Put your question to the experts

Engage with your peers in legal business services with our clever crowdsourcing engine.

Ask a question »

Looking for how other firms have implemented a "secure" or "locked down" Win7 desktop

We are looking to rollout new desktop (Win7, Office2010 and new versions of all other software). We are looking into locking it down so that only specific IT admin users are able to install software. Has anyone does this? Any thoughts or comments on how best to do this?
Asked by: Jenny Williams
Answers
Answer this?
Hi Jenny You could do it using Group Policies within Windows. This can be quite time consuming and DOES require testing and may not stop some things getting through. My colleagues have used it in the past and found it effective. The other option is to use a third party application like Deep Freeze which restores to original configuration on reboot.
Hi Jenny, yes it’s achievable and Windows 7 provides more granular control of user access to the desktop than Windows XP. A caveat is software compatibility and whether you have software that misbehaves if the user does not have enhanced rights to the desktop. This can be particularly a problem if you depend upon legacy software, or anything written in-house (e.g. VBA in Office) in which case you’ll probably need to do some software reworking or analyse to see what needs to be opened up on the desktop without giving users generally enhanced rights. Your software deployment / installation method also has to be considered – whether you do everything through a toolset such as Microsoft SCCM or ScriptLogic Desktop Authority, or use Group Policy as others have suggested. Adrian Polley, Director at Plan-Net plc
Hi Jenny, not had to do this myself, however as its Windows 7 it might be worth using applocker (using group policy) as I'm pretty sure you can prevent certain file types being executed by specified users or groups (I.e .MSI, setup.exe, blocked for all users EXCEPT securitygroup). Can't be sure but might be worth investigating.

Add your comment