?
Solved

Manual Installation of MS security patches and Antivirus updates without Administrator Rights

Posted on 2006-11-08
4
Medium Priority
?
159 Views
Last Modified: 2013-12-04
Hi, This is the my first time posting here so please bear with me if I made any mistakes.

My company have quite a lot of users using standalone laptop at remote sites. They will use dial-up to connect back to our mail servers to download or send their mails only.

Our recent management directives was that all these laptops must be patch with the lastest MS security patches and Symantec Antivirus Coporate edition virus defintation. The decision was to create a CD and dispatch them out to all these remote location and let the user manually install the patches theirselves.

The problem is that ALL the remote users are accessing the PC using a local restricted accounts. They only have rights up to "User" Level. Some are even using "Guest" account to login (locally).
They are not allowed to have any administrator accounts or rights under any circumstances. They also do not have any access to the internet.

How can I automate this installation for them without giving them the administrator account? Or is there a way to create an account that allow the user to install the patches but not any other programs like games?
Any help would be appreciated on this.

Thanks.
0
Comment
Question by:nszeling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1000 total points
ID: 17927847
You can use the hundreds of 3rd parties out there to apply the patches, run M$'s WSUS to send the updates when they are connected, or have the updates scheduled, they will run as the system account and not the user account. Your AV will certainly allow you to schedule a task to check for updates, but on M$ to schedule a task you need admin rights, I'd suggest getting a hold of, or remoting into each one of these PC's to set up these scheduled tasks, they will even try to run when they haven't completed in a specified time.

The added benefit you have with users running as non-admin's is that they are less vulnerable to the threats that these patches and AV updates aim to protect them from... ironic ain't it ;) Vista for instance, will be following many of these best practices, just line Mac, BSD, unix/linux has for generations... 20-30 years later good `ol M$ catches on ;) http://www.betanews.com/article/Allchin_Suggests_Vista_Wont_Need_Antivirus/1163104965
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
http://www.eweek.com/article2/0,1759,1891447,00.asp

As for keeping up with the company policy, and the fact that your not protected 100% with best practices, but rather 99.9% protected, there are things like the WMF vuln that came out a few months ago that an AV and or patch was needed to protect you.
If you can get them a CD, you can use various tools to automate the installs and updates... CD's are cheap and an effective media. All you really need to do is configure an auto-run file on the cd, and try my runas script (make sure it's the VBE) and or try these other tools
http://www.xinn.org/RunasVBS.html
http://nonadmin.editme.com/UsefulTools
-rich
0
 

Author Comment

by:nszeling
ID: 17953955
Hi, Tks for the post, was a bit busy.

I will go through this most prob the week after next as I will need to fly off to Taiwan for work and will not be back till the 27th!

0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month12 days, 14 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question