keno44
asked on
Being productive on Windows 7/8 without administrative priviledges
The boss wants us to find a way to run Windows without granting local administrative privileges, and of course, continue to work without interruption.
I think our biggest wish is to make 100% of our standard applications run without admin privis and allow the user to still accomplish what I would call lower level admin tasks.
Users need to be able install printers, blue tooth devices, GotoMeeting/WebEx clients on the fly and last but not least, not be prompted all the time for credentials. However, I have read that allowing users to enter a local admin password for each elevated permission task is a good way to allow them to make timely systems changes, but is enough of a pain to deter them from performing admin tasks all of the time.
I've been out of the desktop configuration space for a while and wonder what it is the community is doing these days to make this the best possible experience for end users. I'm not sure there is any great solution, so I’m open to ideas.
Appreciate your Expert suggestions.
Thank you – Keno
I think our biggest wish is to make 100% of our standard applications run without admin privis and allow the user to still accomplish what I would call lower level admin tasks.
Users need to be able install printers, blue tooth devices, GotoMeeting/WebEx clients on the fly and last but not least, not be prompted all the time for credentials. However, I have read that allowing users to enter a local admin password for each elevated permission task is a good way to allow them to make timely systems changes, but is enough of a pain to deter them from performing admin tasks all of the time.
I've been out of the desktop configuration space for a while and wonder what it is the community is doing these days to make this the best possible experience for end users. I'm not sure there is any great solution, so I’m open to ideas.
Appreciate your Expert suggestions.
Thank you – Keno
You would need to set permissions for each application you want them to run as admins.
ASKER
John/Join, thank you for your input, some follow up questions.
Are you manually configuring each PC with run as admin configurations? What management apps/tools are you using to streamline the process or are you hand building each Windows profile to make these apps work?
I work in an environment where the unexpected pops up frequently, and my users are privi'd in more than one meaning if you catch my drift. So WebEx works great today, but then some other online meeting app pops up tomorrow and they can't use it in a pinch. Or they get a new printer at home and in order to use the new printer, they need to call the help desk and have us install it.
Thank you.
Are you manually configuring each PC with run as admin configurations? What management apps/tools are you using to streamline the process or are you hand building each Windows profile to make these apps work?
I work in an environment where the unexpected pops up frequently, and my users are privi'd in more than one meaning if you catch my drift. So WebEx works great today, but then some other online meeting app pops up tomorrow and they can't use it in a pinch. Or they get a new printer at home and in order to use the new printer, they need to call the help desk and have us install it.
Thank you.
We set up PC's with the needed applications installed and working. Of course you need admin authority to install and set up. But once done, we do not have to visit the computers until the next updates.
I understand users saying they need to be administrators. I have heard this for years. But these same users wreck computers so I do not allow it and my client managers (I am a business consultant) support that decision.
I understand users saying they need to be administrators. I have heard this for years. But these same users wreck computers so I do not allow it and my client managers (I am a business consultant) support that decision.
ASKER
Okay, but how do you set these apps up and make them work while for non-admin users? What tools or management software or reg hacking software are people using today?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you put all of the drivers that a user may need into the driverstore folder then they don't need to be admins to add a driver.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
oh.. the suggestion was by mcknife (2 comments above) :)
so mcknife take it further if you wish
so mcknife take it further if you wish
If you have a domain controller you can, create a super user group and grant permission to the group to install certain application put all applicable user in this group and jobs done. If no domain controller b4 deploying each computer create an image iso of all possible software needed to be productive, on one machine, sysprep and clone and install this clone on all machines thus eliminating the need for admin privileges
The other option is something like Altiris SVS (now called Symantec Workspace) you can use it to installa software on a SOE machine. then do a capture of the installation. what you can then do is create images of the software install. if you use this program at any time a user can then just select the software from the program and hit install. because it was installed initially by an admin it will be a seemless install. the best part is that when done using it you click finish and there has been no changes made to the machine :)
god it took me forever to find this
http://www.symantec.com/workspace-virtualization
great option from my perspective
Also the install is immediate and takes no real time to install. I love it :)
god it took me forever to find this
http://www.symantec.com/workspace-virtualization
great option from my perspective
Also the install is immediate and takes no real time to install. I love it :)
I would just start with a simple login with regular account to one of the desktop and start exploring what kind of issues that user faces related to access. then probably start adding access to local groups like Power Users etc. or configure access to some folders on local drives to resolve them. Also make a note of things that do not work without admin rights and see if there are any workarounds for that (like creating some script to runas diff. user).
The power users group has no meaning anymore.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Keno.. .. ?
Any comments?
Any comments?
ASKER
I looked at a demo of Beyond Trust's products and I think I'm leaning in that direction, at least for a free trial/POC. I kind of also like the idea of creating a local admin account and allow the user to sign off that he/she will only use the account when necessary, i.e. for adding new sowtware or hardware on the fly.
Thank you for your thoughtfull responses and shared links to other solutions.
Ken
Thank you for your thoughtfull responses and shared links to other solutions.
Ken
We install the printers they need, so that issue tends not to come up. Same for Bluetooth.
WebEx Go to Meeting should work once installed.
What happens when untrained users get admin authority is that they go to dodgy sites on the internet, click on dodgy links and wreck their machines. The cost to this is higher than the modest technical management to service their computers.