Archived from groups: microsoft.public.win2000.group_policy (
More info?)
Also if the users are not local admins on the computers, they will not be
able to install said software.
I haven't looked at the software restriction policies yet, but heard it was
possible to just list programs of an unacceptable name to run. For
instance, could you just enter "setup.exe" as an 'unacceptable name' ?
Also... I was under the impression that software restriction policies could
only be applied to XP machines (2000 will ignore)? I may have just misread,
and it's supposed to read "(in Windows 2000 Server)"... I read it as Pro.
HTH
Ken
"Andrew Mitchell" <amitchell@removecasey.vic.gov.au> wrote in message
news:Xns957B9755E02Bcasey01@207.46.248.16...
> "Emiliano G. Estevez" <eestevez@sistran.com.ar> said
>
> > Hi,
> >
> > I like to build a software restriction policy that prevents all users
> > from running software like ie (Kazaa; Soulseek, and other applications)
> > but because this applications can be installed in any drive in any
> > folder I can build a proper path, because if the users install the app
> > in a folder different than the one I enter the application will run
> > anyway. Any comments about this will be appreciate.
> >
>
> Software restrictions by themselved (in Windows 2000) will not achieve
this
> but when combined with proper NTFS permissions it can be done.
>
> 1. Install all 'approved' applications into the 'program files' directory,
> then set permissions on this directory so that users cannot create
> directories or files here (or in subdirectories)
> 2. Create your software restriction policies as follows:
> Default policy - Deny
> Windows directory and subdirectories - Unrestricted
> Program files directory - Unrestricted
> *.lnk *.pif and *.url - Unrestricted
>
> This means that even if users copy an executable to another location, it
> won't run. Shortcuts will work fine though.
>
> You will probably need to fine tune the software restriction policy but
you
> should get the general idea.
>
> --
> Andy.