You're on the right track. I'm not sure you need to worry about the software inventory since all you want users to be able to run is Outlook. Edit the GPO to set the default level to "disallowed", then create the exceptions necessary to allow Outlook to function. If I'm not mistaken, the Program Files directory is a default exception.
We use a policy like this for our students. They can only run what's in the Program Files directory, which means only our pre-installed software (as non-admin users, they don't have the ability to install anything to that directory). You might want to tighten it up even more to only allow the directory Office is in. There may be some trial and error; start with the most restrictive settings you can, then loosen only what's necessary to make Outlook work. John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us From: Laurence Childs [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2008 11:55 AM To: NT System Admin Issues Subject: software lockdown Hi Looking to have a PC in a meeting room That PC is logged in as a generic account That account is only to be completely locked down and allowed to run only Outlook I can deal with the Group Policy settings to lock down desktops, control panels etc. What I am not too sure with is ONLY allowing the log on to run just one app, i.e. Outlook I had a look at this MS page http://technet.microsoft.com/en-us/magazine/cc510322.aspx but I can't seem to get the software inventory part of this article working anybody got any other pointers of where to look for better tutorials on how to get software lockdown for individual users working cheers Laurence IMPORTANT INFORMATION Internet communications are not secure and therefore CIPS does not accept legal responsibility for the contents of any e-mail message sent via this medium. The content of any e-mail communication is the view of the individual and CIPS does not accept legal liability for the contents. Although this message and any attachments are believed to be free of virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by CIPS for any loss or damage in any way arising from its use. CIPS runs the following software packages: MS Office Suite 2003, MS Visio 2003, MS Project 2002. Please ensure that any files you send are compatible. The Chartered Institute of Purchasing & Supply (CIPS) is an organisation incorporated under Royal Charter and is based at Easton House, Easton on the Hill, Stamford, Lincs PE9 3NZ, tel: +44 (0)1780 756777, and is a registered Charity number 1017938. CIPS Services Limited is a wholly owned subsidiary company of CIPS, registered in England under number 2610367 and is registered at the address shown above. Both organisations operate under a group VAT registration number: 3426 489 42. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
