However, you asked for local group policy information. So, for each machine, add the Group Policy snap-in to an MMC. Open the User Configuration, Administrative Templates node and go to the Windows components, Windows installer node. Select "always install with elevated privileges" and disable. (Note: This will prevent users from installing Windows installer-based applications that require administrator privileges. However, it will not prevent them from copying executable files to their hard drive and installing them.)
In this same node, select Prevent Removable Media, navigate to the Computer Configuration, Administrative templates node and select the Windows components, Windows installer node. Select "always install with elevated privileges" and disable. (Note: This will prevent users from installing Windows installer-based applications that require administrator privileges. However, it will not prevent them from copying executable files to their hard drive and installing them.)
Another setting to use in this same location is Prohibit Patching. (This will prevent adding patches that do not require elevated privileges. By default, users cannot install patches that require elevated privileges.) Use the Prohibit User Installs option to prevent user installs of products. There are some settings, and they will affect administrators.
This was first published in April 2004
Join the conversationComment
Share
Comments
Results
Contribute to the conversation