?
Solved

Installing programs with a non-administrative user

Posted on 2005-03-25
13
Medium Priority
?
270 Views
Last Modified: 2010-04-14

Hello,

There is something tricky about this issue, and Windows XP solves that problem with "Run As..", which unfortunately is not in Windows 2000.


This applies to many computers on our network:
On a Windows 2000 machine, I have an "Administrator" account and the account of the person currently using it. Let's say John Doe has the account "jdoe". John does not have administrative rights so he is not able to install programs. Only the admin account can. Also, "jdoe" is set up on his machine as a domain user.
But here's the problem. I need to be connected to the network while installing that program. And to be connected to the network, I need to login to Windows with an account that resides on the domain, in this case "jdoe". But, "Administrator" (which is the only account that can install programs) is not on the domain, and thus, when logged in Windows with Administrator, I'm not on the network, thus not be able to install the program correctly.

So, I'm looking for one of these two solutions (it would be helpful to know how both would work, if possible):
* If logged in Windows with "Administrator", how do I temporarily connect to the network (using an account that resides on the domain)?
* If logged in Windows with "jdoe", how do I temporarily achieve administrative rights to be able to install the program?

Note: John Doe should not have permanent administrative rights, nor be a "Power User" (which isn't even helpful with some programs that need full admin rights).

My workaround (which I need to avoid): Log off "jdoe" (which will most likely require me to close all John's programs currently running, which can be a hassle and sometimes not be able to close them at the moment), and then logon with "Administrator" (at which point I'm not on the network anymore). Change jdoe's account to include it in the "Administrators" group (that way when he's logged on the network, he's also administring his local machine). Log back on with jdoe. Install the program. Change jdoe's account back to exclude it from Administrators group. Log off and on with jdoe for the change to take effect.

As you see, my workaround is tedious and sometimes should be completely avoided, since John Doe cannot close some of his programs.

Any input is welcomed.
Thank you for reading thus far.
0
Comment
Question by:DeuceEE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +3
13 Comments
 
LVL 20

Expert Comment

by:What90
ID: 13635135
Hi DeuceEE,


Is there any reason you can't deploy the new programs via a GPO software deployment? That way the new software will be installed on the machine when the user logs on.

0
 
LVL 1

Author Comment

by:DeuceEE
ID: 13635158

Actually, aside from using GPO, I need to know how to do that if I need a particular John Doe to have a program installed right away. John Doe can call me up and say "I have this program I need installed, could you come here for a minute?" So I go to his machine and I'm supposed to do it pretty quickly. And I don't need to generalize that with GPO.

Thanks, though.
0
 
LVL 20

Expert Comment

by:What90
ID: 13635179
DeuceEE,


If you use the SU tool from the Resource kit, it allows you to do the run as thing from Xp You can get it here http://www.petri.co.il/download_free_reskit_tools.htm
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 13637423
Hi,

Did you try to use RUNAS from RUN Menu? Here is the Example:

Go to START>>RUN and then type this to run fo example (CMD) as anadministrator

runas /user:localmachinename\administrator cmd

Try it and let me know.

Regards

Naser
0
 
LVL 1

Accepted Solution

by:
mikeabrunette earned 200 total points
ID: 13637832
Hi  DeuceEE,
In Win2K you can hold down the left shift key while right-click on executable to install
"Run As" will appear on context menu
Choose "Run As" and supply the proper credentials
You'll be back at your desk in no time.

Kind regards,
mike
0
 

Expert Comment

by:roygarratt
ID: 13638669
First off the "run as" feature does work in W2k, just hold shift down when you right click....bearing in mind that it will only do this if the file is an executable and not and MSI file.

The work around you have is unfortunalty one of the more common solutions........

You keep saying you are not on the network anymore when you are logged in as administrator. Utter Rubbish if the machine you are using is up to date, you should recieve a window asking you for a username and password for the resource you are trying to access. i.e. Type the path in the Run comand \\domain.dom\deploy\etc\etc press enter and you will recieve a window awaiting a valid usrname and password.

If this is not the case then, map a drive (rightclick my computer etc) put in the path and again you will be asked for a valid username and password to access the network resource.

