All the applications on the computers run from NAL. I am using Zen v7SP1
and the agent is also V7SP1. Is there away of only allowing the
applications from within NAL loading? This would then stop people from
installing applications onto the workstations and loading them. I know
you could tighten up group policies but unless you limit it to nearly an
unusable state there is nearly always a away around the policies,
especially with USB Pens, for instance mozilla runs off of one with no

If not then any ideas?