-3

I am trying to apply below scenario, could you please help me out.

  1. In my environment all users are having administrative right on their respective workstation, i am trying to prevent them from installing any software's without knowing me.
  2. If they attempt to install any software there should be pop up message like this : “Your system administrator has disabled the option to install any software on this computer as per policy”
  3. Users can install only Microsoft and Antivirus updates.
  4. Only specific people can install the SW on machine's.

How can i achieve the above points.

Thanks Avinash Udwant

Avinash Udawant
  • 1
  • 3
    Stop giving them all admin rights? – ceejayoz Oct 18 '16 at 16:05
  • we tried it but they can not runn programs like SQL server, visual studio. – Avinash Udawant Oct 18 '16 at 16:11
  • 4
    Anyone who's competent enough to manage SQL Server and Visual Studio should be able to take basic instructions from management like "don't install shit". If they can't, refer them to HR for remedial training and/or consequences. – ceejayoz Oct 18 '16 at 16:15
  • 1
    Capital punishment is the only effective solution. When someone installs something they're not supposed to, kill them. Problem solved, no one will install software twice. – HopelessN00b Oct 18 '16 at 16:58

1 Answers1

3

You don't have a real technical problem but an organisational problem. There is no technical solution that fixes those...

Your staff need to be made aware what consists acceptable use of their admin privileges. Those are a indeed privilege that can and will be revoked if abused.
Then you audit.
Active measures by your users to prevent auditing are not acceptable.

If people can't handle admin rights and still follow policy either their admin rights need to go, or the people need to go.

HBruijn
  • 77,029
  • 24
  • 135
  • 201