Solved

Allow non-admin users to update applications with the Principal of Least Priviledge

Posted on 2009-04-03
7
556 Views
Last Modified: 2013-12-04
I have a program, Lexis-Nexis Time Matters 9, that needs to install an update. Most of the users on our network have local admin accounts. I know this is bad, and I'm trying to change it. When updates like this need to take place, I do not know how to allow users to run the update. When I run it as a non-admin user, it is an msiexec executable.

This is an SBS 2003 domain, and I am somewhat comfortable with Group Policy, and I think I would simply need to allow user access to some registry keys/files to allow this to happen. I have combed through a computer with Procmon, but I can't see something (obvious) that should be changed.

How do I allow users to install updates to programs that they already have permission to run, so that I don't have to run a sneaker net for every update?
0
Comment
Question by:pixelchef
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Accepted Solution

by:
samiam41 earned 250 total points
ID: 24065128
If the file is an msi, then use this:

http://support.microsoft.com/kb/887405

Substitute the msi mentioned in the article for the msi of the LN app.  I do this to install Adobe Reader and other 3rd party apps.
0
 
LVL 9

Assisted Solution

by:samiam41
samiam41 earned 250 total points
ID: 24065134
One last thing, since this could become a way for you to install other 3rd party apps and updates, I would recommend a quick jog through this app.  It helped me in the beginning.

And above all else, TEST - TEST - TEST.

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 24083303
You can assign apps in msi file format to computers (using system rights, will install without users being logged on) or to users (using system rights as well, but here, the user will be able to decide if he wants that package). There are varoius ways to create or obtain MSI packages:
-wrap a silent setup (a setup that supports swtches like /quiet) into an MSI package using WIWW (vinsvision)
-look for native MSI software or MSI versions of software (sometimes they come as exe and sometimes as MSI package)
-use a tool to record what a setup does and have that "recording" repackaged into an msi - even freeware is able to do that: wininstall LE 10 by scalable software.
-read how others did it at appdeploy.com
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:pixelchef
ID: 24088146
Thank you for the links and help. I was not able to get the MSI to install, and thought it was because of options that I needed to set during the installation. So I created an 'administrative install', which started to push out the update through the application's native upgrade (which requires local admin rights). So this upgrade was a flop, but I will definitely be using these in the future.

Lexis Nexis has released an MSI that updates the installed application. Is this update MSI what I should have pushed out, or would it have worked to use the MSI that contains the latest service release? Is this behavior consistent for any MSI, or does it depend on the vendor?

Do you have any ideas why the MSI was not installing, or more importantly, how I would test these sort of problems? The machines were definitely in scope...
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 24090118
To find out why it did not install, simply have a look at the application event log at the client.
0
 

Author Closing Comment

by:pixelchef
ID: 31566464
Thanks all. I haven't gotten it all figured out, but this is a great start.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24363824
Thanks for the points and grade!  Take care.

0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Communication between departments might not happen in two different languages, but they do exist in two different worlds. With different targets and performance goals the same phrase often means something completely different to each party. Learn ho…
Successful collaboration among team members is essential for the growth of your business. When employees work together on projects, share ideas and communicate effectively they get better results.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Simple Linear Regression
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question