Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Is there a way to setup up Permissions so regular users can update antivirus daily but not be able to install stuff?

Posted on 2008-10-11
5
Medium Priority
?
289 Views
Last Modified: 2012-05-05
I have workstations and vpn remote users with laptops. They can't update their virus protection software or other installed software on their machines. The remotes and local workstations are on a windows 2003 server domain with active directory. Can these users still be restricted so they don't delete or cause havoc to their machines the way they are currently, and somehow give them permisssions to update existing software on the machine? (Such as Anti virus, etc..) The workstations are all windows xp.
0
Comment
Question by:FTGE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Expert Comment

by:flipmedia
ID: 22696661
Hi,
Could you please explain what type of antivirus you are using there.If its a corporate antivirus,i am sure that you can update the clients centrally by pushing the updates form the server itself,without changing the access restrictions of the users.
0
 
LVL 20

Expert Comment

by:wolfcamel
ID: 22696662
the antivirus services should run as local administrator, and hence be able to self update
0
 

Author Comment

by:FTGE
ID: 22698191
does this mean assign the user as an administrator on their local machine not through active directory? Doesn't this give them rights to install foreign software as well? Isn't their some sort of group policy setting that could be made instead?
0
 
LVL 7

Accepted Solution

by:
enzogoy earned 2000 total points
ID: 22699930
No, you don't need to allow the user as an administrator.  Antivirus software suppose to be push out to all machine in your organisation through AD (I assume).  Update will be push out from the Central Server through GPO (at my workplace) base on computer not user therefore it has nothing to do with user rights.  The user doesn't need to do anything, they don't even know when will the update install on their PC.  And the best way is push out these update to desktop during night time.
enz
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question