Ask the Expert

Preventing users from deactivating the Device Lock features

I am aware that a user should be assigned to relevant user groups like 'Authenticated Users' and so on. However, we have some legacy vendor applications that require administrative rights. For selected desktops, we installed the Device Lock software to prevent user access to removable devices like floppy drive. The problem is that a user belonging to the administrative group can stop the service locking the removable device and even install the Device Lock Manager to deactivate the device locking.

So far, I think the possible solutions to this problem are:
- Provide a limited user desktop by using system policy (WinNT) and LGPO (Win2000).
- Only allow icons to run apps.
- Restrict START/RUN.
- Disable the Command prompt.
- Disable File/Windows Explorer.
- Limit the Control Panel with no access to 'services'.

Is there anything else I can do to prevent the users from deactivating the Device Lock features?

Requires Free Membership to View

In general, Administrators on the box "own" the box, and can do, well -- anything. To that end, why not pop these users into the Power Users group instead? Many, many legacy applications will run properly for users contained with Power Users. Give that a shot -- before going through all the hoops you've laid out.

This was first published in January 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: