We have request if we can block the software installs on the member servers.
Currently all the multiple team are part of the local admin group on the member servers and being a local admin they get all rights on the server. We want even being a local admin on the server they should be prevented from running a windows installer from their ad account
We have gone through a GPO settings to Prevent MSI Installation on Servers, But it only block MSI, the installer with exe are allowed and all users who are part of Local admin are blocked including the LAPS account or Local account
If we can use the Power User local Group on server, will it prevent the installation on member server
If we can use Restrict ADD /REmove GPO on server, will it prevent installation on member server