Home
Certification Preparation
Microsoft
MCTS / MCITP on Windows 2008 General
Local policy to prohibit MMCs
jibbajabba
I have disabled a MMC (diskmgmt.msc) through the local group policies which is working fine when opening the server manager for example. But it doesn't seem to stop people from starting the mmc from the command prompt using diskmgmt.msc, or adding the snap-in to another mmc ...
I must miss something stupid here ...
Find more posts tagged with
Comments
undomiel
You can do this under user policy: Administrative Templates\Windows Components\Microsoft Management Console
Enable Restrict users to the explicitly permitted list of snap-ins. If you don't add any snap-ins to the permitted list then the users will not be able to add any into mmc thusly rendering mmc useless to them. If you're still worried about the ability to run mmc you could always use software restrictions to disable access to it.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
