Solved Software restriction policy on Workgroup network ?
-
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@openit said in Software restriction policy on Workgroup network ?:
Also, just wondering to know, once we setup SRP, what impact will be while installing legitimate software ? (here we have given users a standard account and separate administrator account for admin to install something)
No legitimate business software expects or requires an administration account. If it does, it's a total joke and has no place in a business environment.
What in the fuck are you babbling about? FFS. All quality software should ask for proper elevation to install itself into the protected programs directory of the OS.
Stop intentionally misreading and spreading incorrect information.
To RUN, obviously.
I realize that, obviously.
But it has nothing to do with the thread or what you replied to.
I only replied about end user accounts, never admin accounts for installation or the IT team. Don't know what thread you were looking at.
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@openit said in Software restriction policy on Workgroup network ?:
Also, just wondering to know, once we setup SRP, what impact will be while installing legitimate software ? (here we have given users a standard account and separate administrator account for admin to install something)
No legitimate business software expects or requires an administration account. If it does, it's a total joke and has no place in a business environment.
What in the fuck are you babbling about? FFS. All quality software should ask for proper elevation to install itself into the protected programs directory of the OS.
Stop intentionally misreading and spreading incorrect information.
His question was about end users accounts, not accounts for installation. I was answering the question asked and the end user accounts should never need to be admins. Why do your users need to be admins for legitimate software that you've installed for them?
Dude, you quoted him. It very, very, clearly stated that the admin account was for installing software.
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine, push it out with PowerShell or control it even more effectively than a domain does using a tool like Ansible or Salt.
@JaredBusch this is the singular post where I promoted Salt and it was one of two DevOps tools mentioned third. This singular mention is your "20 posts of shoving it down throats."?
C'mon. FFS
-
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller Stop shoving your current favorite toy down the poor guy's throat.
Salt and Ansible are great tools, but they are not a panacea.
There are many other perfectly viable tools that are much easier to implement for someone with out any experience than trying to shoe horn in dev-ops tools.
I offered several tools, he specifically asked for tools of that nature and I offered a few. But you'll notice that first I offered a few other approaches.
And then spent 20 posts shoving Salt down everyone's throat.
Which 20 posts were those? Where did I promote it rather than answer a question?
A number I pulled out of my ass because you continued to shotgun posts about Salt and it is annoying.
-
@JaredBusch said in Software restriction policy on Workgroup network ?:
It was about end users. End users should not be admins or installing software in most cases. If they are, it's outside the scope of this thread. I was reading it as reasonably as I could.
-
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller Stop shoving your current favorite toy down the poor guy's throat.
Salt and Ansible are great tools, but they are not a panacea.
There are many other perfectly viable tools that are much easier to implement for someone with out any experience than trying to shoe horn in dev-ops tools.
I offered several tools, he specifically asked for tools of that nature and I offered a few. But you'll notice that first I offered a few other approaches.
And then spent 20 posts shoving Salt down everyone's throat.
Which 20 posts were those? Where did I promote it rather than answer a question?
A number I pulled out of my ass because you continued to shotgun posts about Salt and it is annoying.
Then quote them? Where are they? Find any but that one where i was not answering a question or correcting the misinformation that it was not free. Show them or stop making this up. I suggested it, as a third option, one time, only one. Then you hijacked the thread with this false statement to try to make me look bad. Please show what you mean.
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
It was about end users. End users should not be admins or installing software in most cases. If they are, it's outside the scope of this thread. I was reading it as reasonably as I could.
No Scott, it is not about end users. It is very clearly stated that he wanted to know the affect of SRP on and admin installing legitimate software.
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
-
@JaredBusch said in Software restriction policy on Workgroup network ?:
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
Yes the users, not IT.
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
Yes the users, not IT.
What? You apparently cannot admit to being unable to actually read instead of skim.
-
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
Yes the users, not IT.
What? You apparently cannot admit to being unable to actually read instead of skim.
I'm very sorry to everyone involved for giving some credit and not being condescending. I assumed that once he switched to "users" he had moved on from the installation task.
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@openit said in Software restriction policy on Workgroup network ?:
Also, just wondering to know, once we setup SRP, what impact will be while installing legitimate software ? (here we have given users a standard account and separate administrator account for admin to install something)
No legitimate business software expects or requires an administration account. If it does, it's a total joke and has no place in a business environment.
I think this post was the beginning of the end of understanding - Scott starts talking about how no legitimate business software expects or requires an admin account, but the poster wasn't asking about using software, he was talking about installing software. Which doesn't even answer the question that was asked - which was...
Will SRP impact while installing legitimate software?
And the typical answer is - no it won't. That's not to mean or say that it can't, but in general SRP should make no difference here for legitimate software.
Scott's comment about admin rights has nothing to do with this question (sadly the poster tossed the red herring of data in the question which possibly lead to an answer that had nothing to do with the question).
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
Yes the users, not IT.
What? You apparently cannot admit to being unable to actually read instead of skim.
I'm very sorry to everyone involved for giving some credit and not being condescending. I assumed that once he switched to "users" he had moved on from the installation task.
The question as quoted by JB and myself was about SRP affecting installations - how is that anything but an install question?
-
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
Actually that Wikipedia links still calls it Group Policy, just "Local Group Policy" when run locally. But it makes it clear that it is still group policy in the name.
-
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
This is the fuzziness that I've been having even since Scott started saying that AD and GP have nothing to do with each other. While I do understand their are each their own components, but from an MS POV, they are part of a collective of things that most Windows admins consider one in the same.
-
Back on topic. The OP was clearly not looking to implement dev ops. He was after a simple script to set local GPO to enforce SRP.
@openit said in Software restriction policy on Workgroup network ?:
Probably we can push script/app with ESET ERA6 to all pcs ? if possible, otherwise, we will do it manually.
This is one of the better guides I know about to do this with powershell. You could make a ps1 script to push out with ESET.
-
@Dashrender said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
This is the fuzziness that I've been having even since Scott started saying that AD and GP have nothing to do with each other. While I do understand their are each their own components, but from an MS POV, they are part of a collective of things that most Windows admins consider one in the same.
Yes, it appears that Microsoft really wants to say that Local Group Policy is not Group Policy. I'll concede that point. From an IT perspective, though, the thing called "Group Policy" functionally exists without AD, but technically cannot have the name.
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@Dashrender said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
This is the fuzziness that I've been having even since Scott started saying that AD and GP have nothing to do with each other. While I do understand their are each their own components, but from an MS POV, they are part of a collective of things that most Windows admins consider one in the same.
Yes, it appears that Microsoft really wants to say that Local Group Policy is not Group Policy. I'll concede that point. From an IT perspective, though, the thing called "Group Policy" functionally exists without AD, but technically cannot have the name.
Idk you might be right....
https://technet.microsoft.com/en-us/library/cc725970(v=ws.11).aspx
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@Dashrender said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
This is the fuzziness that I've been having even since Scott started saying that AD and GP have nothing to do with each other. While I do understand their are each their own components, but from an MS POV, they are part of a collective of things that most Windows admins consider one in the same.
Yes, it appears that Microsoft really wants to say that Local Group Policy is not Group Policy. I'll concede that point. From an IT perspective, though, the thing called "Group Policy" functionally exists without AD, but technically cannot have the name.
What I don't know is, does it exist in the home edition?
