Blocking Non-msi installers

[phantom404]

I know I can edit the registry to block users from installing products using the MSI installer but is there a way to block products from being installed that is NOT using the msi installer?

Thanks

 

[mechBgon]

1) Make them Limited or Restricted-User users. This is a biggie.

2) On WinXP Pro, you can also set up a disallowed-by-default Software Restriction Policy in your Group Policy, whether it's on the local machine or the domain. This prevents them from executing stuff from, say, their desktop screen, their My Documents folder, or removable drives. Remove .LNK from the affected filetypes or shortcuts may break. I found that if you use Microsoft Access, you need to exempt .MDB as well, so do test it a bit.

3) you could additionally set up a Run Only Allowed Windows Applications whitelist in Group Policy too, either on the local machine or the domain, but then you have to whitelist everything you want them to run.