This is my last shot to figure this out. If I can even figure it out.
Is there any way to stop a user from installing programs on their computer? We'll be running Server 2016. I've tried denying them local admin rights (which I did successfully). But, to no avail. I've also tried forcing the programs to run as elevated privilege, once again, to no avail.
How do I do this? Is it even possible?
I'd really appreciate all the help I can get.
Best Answer
Assuming you are going to use a domain and use GPOs, then the recommended (albeit a PITA, but since you are starting from scratch it would be much easier to accomplish) path is Software Restriction Policies. This also has the added benefit of preventing malware/ransomware effectively.
https://technet.microsoft.com/en-us/library/hh831534(v=ws.11).aspx