Q

Users having unauthorized administrative privileges

Expert Derek Melber explains some of the problems that can arise from giving users administrative control.

This Content Component encountered an error

I came across something recently that I found a little troublesome: 99% of my users are logging into Windows 2000 terminal servers with roaming profiles. I have my Group Policy configured so that they are not allowed to save downloads from the Internet, but if they choose the Open option instead of Save, a user is able to install a downloaded program from the Internet, without having to save it anywhere first. I have my Group Policy...

configured so that my users do not have the privileges to install applications, also.

Am I totally missing something here? Is there a simple policy setting to disable the Open option that I just overlooked?

This can typically be directed back to the fact that you are allowing the users to be administrators on the box, even in the Terminal Services session. If they are not administrators, they should not be able to install most of these applications. If all of these applications are add-ons, there are new controls for add-ons in the Group Policy settings for Windows XP SP2 and greater. I can't find any setting myself that can control the Open vs. Save issue that you are talking about.

This was first published in November 2005

Dig deeper on Microsoft Active Directory

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close