How to disable ISA client to restrict user to change settings
Answer: By using Software Restriction Policy we can achieve this behavior; we
need to configure Hash and Path rule.
Note: You need to apply these rules in Group Policy to the container where you
have all your computers account. For more details look at below mention KB
article: 324036.
Group Policy Object Computer_name Policy/Computer Configuration or
User/Configuration/Windows Settings/Security Settings/Software Restriction
Policies 1). How to Create a Hash Rule
- Click Start, click Run, type mmc, and then click OK.
- Open Software Restriction Policies.
- In either the console tree or the details pane, right-click Additional
Rules, and then click New Hash Rule.
- Click Browse to find a file, or paste a precalculated hash in the File
hash box. (i.e. select FcwMgmt.exe from c:\program files\Microsoft Firewall
Client 2004\)
- In the Security level box, click either Disallowed or Unrestricted.
- In the Description box, type a description for this rule, and then click
OK.
- How to Create a Path Rule
1. Click Start, click Run, type mmc, and then click OK.
2. Open Software Restriction Policies.
3. In either the console tree or the details pane, right-click Additional
Rules, and then click New Path Rule.
4. In the Path box, type a path or click Browse to find a file or folder.
(i.e. C:\Program Files\Microsoft Firewall Client 2004)
5. In the Security level box, click either Disallowed or Unrestricted.
6. In the Description box, type a description for this rule, and then click
OK.IMPORTANT: On certain folders, such as the Windows folder, setting the
security level to Disallowed can adversely affect the operation of your
operating system. Make sure that you do not disallow a crucial component of
the operating system or one of its dependent programs.
How To Use Software Restriction Policies in Windows Server 2003 <http://support.microsoft.com/?id=324036>
Description of the Software Restriction Policies in Windows XP <http://support.microsoft.com/?id=310791>