FOR EXAMPLE
If you remember correctly, when you add a PC to the domain you are doing so with a local account (as the pc has no domain membership and if you tried to log on to it using a network username is would tell you that the computer account in its primary domain is missing)

When you click on ok to add it to the domain the same username and password box that I mention above appears

###Remember to put your domain before your username (you may be able to exclude the .dom)  i.e         royworld.dom\garrattr###
0
 
LVL 1

Author Comment

by:DeuceEE
ID: 13642281
OK, so far, my second question was answered by mikeabrunette: Shift-Right-Click the file to get "Run As.." in the context menu -- that's exactly what I want.

As for the first question (log on network as admin), I think roygarratt is getting me there, but I'll have to wait 'til I get the chance to go to work on Monday. Only then I'd be able to answer. If roygarratt answers my question, I'll have to split the points 50-50 between roygarratt and mikeaburnette, 'cause I want both solutions.

roy,
The thing I need the most from the network is internet access. When logged on our domain, we get interet access, so it's not specifically a resource I can reach with \\.
So, once again, how do I "log on" the network (to get all resources access, along with internet access) while being an admin?


Thanks to everyone else who participated. I appreciate all your input. I wish I had enough points to give to everyone.
0
 
LVL 1

Author Comment

by:DeuceEE
ID: 13642298
There are actually cases where "Run As.." will not do the job. That's why I'm looking for both solutions. Such as updating a program which will force you to update it through the web, only then you would need to be both an admin and logged on the network. I can't do that with either jdoe or Administrator. I need to "multi-login" with both. First log on as admin, then from within, somehow, log on the network, to get the internet access.
Is that at all possible?

Thank you.
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 13643248
"So, once again, how do I "log on" the network (to get all resources access, along with internet access) while being an admin?"

Then just log on with a domain admin account. The domain admin group is, by default, added to the local admin group on each comptuer so you log in with a domain admin account then you ARE a local admin.

Or...You can always make ANY domain account or group a local administrator...all you do is add the domain account to the local admin group on the local machine (like you would make any other account a local admin). No need to log out of your domain to gain admin access on your machines. You don't need two logons....forget logging on to the local machine....just log onto the domain with an account that has local admin rights on the machine :)
0
 

Assisted Solution

by:roygarratt
roygarratt earned 200 total points
ID: 13644451
If you are in the tight situation of not having the benifit of a domain admin account (as I did not for some time at one point) a local admin account is a boring reality.

If I were to log on to a machine and want to install am application I would use the run command and do the old \\ etc\etc\etc then wait for the pop up box requesting a valid username and passord for the resource I am accessing.

If I want to surf when I am there (or download updates etc) I'd ensure that the Proxy settings are correct in internet explorer then start IE, at this point you are going to have to provide credentials that do have rights to access the internet as another box is going to pop up for your username and password.

Basicaly, to cut everything short....it is possible to access multiple resources across a domain as long as you do have a valid username and password for the resources.

some times, you will need to install something as the user.....well this stuff I have given you is the ideal solution, because now you an log in as the user and locate the software on a network share  (using a different username) and install it as the user....or you can hold down shift and install it as anyone you like mate....

Remember always put your domain in first, then username (you may be able to omit the .dom....have a go with both) .......carcraft.dom\garrroy


Let me know how you get on.....this is good bread and butter stuff this, the lads at work will think you're **** hot now!!
0
 
LVL 1

Author Comment

by:DeuceEE
ID: 13644796
I don't want you guys hanging, because I need to keep trying, so I gave away the points for now. The information so far should be good enough for me to try.

"Run As.." works like a charm, but I gotta keep my eye open.
As for the other case, I think I can make it work to log on as admin, but roy reminded me of something: It's better to install programs while logged in with the user who is going to use it, that saves me time. But still, I needed both answers.

Thanks, guys.
And I'll keep posting here with any updates for everyone to learn.
0
 
LVL 1

Expert Comment

by:mikeabrunette
ID: 13648752
Hi  DeuceEE,
I'm glad the right-click thing works for you
As far as your network...
It would be very helpful if you could explain your network just a bit.
I don't understand why you would not or could not have access to the domain.
Additionally, I don't understand why you would have to be on a domain just to have internet access if the machine your on is connected to the same network that has the domain and the internet access.

If your up to it, a good explanation of your network would go a long way in helping you find a good solution.
What is connected to what and where
What where and who manages the network
Where are network configuration decisions made
That kinda stuff
0
 
LVL 1

Author Comment

by:DeuceEE
ID: 13650044
You know what mike? I wish I know! Heh. I just got hired last week, and I'm still trying to get the hang of it, you know. Everything is everywhere, and I barely know how the domain is set up. But i'll see what I can figure out.

Thanks for helping thus far.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question