PeteKing
asked on
Power User vs. Compatws template
Hi
One of our applications has a built-in auto-update program. The suppliers tell us it requires Power user rights for it to work. We don't want to give Power User rights to a couple of hundred people. I was hoping to use a security template instead.
The compatws doesn't work : the files seem to transfer and the installation gets all the way to the end, but nothing happens. (Trying again causes a very vague file access error)
I've tried running comparison programs (snapshots of the files/folders/registry permissions) before and after a good install (with admin rights). I've created a template based on these, but it doesn't work.
So, the question is: Is there something else about Power Users, apart from the file/folder/registry permissions, which might affect the ability of a user to install programs? And, is there anyway to get around it?
Thanks
One of our applications has a built-in auto-update program. The suppliers tell us it requires Power user rights for it to work. We don't want to give Power User rights to a couple of hundred people. I was hoping to use a security template instead.
The compatws doesn't work : the files seem to transfer and the installation gets all the way to the end, but nothing happens. (Trying again causes a very vague file access error)
I've tried running comparison programs (snapshots of the files/folders/registry permissions) before and after a good install (with admin rights). I've created a template based on these, but it doesn't work.
So, the question is: Is there something else about Power Users, apart from the file/folder/registry permissions, which might affect the ability of a user to install programs? And, is there anyway to get around it?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Paul S
what about deploying the updates from a master computer with admin rights on the domain?
ASKER
I've used filemon/regmon (thanks for the link), as well as auditing, to establish where the regisitry entries and files are written. As far as I can tell, I've got them all.
However, the install still fails, right at the very end of the install process, before the application shuts down and restarts itself.
I have also been playing with the idea of a central pushout. The first problem with that it that it removes the smoothness of an auto-install and puts the workload back on the IT dept to deploy the package.
The patches are in an exe file format (installshield), with accompanying cab files etc. I've tried using a repackager to turn them into an msi, but the install fails. Any idea how to deploy a patch in this format?
However, the install still fails, right at the very end of the install process, before the application shuts down and restarts itself.
I have also been playing with the idea of a central pushout. The first problem with that it that it removes the smoothness of an auto-install and puts the workload back on the IT dept to deploy the package.
The patches are in an exe file format (installshield), with accompanying cab files etc. I've tried using a repackager to turn them into an msi, but the install fails. Any idea how to deploy a patch in this format?
what program is this? why does it need to be updated? are all the computers using the same exact hardware? i am not sure how to deploy it from the server.
what about copying the file to each computer on the network and then using some remote network program to run the update.
You could potentially deploy the .exe and use some command like the "net" command. maybe a batch file that uses the runAs command that gets executes remotely.
what about copying the file to each computer on the network and then using some remote network program to run the update.
You could potentially deploy the .exe and use some command like the "net" command. maybe a batch file that uses the runAs command that gets executes remotely.
ASKER
The program is a department wide, niche system, which the manufacturers have been pumping out patches for at the rate of 1 per week. It currently requires a support guy to visit each machine in order to update it (70+ machines). PCs have different hardware but are all w2k.
I've been trying GPO pushes to an OU - which works fine, except the msi packager doesn't like the patches either.
We're trying to get something long-term in place, for minimum impact on our time. The batch file idea might work - I'll try it.
I've been trying GPO pushes to an OU - which works fine, except the msi packager doesn't like the patches either.
We're trying to get something long-term in place, for minimum impact on our time. The batch file idea might work - I'll try it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
so how did you get it to work?
ASKER
Well firstly, we're continually hassling the manufacturer, who is now working on an msi package for us.
In testing, we got the service-controlled update (in your last comment) to work, but were not allowed to roll it out. Instead, we had a few desktop support guys run around and update the machines individually, which it looks like we'll continue to do until the msi package arrives.
In testing, we got the service-controlled update (in your last comment) to work, but were not allowed to roll it out. Instead, we had a few desktop support guys run around and update the machines individually, which it looks like we'll continue to do until the msi package arrives.