Microsoft Group Policy Management
Home > Ask the Windows Experts > From the Archives: Group Policy Questions & Answers > Preventing users from deactivating the Device Lock features
Ask The Win IT Expert: Questions & Answers
EMAIL THIS

Preventing users from deactivating the Device Lock features

Jeremy Moskowitz EXPERT RESPONSE FROM: Jeremy Moskowitz

Pose a Question
Other Win IT Categories
Meet all Win IT Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 15 January 2004
I am aware that a user should be assigned to relevant user groups like 'Authenticated Users' and so on. However, we have some legacy vendor applications that require administrative rights. For selected desktops, we installed the Device Lock software to prevent user access to removable devices like floppy drive. The problem is that a user belonging to the administrative group can stop the service locking the removable device and even install the Device Lock Manager to deactivate the device locking.

So far, I think the possible solutions to this problem are:
- Provide a limited user desktop by using system policy (WinNT) and LGPO (Win2000).
- Only allow icons to run apps.
- Restrict START/RUN.
- Disable the Command prompt.
- Disable File/Windows Explorer.
- Limit the Control Panel with no access to 'services'.

Is there anything else I can do to prevent the users from deactivating the Device Lock features?


>
EXPERT RESPONSE
In general, Administrators on the box "own" the box, and can do, well -- anything. To that end, why not pop these users into the Power Users group instead? Many, many legacy applications will run properly for users contained with Power Users. Give that a shot -- before going through all the hoops you've laid out.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Microsoft Management Console  (SearchWinIT.com)
snap-in  (SearchWinIT.com)
virtual desktop manager  (SearchWinIT.com)
Zero Administration  (SearchWinIT.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT DownloadsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 1999 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts