c2csurveys
asked on
Vista home and the UAC
Fellow Experts, I need some assistance. I have recently been told that we are going to switch from Vista Business to Vista Home premium becuase of the cost. I think its a bad idea but hey..Im not the Boss. My question is.. How can I lock down the user so they cant install any programs or change any computer settings without putting in the admin password. I can tell it to be a standard user but when I try to install something to test it, I get an error saying that the user doesnt have admin priv. It doesnt prompt me to enter the admin password. I need the user to basicly have admin access to everything else as some programs we use require admin priv..but I need to stay in control of what is installed on each computer. Obviously it was easy with Vista Business and Group Policy but with Home Premium I am stumped. To recap, the user can have admin priv..so I dont mind setting the user as an admin and then set the UAC in the registry to prompt..but if the user is an admin and has his own password I wont be able to keep track of what is installed. I need to do this as well. Is it possible with this version of windows or am I out of luck.
Thanks
Dusty
Thanks
Dusty
have you experimented withthe RUNAS command it allows the kind of scenario you are describing.
ASKER
I was going to try that Next. I didnt want to have to tell every program to RUNAS. That also means that if a new program needs to be installed we have to switch users instead of me remoting in putting in the credentials to allow the install. Time is what Im trying to save I guess, but there may be no choice but to set the user as standard and then tell all the apps I need to runas admin to do so. I was hoping for a way with UAC as I would like to learn more abou it. I usually just turn it off but after passing my 70-640 exam it seems like a great tool to try and utilize..to bad they dont allow all the customization in the home versions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes if at all possible leave UAC running. Scripting is a good way to handle this or pushing your apps out via group policy?
ASKER
HA!! I wish I could show you what kind of boss we have. I know most experience this..but I cant believe its so bad. Our IT department which consists of 2 in a company of about 100 ppl. We have been pushing for things like business and even other things like sans devices etc. But we dont get it. We dont make the company money according to the BOSS. (ie. Owner) SO why spend money on the network.
Anyway. To follow up with your response. It wont happen. all employees had to take a 25% pay cut and have 2 hrs extended to the day that is manitory or your pay will only be 50% instead of 75%. Needless to say it sucks big time and iM looking for a new Job. But until then..I have to get laptops to the field guys so this is the only solution for now.
Thanks for backingme up though on the need for business. :)
Anyway. To follow up with your response. It wont happen. all employees had to take a 25% pay cut and have 2 hrs extended to the day that is manitory or your pay will only be 50% instead of 75%. Needless to say it sucks big time and iM looking for a new Job. But until then..I have to get laptops to the field guys so this is the only solution for now.
Thanks for backingme up though on the need for business. :)
ASKER
rbeckerdite:
These laptops will not connect to the office at all times. They are for field guys that are on the road 99% of the time. And to be honest. I dont know anything about scripting so Im clueless there. :) Besides..maybe Im wrong..but group policy wont work on a machine that isnt connected to a network anyway right. I am new to IT and Im learning alot but I know I have lots to learn so by almeans School me in the right way. :)
These laptops will not connect to the office at all times. They are for field guys that are on the road 99% of the time. And to be honest. I dont know anything about scripting so Im clueless there. :) Besides..maybe Im wrong..but group policy wont work on a machine that isnt connected to a network anyway right. I am new to IT and Im learning alot but I know I have lots to learn so by almeans School me in the right way. :)
@c2curveys - You are almost where I said you would be at the current time. I have no problems maintaining a stable connection to multiple clients with my T61p Vista Business 64-bit laptop.
Are you on XP Pro right now. In this situation, I would seriously consider staying with XP Pro until the time is right to do a proper upgrade. I have lots of XP Pro clients doing stable remote access without admin permissions. I have only a few specialized Vista clients and they have admin permissions for other reasons. I am experimenting with limited access Vista business clients but have not yet completed that testing. ... Thinkpads_User
Are you on XP Pro right now. In this situation, I would seriously consider staying with XP Pro until the time is right to do a proper upgrade. I have lots of XP Pro clients doing stable remote access without admin permissions. I have only a few specialized Vista clients and they have admin permissions for other reasons. I am experimenting with limited access Vista business clients but have not yet completed that testing. ... Thinkpads_User
This article might be helpful. There is some native functionality intended for installing applications.
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
ASKER
Thinkpads: I have no choice. Again..its a money issue. We go out to the local Best Buy and buy a cheap 600 laptop. As you know, everything in that price range only comes with vista home prem. And I dont want to do the illigal thing and install a copy of xp or even vista bus when I dont have the license. if I had the license I would upgrade or downgrade to XP-pro imediately.
@c2csurverys - I don't wish to be argumentative or put you in a bad spot. I am conversant enough with Vista Business and XP Pro (my top points in EE), and not conversant with Vista Home except with any common elements of the Vista OS.
I have clients who are not yet ready to switch to Vista and I am working with them to begin the transition. In the meantime, we have had good success with purchasing year-old or 18-month old used top name-brand computers (IBM) and purchasing a warranty to go with them. The cost is typically less than you are paying for a new Vista home cheap computer, and the clients are currently comfortable with staying with XP.
Again, since I am not being helpful with your technical problem, I will limit my posts as I have said my piece about the strategy. I apologize to anyone here if I am being perceived as being out of line. ... Thinkpads_User
I have clients who are not yet ready to switch to Vista and I am working with them to begin the transition. In the meantime, we have had good success with purchasing year-old or 18-month old used top name-brand computers (IBM) and purchasing a warranty to go with them. The cost is typically less than you are paying for a new Vista home cheap computer, and the clients are currently comfortable with staying with XP.
Again, since I am not being helpful with your technical problem, I will limit my posts as I have said my piece about the strategy. I apologize to anyone here if I am being perceived as being out of line. ... Thinkpads_User
ASKER
Thanks Thinkpads. I agree with you 100%..its getting the Others ;) to see the same thing. I dont think anything you said has been out of line.
Things sound tough.. You can also create two accounts for the users one a local admin the laptop and one a domain account and just disable the internet for the local admin account. This is a way to get them to use the admin account as their primary account.
ASKER
@rbeckerdite
This is a vista home machine. It cannot be joined to a domain and it doesnt support group or local policy. Your suggestions are good but they dont apply in this case. I have no choice but to use vista home premium on this laptop since that is what it was licensed with and I dont have any other license to install a different version. Ill make do I guess with the runas command.
This is a vista home machine. It cannot be joined to a domain and it doesnt support group or local policy. Your suggestions are good but they dont apply in this case. I have no choice but to use vista home premium on this laptop since that is what it was licensed with and I dont have any other license to install a different version. Ill make do I guess with the runas command.