Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Manual Installation of MS security patches and Antivirus updates without Administrator Rights

Posted on 2006-11-08
4
Medium Priority
?
160 Views
Last Modified: 2013-12-04
Hi, This is the my first time posting here so please bear with me if I made any mistakes.

My company have quite a lot of users using standalone laptop at remote sites. They will use dial-up to connect back to our mail servers to download or send their mails only.

Our recent management directives was that all these laptops must be patch with the lastest MS security patches and Symantec Antivirus Coporate edition virus defintation. The decision was to create a CD and dispatch them out to all these remote location and let the user manually install the patches theirselves.

The problem is that ALL the remote users are accessing the PC using a local restricted accounts. They only have rights up to "User" Level. Some are even using "Guest" account to login (locally).
They are not allowed to have any administrator accounts or rights under any circumstances. They also do not have any access to the internet.

How can I automate this installation for them without giving them the administrator account? Or is there a way to create an account that allow the user to install the patches but not any other programs like games?
Any help would be appreciated on this.

Thanks.
0
Comment
Question by:nszeling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1000 total points
ID: 17927847
You can use the hundreds of 3rd parties out there to apply the patches, run M$'s WSUS to send the updates when they are connected, or have the updates scheduled, they will run as the system account and not the user account. Your AV will certainly allow you to schedule a task to check for updates, but on M$ to schedule a task you need admin rights, I'd suggest getting a hold of, or remoting into each one of these PC's to set up these scheduled tasks, they will even try to run when they haven't completed in a specified time.

The added benefit you have with users running as non-admin's is that they are less vulnerable to the threats that these patches and AV updates aim to protect them from... ironic ain't it ;) Vista for instance, will be following many of these best practices, just line Mac, BSD, unix/linux has for generations... 20-30 years later good `ol M$ catches on ;) http://www.betanews.com/article/Allchin_Suggests_Vista_Wont_Need_Antivirus/1163104965
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
http://www.eweek.com/article2/0,1759,1891447,00.asp

As for keeping up with the company policy, and the fact that your not protected 100% with best practices, but rather 99.9% protected, there are things like the WMF vuln that came out a few months ago that an AV and or patch was needed to protect you.
If you can get them a CD, you can use various tools to automate the installs and updates... CD's are cheap and an effective media. All you really need to do is configure an auto-run file on the cd, and try my runas script (make sure it's the VBE) and or try these other tools
http://www.xinn.org/RunasVBS.html
http://nonadmin.editme.com/UsefulTools
-rich
0
 

Author Comment

by:nszeling
ID: 17953955
Hi, Tks for the post, was a bit busy.

I will go through this most prob the week after next as I will need to fly off to Taiwan for work and will not be back till the 27th!

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question