How to block Uninstall & install permission to the Domain users using AD GPO

Satyanarayana Pathi 20 Reputation points
2024-01-11T05:45:55.9566667+00:00

Hi I need block Uninstall & install permission to the Domain users using AD GPO, Please Help me for creating the GPO. Thanks.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,887 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Thameur-BOURBITA 35,511 Reputation points
    2024-01-11T08:53:06.7366667+00:00

    Hi @Satyanarayana Pathi

    Any membre of local administrator group is able and uninstall or install an update and a software in a member machine. So to block this permission , you have to remove Domain users from local administrators group on target machines.

    You can using Group Policy Preference to control the membre of local administrators group on target machines as mentioned in the link below :

    Using Group Policy Preferences to Manage the Local Administrator Group



    Please don't forget to accept helpful answer

    0 comments No comments

  2. Daisy Zhou 29,386 Reputation points Microsoft Vendor
    2024-01-16T02:35:41.08+00:00

    Hello Satyanarayana Pathi, Thank you for posting in Q&A forum. To prevent domain users from installing software through Active Directory Group Policy Objects (AD GPOs), you can create and configure the corresponding GPOs by following these steps: Open the Group Policy Management Console. In GPMC, right-click on the domain or organizational unit (OU) where you want to link the new GPO, and then select "Create a GPO in this domain, and Link it here". Name the new GPO, such as "Restrict software installation". Right click on the GPO you just created and select "Edit". In the Group Policy Management Editor, navigate to User Configuration>policy>administrative templates>system Double click on the "system" with the left button,select run only specified Windows applications on the right side. Attempt to install or uninstall software to ensure that the policy has been correctly applied, then type the software installation package that needs to be disabled according to the prompts. However, GPO cannot handle the uninstallation of restricted software, I am very sorry. This is a picture about the path: User's image Please note that these steps will prevent all users affected by this GPO from installing software. Ensure that you apply this GPO only to those users or user groups that require these restrictions to avoid affecting users who need to install software. Additionally, remember to test the policies before implementing them to ensure they do not disrupt normal business operations. Test in a controlled environment, and if everything works as expected, proceed to deploy in the production environment. You can also consider App locker or Software Restriction Policies Under Computer Configuration. https://learn.microsoft.com/en-us/windows-server/identity/software-restriction-policies/administer-software-restriction-policies I hope the information above is helpful. If you have any questions or concerns, please feel free to let us know. Best Regards, Daisy Zhou

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.