The information in this article applies to:
SUMMARYThe Windows NT 4.0 System Policy Editor allows administrators to determine what applications can be run on computers running Windows NT 4.0 by using the "Run only allowed Windows applications" option. MORE INFORMATION
The "Run only allowed Windows applications" entry under the System
Restrictions book of System Policy Editor can be assigned to specific
users and groups, or to default users.
Microsoft Office applications, including Office 95, include the utilities Msinfo.exe and Msinfo32.exe. These applications bypass the shell name space and, because of this, they are not monitored or restricted by the System Policy. This allows users to run applications even if they are not listed in the System Policy's "Allowed to run" list. Administrators may choose to customize installations so these utilities are not installed. Another consideration for System Policies is the use of reference accounts. A reference account is a special user created specifically as the logon account for the administrator who will be setting System Policies. Logging on as an administrator named POLICY and setting policies under this account will help prevent a situation in which even administrators cannot run server tools. It is easy, by using the "Allowed to run" policy, to restrict even the administrator account from running administration tools. Because of this it is better not to manage System Policies while logged on as Administrator. Additional query words: prodnt
Keywords : kbenv ntsecurity NTSrvWkst |
Last Reviewed: January 22, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |