Users like installing software on workstations; however, in business-type environment this can lead to a number of problems, can destabilize the intranet and create a number of security holes. For example, installing IMs such as ICQ or Skype, any other type of network utility that can create uncontrolle connections.
There are several means to prevent users from installing software and/or running unapproved type of software. First, users should not be Power Users or local Administrators on their workstations. This will prevent hem from installing most software.
Also, Group Policy can be used to forbid running certain executable/etc files (including .msi packages).
Proper firewall configuration can also prevent users from downloading software from known sites and, most important, from connecting to certain ports (thus rendering most dangerous programs, such as instant messengers, from running.
Along with installing efficient malware detection and protecting system settings from modification, this can give a decent level of defense against running unwanted software.
There are several means to prevent users from installing software and/or running unapproved type of software. First, users should not be Power Users or local Administrators on their workstations. This will prevent hem from installing most software.
Also, Group Policy can be used to forbid running certain executable/etc files (including .msi packages).
Proper firewall configuration can also prevent users from downloading software from known sites and, most important, from connecting to certain ports (thus rendering most dangerous programs, such as instant messengers, from running.
Along with installing efficient malware detection and protecting system settings from modification, this can give a decent level of defense against running unwanted software.
