Solved

Manual Installation of MS security patches and Antivirus updates without Administrator Rights

Posted on 2006-11-08
4
152 Views
Last Modified: 2013-12-04
Hi, This is the my first time posting here so please bear with me if I made any mistakes.

My company have quite a lot of users using standalone laptop at remote sites. They will use dial-up to connect back to our mail servers to download or send their mails only.

Our recent management directives was that all these laptops must be patch with the lastest MS security patches and Symantec Antivirus Coporate edition virus defintation. The decision was to create a CD and dispatch them out to all these remote location and let the user manually install the patches theirselves.

The problem is that ALL the remote users are accessing the PC using a local restricted accounts. They only have rights up to "User" Level. Some are even using "Guest" account to login (locally).
They are not allowed to have any administrator accounts or rights under any circumstances. They also do not have any access to the internet.

How can I automate this installation for them without giving them the administrator account? Or is there a way to create an account that allow the user to install the patches but not any other programs like games?
Any help would be appreciated on this.

Thanks.
0
Comment
Question by:nszeling
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 17927847
You can use the hundreds of 3rd parties out there to apply the patches, run M$'s WSUS to send the updates when they are connected, or have the updates scheduled, they will run as the system account and not the user account. Your AV will certainly allow you to schedule a task to check for updates, but on M$ to schedule a task you need admin rights, I'd suggest getting a hold of, or remoting into each one of these PC's to set up these scheduled tasks, they will even try to run when they haven't completed in a specified time.

The added benefit you have with users running as non-admin's is that they are less vulnerable to the threats that these patches and AV updates aim to protect them from... ironic ain't it ;) Vista for instance, will be following many of these best practices, just line Mac, BSD, unix/linux has for generations... 20-30 years later good `ol M$ catches on ;) http://www.betanews.com/article/Allchin_Suggests_Vista_Wont_Need_Antivirus/1163104965
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
http://www.eweek.com/article2/0,1759,1891447,00.asp

As for keeping up with the company policy, and the fact that your not protected 100% with best practices, but rather 99.9% protected, there are things like the WMF vuln that came out a few months ago that an AV and or patch was needed to protect you.
If you can get them a CD, you can use various tools to automate the installs and updates... CD's are cheap and an effective media. All you really need to do is configure an auto-run file on the cd, and try my runas script (make sure it's the VBE) and or try these other tools
http://www.xinn.org/RunasVBS.html
http://nonadmin.editme.com/UsefulTools
-rich
0
 

Author Comment

by:nszeling
ID: 17953955
Hi, Tks for the post, was a bit busy.

I will go through this most prob the week after next as I will need to fly off to Taiwan for work and will not be back till the 27th!

0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now