I see this issue was previously addressed in Automatic LiveUpdate for non-Admin users in http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21292658.html
but would like to re-open the discussion if possible.
Our office purchased Norton Internet Security 2005 (somewhat against my advice, but hey) and subsequently learned that it was not possible for Automatic LiveUpdate to be run while the logged-in user is a Limited User account. This is extremely frustrating because (a) Earlier versions of NIS *did* permit this, and (b) it took a great deal of searching on the Symantec site to establish that it was unsupported, when IMHO it should have been writ large on the box!
[I promised myself I wouldn't turn this into a rant against Symantec. Deep breath now...]
As best I can tell, this is in response to a design-flaw whereby the LiveUpdate client can enable privilege-escalation for the logged-in Limited User. This wouldn't unduly concern me in our office, as I'm 100% confident that such attacks are beyond the capabilities of my users. (I realise most people could not say this, but trust me, I can.)
So, rather than dumping Norton instantly (that day will come, but there's a subscription to work out first), I'd like to find a way to run LiveUpdate with administrative privileges once a day, or at boot-time.
My first attempt at this was creating a scheduled task to run C:\Program Files\Symantec\LiveUpdate\
LUALL.EXE at startup, with admin privs. I also changed the settings of LiveUpdate so it should run on full-auto (no interaction). I don't believe it worked, however, because the log at C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\L
ate was empty for the time at which I rebooted. (Previous runs had an entry even if there was nothing downloaded.) The task had run, as I'd checked the Task Manager, but no evidence of it doing anything useful.
Is there another way I could use the Task Scheduler to get the right result? Or as a rather extreme method, could a third user be created and their permissions fine-tuned so all they could do was run LiveUpdate? [I'd need some guidance on how to set that up.] Or is there any other method available?
OS: Windows XP Home Edition SP2
LiveUpdate version: 3.0.0
Any and all suggestions welcome. Points at maximum in hopes of a positive outcome.