-4

Is it possible to blacklist certain operating systems from being installed on a server?

Example scenarios:

1) There is an existing physical server, with no operating system. Is there a way to block say, Windows Server 2012 from being installed on that server?

2) There is an existing physical server, with a Windows Operating system installed. On top of that is a hypervisor and multiple VM guest accounts. Is there a way to block the guest accounts sitting on that server from installing certain operating systems?

Any help would be hugely appreciated.

kpipeline
  • 1
  • 1
    There's no way that I know of, except: don't give people access to the servers if they're going to do something you don't approve of. What's your need for this? Perhaps if you explain the intent behind it, there might be some other way of handling it. – TessellatingHeckler Feb 24 '15 at 03:35
  • What actual problem are you trying to solve here? – Katherine Villyard Feb 24 '15 at 03:38
  • I'm trying to implement a strong security solution, which prevents people from installing an operating system which is anything except Windows Server 2012. I want to prevent users from removing existing OS with monitoring capabilities, installing new OS without monitoring capabilities and running whatever malicious content they like :) – kpipeline Feb 24 '15 at 03:47
  • 3
    "Anyone caught installing an OS I disapprove of will be flogged with a serial cable until I get bored or go drinking for the weekend." – HopelessN00b Feb 24 '15 at 04:05
  • 4
    The industry standard solution here is to prevent the users from having any physical access to the server, or the virtual equivalent, and to disable boot from removable media or CD-ROM. – Katherine Villyard Feb 24 '15 at 04:06
  • @HopelessN00b You pretty much nailed it. – kpipeline Feb 24 '15 at 04:13
  • 1
    "Put the servers behind locked doors" and "make it a punishable offence for people to mess with the servers" *are* solutions. Good solutions. Possibly the only available solutions; people with access to the servers have access to undo anything you do. That's it, game over. – TessellatingHeckler Feb 24 '15 at 05:22
  • Yep - this is a social problem, not a technical one. The issue isn't that it's technically possible, but that people would try to do so. – Jenny D Apr 20 '15 at 12:53

1 Answers1

3

Prevent operating systems from being installed by users period.

Hire administrators that follow procedures and forbid them from installing anything but your approved OS images. Monitor for compliance.

Provide a managed deployment solution instead which provides your pre-selected OS images if users need to be able to re-install on demand.

HBruijn
  • 72,524
  • 21
  • 127
  • 192