Within our domain, roaming profiles are used. The roaming
profiles are limited to 10MB by means of a GPO. The user is also given a
networked drive (K:\) that gives them an additional 40MB which gives them a
grand total of 50MB of usable space when on their workstations. The 50MB
limit is then enforced by Disk Quotas. The roaming profile data and the
networked drive are both on the same machine. The user logging into their workstation is not able to
install applications unless first approved. What I have noticed however
is that users within the domain are still managing to run unauthorized pieces
of software. They are doing this by copying the files K:\ The
application that they want to use is a self executing program that does not
need to write data to the registry or modify the system in any way. In one case, I noticed that a user is using FireFox. I
installed the software with under the same user privileges and was able to do
so but with a warning that the application may not install correctly without
Admin rights. The application did install to the K:\ and worked correctly when
was opened. The good thing about this was that anything that was written
to the registry was access denied. So here is the question. How can I prevent users from
installing these type of applications to the K:\? When they do this, they
are using resources on the remote machine that shouldn’t be. I
could care less that they are using more drive space since it will only affect
them and their ability to write more files to the remote machine or will
prevent them from logging off of their desktop until the space is cleared. I don’t have a problem putting fear into those who are
doing this, but I would rather just cut them off and keep my mouth shut if a
solution is available. Any thoughts? Thanks everyone for your replies, Edwin |