Users should not add/modify DSN in ODBC Data Source Administrator in Windows client, so we most likely need to block access to ODBC Data Source Administrator for users in Windows AD via Group Policy.
Asked
Active
Viewed 87 times
1 Answers
0
SYSTEM DSNs cannot be modiefied by users (by default), USER DSNs can. I would recommend setting up a GPO that distributes your sources as a SYSTEM DSN.
DSNs can be viewd/modified/created in a lot of applications, so locking down the ODBC 'administrator' apps might not accomplish what you are trying to do. For example word, excel, command line, access, outlook and a lot of 3rd party apps can do that.
If really need to lock down your user DSNs too, you can set ACLs on the ODBC part of the registry.
User:
HKCU\Software\ODBC\ODBC.ini
System:
HKLM\Software\ODBC\ODBC.ini.
I suppose you could lock them down by removing user permissions from those keys (read and/or write depending on what you're trying to accomplish).
bjoster
- 4,423
- 5
- 22
- 32