• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

How To?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

Bon L

Registered
Joined
Nov 26, 2006
Location
Sydney, Australia
Well one day I was at the local internet cafe and I wanted to play this little mini game on their computers and tried downloading it from the site, it got downloaded to the computer but then when I tried to install it. It didn't work it had a msg : you do not have permission from the administrator or something like that.

How do I go about doing that to my computers at home?
 
You can save things (downlaod) but not install. You are denied permission to system files and existing files on the HD.
 
Actually, if you change the install directory to something inside of your path (where you have permissions), you can usually install stuff on a limited account. If you really want a bit more security, use Application Whitelisting, which is a part of Active Directory. Otherwise, it's alot more secure for everyone to run limited accounts, including yourself.

Clarification: They were probably using Application whitelisting, which only allows you to run pre-specified programs.
 
Incesticide said:
Actually, if you change the install directory to something inside of your path (where you have permissions), you can usually install stuff on a limited account. If you really want a bit more security, use Application Whitelisting, which is a part of Active Directory. Otherwise, it's alot more secure for everyone to run limited accounts, including yourself.

Clarification: They were probably using Application whitelisting, which only allows you to run pre-specified programs.

Many installs also need to add/modify the registry. This can't be done with a limited account. So just changing the path won't help.
 
I think the OP wants to know how he could set up his home computers to where accounts have limited access. I'm pretty sure you can't do that on XP Home, and I'm not sure if you could do it on Pro. In Pro, you can create a special user group, say "limited users", and then go to the local security policy snap-in (Either in Admin. tools, or type secpol.msc in run). There's abunch of options under User Rights Assignments, which is under Local Policies. You can add or remove certain users and groups from each right in there, but I'm not sure if installing programs is under these rights.

You'll prolly need to set up a domain controller (You'll need windows 2000(3) server to do this), and create domain policies that restrict certain users from installing stuff.
 
No, it will work without a DC on Home or Pro. The only real difference is the granularity of control and way the policies are enforced/changed. Without a DC you just need to do it manually on each PC. Still creating a limited user account means no ability to install most everything. Limited means no access to system files and directories on C:, and no registry access.

If you want more access you can go into the Local Security settings MMC snapin and adjust more polices for local groups. You can even create different local groups without a DC. It isn't as good as a DC and AD but at least it will let you prevent people from installing anything without permission.
 
Just make sure you establish an 'password protected' admin account so you can alter the settings and install programs after you switch all the users.
 
Finally, an option would be to run the Microsoft Shared Computer Toolkit.

You can do all kinds of neat stuff with this to secure the computer, like remove the C drive, etc. I use this on all the Lab computers because I don't have the budget for altaris to reimage them on a weekly basis, but I want to grant enough permissions to make sure Word, Excel, etc is available and that files can be saved to a thumbdrive / student file share
 
Back