none
User permissions in Windows Server 2012

    Question

  • Is Software Restriction Policies to deny people to access third party software or can we use Software Restriction Policies to block certain users from running certain already installed in the computer software. 
    I have never used any server operating system. Right now I have been chosen as the person in charge of a couple of servers that the company i work for has deployed for another company.
    I have remote desktop access as admin to the servers. I need to allow certain users to access and use some software in the servers while denying other users access to the software. Basically different departments have different software but all have access to the servers.

    Would Software Restriction Policies be my best choice or is there something better? 
    if so: How do i use Software Restriction Policies?

    Thank you :)
    Wednesday, April 10, 2013 8:00 PM

Answers

  • I found that GPO is the best choice for this case because of all the restrictions that i had to put on users.
    I just need to find a couple more things to restrict users, like allow users to access specific folders in C drive while denying access to the other folders in C drive, and the server should be ready for use.

    Thank you for taking your time to help me :)

    Friday, April 19, 2013 3:28 PM

All replies

  • You can set up things with SRP, or you can simply put an access control list on the executable files.  Depends on how you want to manage it.  Here (http://technet.microsoft.com/en-us/library/dd348653(v=WS.10).aspx) is a place to start on implementing SRP.  If you are not talking about large volumes, it might be easier to create a couple of groups in Active Directory and protect the files by assigning the desired access constraints or access to the groups.

    .:|:.:|:. tim

    Thursday, April 11, 2013 2:25 AM
  • Not sure how much is considered a large volume. We have a couple different departments in this company, at least 3 maybe 4 departments. Each department needs different permissions. I do not have the number of people in each department who will access the servers but from what I've understood it will be roughly 10 or so per department in the beginning. So about 30 people, at least in the beginning.

    Thank you for replying; I'll be to checking that link. :)
    Friday, April 12, 2013 6:43 PM
  • I found that GPO is the best choice for this case because of all the restrictions that i had to put on users.
    I just need to find a couple more things to restrict users, like allow users to access specific folders in C drive while denying access to the other folders in C drive, and the server should be ready for use.

    Thank you for taking your time to help me :)

    Friday, April 19, 2013 3:28 PM