Solved Software restriction policy on Workgroup network ?
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
It was about end users. End users should not be admins or installing software in most cases. If they are, it's outside the scope of this thread. I was reading it as reasonably as I could.
No Scott, it is not about end users. It is very clearly stated that he wanted to know the affect of SRP on and admin installing legitimate software.
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
-
@JaredBusch said in Software restriction policy on Workgroup network ?:
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
Yes the users, not IT.
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
Yes the users, not IT.
What? You apparently cannot admit to being unable to actually read instead of skim.
-
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
Yes the users, not IT.
What? You apparently cannot admit to being unable to actually read instead of skim.
I'm very sorry to everyone involved for giving some credit and not being condescending. I assumed that once he switched to "users" he had moved on from the installation task.
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@openit said in Software restriction policy on Workgroup network ?:
Also, just wondering to know, once we setup SRP, what impact will be while installing legitimate software ? (here we have given users a standard account and separate administrator account for admin to install something)
No legitimate business software expects or requires an administration account. If it does, it's a total joke and has no place in a business environment.
I think this post was the beginning of the end of understanding - Scott starts talking about how no legitimate business software expects or requires an admin account, but the poster wasn't asking about using software, he was talking about installing software. Which doesn't even answer the question that was asked - which was...
Will SRP impact while installing legitimate software?
And the typical answer is - no it won't. That's not to mean or say that it can't, but in general SRP should make no difference here for legitimate software.
Scott's comment about admin rights has nothing to do with this question (sadly the poster tossed the red herring of data in the question which possibly lead to an answer that had nothing to do with the question).
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@JaredBusch said in Software restriction policy on Workgroup network ?:
He stated that he already has users without admin rights. All right there highlighted for your obliviousness.
Yes the users, not IT.
What? You apparently cannot admit to being unable to actually read instead of skim.
I'm very sorry to everyone involved for giving some credit and not being condescending. I assumed that once he switched to "users" he had moved on from the installation task.
The question as quoted by JB and myself was about SRP affecting installations - how is that anything but an install question?
-
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
Actually that Wikipedia links still calls it Group Policy, just "Local Group Policy" when run locally. But it makes it clear that it is still group policy in the name.
-
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
This is the fuzziness that I've been having even since Scott started saying that AD and GP have nothing to do with each other. While I do understand their are each their own components, but from an MS POV, they are part of a collective of things that most Windows admins consider one in the same.
-
Back on topic. The OP was clearly not looking to implement dev ops. He was after a simple script to set local GPO to enforce SRP.
@openit said in Software restriction policy on Workgroup network ?:
Probably we can push script/app with ESET ERA6 to all pcs ? if possible, otherwise, we will do it manually.
This is one of the better guides I know about to do this with powershell. You could make a ps1 script to push out with ESET.
-
@Dashrender said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
This is the fuzziness that I've been having even since Scott started saying that AD and GP have nothing to do with each other. While I do understand their are each their own components, but from an MS POV, they are part of a collective of things that most Windows admins consider one in the same.
Yes, it appears that Microsoft really wants to say that Local Group Policy is not Group Policy. I'll concede that point. From an IT perspective, though, the thing called "Group Policy" functionally exists without AD, but technically cannot have the name.
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@Dashrender said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
This is the fuzziness that I've been having even since Scott started saying that AD and GP have nothing to do with each other. While I do understand their are each their own components, but from an MS POV, they are part of a collective of things that most Windows admins consider one in the same.
Yes, it appears that Microsoft really wants to say that Local Group Policy is not Group Policy. I'll concede that point. From an IT perspective, though, the thing called "Group Policy" functionally exists without AD, but technically cannot have the name.
Idk you might be right....
https://technet.microsoft.com/en-us/library/cc725970(v=ws.11).aspx
-
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@Dashrender said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
This is the fuzziness that I've been having even since Scott started saying that AD and GP have nothing to do with each other. While I do understand their are each their own components, but from an MS POV, they are part of a collective of things that most Windows admins consider one in the same.
Yes, it appears that Microsoft really wants to say that Local Group Policy is not Group Policy. I'll concede that point. From an IT perspective, though, the thing called "Group Policy" functionally exists without AD, but technically cannot have the name.
What I don't know is, does it exist in the home edition?
-
One thing is certain, Microsoft is not clear on the definition.
-
@Dashrender said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@Dashrender said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
@IRJ said in Software restriction policy on Workgroup network ?:
@scottalanmiller said in Software restriction policy on Workgroup network ?:
Group Policy is not limited to domains. You can use Group Policy manually at each machine.
That's right, but at when you are deploying it with scripts it's considered local policy. Even though you can deploy it just as effectively as you would with Group policy.
Group Policy deploys it locally with scripts, too
It works the same way, but according to Microsoft's terminology it is not the same thing.
According to two separate introduction articles to Group Policy, Microsoft defines it as utilizing AD. Until you utilize AD, it is really just local policy that is scripted.
https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb742376.aspx
Even Wikipedia's definition clearly defines that Group Policy uses AD
This is the fuzziness that I've been having even since Scott started saying that AD and GP have nothing to do with each other. While I do understand their are each their own components, but from an MS POV, they are part of a collective of things that most Windows admins consider one in the same.
Yes, it appears that Microsoft really wants to say that Local Group Policy is not Group Policy. I'll concede that point. From an IT perspective, though, the thing called "Group Policy" functionally exists without AD, but technically cannot have the name.
What I don't know is, does it exist in the home edition?
Yes. It always has.
-
@IRJ said in Software restriction policy on Workgroup network ?:
One thing is certain, Microsoft is not clear on the definition.
Or they believe that "Local Group Policy" is not a form of "Group Policy" which seems... intentionally misleading?
-
Oops, this many posts till I came back
-
@openit said in Software restriction policy on Workgroup network ?:
Oops, this many posts till I came back
We all get busy.