Link to home
Start Free TrialLog in
Avatar of pixelchef
pixelchefFlag for United States of America

asked on

Allow non-admin users to update applications with the Principal of Least Priviledge

I have a program, Lexis-Nexis Time Matters 9, that needs to install an update. Most of the users on our network have local admin accounts. I know this is bad, and I'm trying to change it. When updates like this need to take place, I do not know how to allow users to run the update. When I run it as a non-admin user, it is an msiexec executable.

This is an SBS 2003 domain, and I am somewhat comfortable with Group Policy, and I think I would simply need to allow user access to some registry keys/files to allow this to happen. I have combed through a computer with Procmon, but I can't see something (obvious) that should be changed.

How do I allow users to install updates to programs that they already have permission to run, so that I don't have to run a sneaker net for every update?
ASKER CERTIFIED SOLUTION
Avatar of samiam41
samiam41
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of samiam41
samiam41
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of pixelchef
pixelchef
Flag of United States of America image

ASKER

Thank you for the links and help. I was not able to get the MSI to install, and thought it was because of options that I needed to set during the installation. So I created an 'administrative install', which started to push out the update through the application's native upgrade (which requires local admin rights). So this upgrade was a flop, but I will definitely be using these in the future.

Lexis Nexis has released an MSI that updates the installed application. Is this update MSI what I should have pushed out, or would it have worked to use the MSI that contains the latest service release? Is this behavior consistent for any MSI, or does it depend on the vendor?

Do you have any ideas why the MSI was not installing, or more importantly, how I would test these sort of problems? The machines were definitely in scope...
SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of pixelchef
pixelchef
Flag of United States of America image

ASKER

Thanks all. I haven't gotten it all figured out, but this is a great start.
Avatar of samiam41
samiam41
Flag of United States of America image
Thanks for the points and grade!  Take care.