Preventing the installation of code is one of the primary reasons to deny end-users admin rights. It would quite undermine that whole benefit to simply give them a second account with which to do so. Regards,
ASB http://XeeMe.com/AndrewBaker Providing Expert Technology Consulting Services for the SMB market… GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A Sent with Mixmax On Wed, Mar 30, 2016 8:20 AM, Kish n Kepi [email protected] wrote: Hello All, I would like to give to my users, who do not have administrative privileges on their local Windows boxes, the ability to use other credentials with admin privileges so they install. So, it’s easy enough to create an admin account, however, I’d like to prevent people from actually using it to login into windows (thus bypassing my domain and its GPOs) and prevent creating a local profile (sort of like /sbin/nologin in /etc/passwd). Like this, I can restrict the use of the admin account to its intended purpose – allowing them to install, but making them jump through a hoop. Or is there a better way to lock down users but still allow them to install? Kish N Kepi
