Steven L Umbach
09-15-2004, 01:57 AM
You could enforce settings of Web Content Zones for the computer using Group
Policy/computer configuration. The link below is a good guideline to use to configure
Web Content Zones. Not all advanced settings can be configured via Group Policy.
Disabling install on demand is a good idea. You should then use Group Policy to
restrict users from accessing and changing IE options. Domain level policy for user
configuration will not apply to users who logon to their computers locally which an
administrator can do since they have the power to create local accounts. Local Group
Policy can also be configured on a local computer and it will apply to all users on
the local computer though if a user knows how they could reconfigure Local Group
Policy. --- Steve
http://mvps.org/winhelp2002/unwanted.htm
"ntelscho" <ntelscho@discussions.microsoft.com> wrote in message
news:94FE6D84-E429-4BF4-8538-74D49B617FCB@microsoft.com...
> I'm looking for information on setting that can be made to prevent users from
> having spyware installed on their machines using 2000. The main problem is
> that all the users need to have administrative access for some of their
> applications to work. Are there some settings that I can change in IE or
> elsewhere that would at least help prevent this for most users? Any
> suggestions on how I can lock down a system without revoking admin
> priveledges?
Policy/computer configuration. The link below is a good guideline to use to configure
Web Content Zones. Not all advanced settings can be configured via Group Policy.
Disabling install on demand is a good idea. You should then use Group Policy to
restrict users from accessing and changing IE options. Domain level policy for user
configuration will not apply to users who logon to their computers locally which an
administrator can do since they have the power to create local accounts. Local Group
Policy can also be configured on a local computer and it will apply to all users on
the local computer though if a user knows how they could reconfigure Local Group
Policy. --- Steve
http://mvps.org/winhelp2002/unwanted.htm
"ntelscho" <ntelscho@discussions.microsoft.com> wrote in message
news:94FE6D84-E429-4BF4-8538-74D49B617FCB@microsoft.com...
> I'm looking for information on setting that can be made to prevent users from
> having spyware installed on their machines using 2000. The main problem is
> that all the users need to have administrative access for some of their
> applications to work. Are there some settings that I can change in IE or
> elsewhere that would at least help prevent this for most users? Any
> suggestions on how I can lock down a system without revoking admin
> priveledges?