Scott" <Scott.Ramsdell () cellnet com>
Date: Thu, 30 Aug 2007 09:27:43 -0400
Hi Martin, Because AD will elevate the user's rights during installation for assigned and published apps, you can: 1. remove the user from the local admins group, leaving them as a user 2. assign or publish the apps through AD 3. use WSUS to deliver approved (and vetted) patches Kind Regards, Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Martin Tran Sent: Wednesday, August 29, 2007 10:15 AM To: security-basics () securityfocus com Subject: What is the best way to lock a local box on a network? Hi guys, I was wondering the best way to lock a local box. Things such as, 1. Can't install unauthorized programs. 2. But can install programs/softwares on a list that is acceptable. I went to gpedit.msc and gone through the options, but everything seems really cut and dry. For example, If I was to enable an option to stop users from installing unwanted software and user tries to do windows update, it wasn't allowed to proceed with the process saying they needed administration rights to the box. If you guys can shine some light as I continue to do some trial and error on this test box, any suggestions would be great and appreciated! -- Martin Tran
Current thread:
- What is the best way to lock a local box on a network? Martin Tran (Aug 29)
- RE: What is the best way to lock a local box on a network? Ramsdell, Scott (Aug 30)
- RE: What is the best way to lock a local box on a network? peter.schaub (Aug 31)
- <Possible follow-ups>
- Re: What is the best way to lock a local box on a network? jasonr_22 (Aug 30)