Users like to put a lot of different rubbish on their computers: these are Google and Yahoo toolbars, Skype, all sorts of office toys and a lot of other things. Unfortunately, in many organizations, businesses do not want users to do this, because installing such programs can destabilize their systems, and ultimately support costs will only increase. The second danger of this type of user activity is the installation of spyware / virus software, which can create risks of confidentiality, integrity and availability of information. So what can we do to prevent users from installing software on their computers?
First, make sure that user accounts are members of the regular user group and are not members of the Power Users or Administrators groups on their machines. This rule should always be used on your first line of defense. Second, you can implement a software restriction policy using group policy to block individual executable files or MSI files (installer) on the computers of target users. Thirdly, you can block users from accessing websites, where they can download software, by setting up a perimeter firewall or proxy server.