2008 domain? I think this is only available via that. The Group Policy extensions update added to xp make it work.....
Computer config...Policies...Windows Settings...Sec. Settings...Registry. You add the key and change the perms to read and Execute, taking away right/full control from everyone, or everyone except Domain Admins I did that for conflicker to svchost to stop the spread. From: David Lum [mailto:[email protected]] Sent: Monday, April 27, 2009 2:15 PM To: NT System Admin Issues Subject: Prevent mods to HKLM\Software\Microsoft\CurrentVersion\Run Is there a GPO way to prevent something from modifying this registry key? If I could prevent that and stuff from auto-populating the \Startup folder for "all users" I would be a happy camper. Tools like Spybot can do it, but that's not enterprise grade (read, centrally manageable). McAfee has a product that can do it - and we even have it and are licensed for it, but it's interface is so atrocious I'd probably nuke half my systems just attempting it. I'm looking for something other than "not local admin". David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
