Network management Toolkit

Killing off gaming on your network

Michael Mullins CNET News

Published: 04 Aug 2005 16:00 BST

Let's be honest: gaming at the office isn't in any best practices guide. Don't get me wrong, I'm not against gaming — it just doesn't belong on the office network.

This isn't a popular attitude to take, but it's a smart one. Corporate machines and their bandwidth are for business activities — not amusement. Not only does gaming pose a productivity problem, but it can also jeopardise network security.

If your users are gaming at the office, I recommend revisiting your corporate policy immediately. Let's look at four steps you can take to regain control of your network from gamers.

Put it in writing
Inform users that it's against company policy to install unapproved software applications on company computers. This covers a wide field that includes games, bootleg copies of office programs, unapproved utilities, and a wide assortment of potential malware that has no business function.

If, in fact, you don't have a policy that addresses this matter, I recommend taking immediate steps to create one. Instituting a written policy that addresses Internet usage is a security best practice for many reasons.

In addition, publish a list of approved software for which the company owns licenses. Your policy should also detail the process for adding software to the approved list and outline penalties for noncompliance.

Putting all of this in writing covers you from a legal perspective for the actions you'll need to take to actually deter users from turning their office machine into a gaming platform.

Lock down the Program Files folder
By default, most games install in the Program Files directory. Therefore, to further discourage gaming, users shouldn't have the rights to create or modify files in this directory.

Verify that your users have only user rights and that they aren't power users or administrators on their machines. To do so, follow these steps:

Right-click My Computer, and select Manage.
In the left-hand pane, expand Local Users And Groups.
Select Groups, and double-click Users in the right-hand pane.

Verify that your Domain Users group (or the domain group that your users belong to) is a member of this group. Check the other groups, specifically the Administrators group, and verify that no normal user accounts are in this group. Check the Power Users group for invalid entries as well.

Now that you've ensured users have only user rights to common file objects, follow these steps:

Double-click My Computer, and double-click Local Disk (C:).
Right-click Program Files, and select Properties.
On the Security tab, select Users from the Group Or User Names list box, and verify these permissions: Read & Execute, List Folder Contents, and Read.
Verify that no invalid entries exist for the security properties of this folder.

Users will no longer be able to install software that defaults to this location. If they want to install games, users must now consciously select an alternate location to install the game.