Solved

Allow non-admin users to update applications with the Principal of Least Priviledge

Posted on 2009-04-03
7
552 Views
Last Modified: 2013-12-04
I have a program, Lexis-Nexis Time Matters 9, that needs to install an update. Most of the users on our network have local admin accounts. I know this is bad, and I'm trying to change it. When updates like this need to take place, I do not know how to allow users to run the update. When I run it as a non-admin user, it is an msiexec executable.

This is an SBS 2003 domain, and I am somewhat comfortable with Group Policy, and I think I would simply need to allow user access to some registry keys/files to allow this to happen. I have combed through a computer with Procmon, but I can't see something (obvious) that should be changed.

How do I allow users to install updates to programs that they already have permission to run, so that I don't have to run a sneaker net for every update?
0
Comment
Question by:pixelchef
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Accepted Solution

by:
samiam41 earned 250 total points
ID: 24065128
If the file is an msi, then use this:

http://support.microsoft.com/kb/887405

Substitute the msi mentioned in the article for the msi of the LN app.  I do this to install Adobe Reader and other 3rd party apps.
0
 
LVL 9

Assisted Solution

by:samiam41
samiam41 earned 250 total points
ID: 24065134
One last thing, since this could become a way for you to install other 3rd party apps and updates, I would recommend a quick jog through this app.  It helped me in the beginning.

And above all else, TEST - TEST - TEST.

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 24083303
You can assign apps in msi file format to computers (using system rights, will install without users being logged on) or to users (using system rights as well, but here, the user will be able to decide if he wants that package). There are varoius ways to create or obtain MSI packages:
-wrap a silent setup (a setup that supports swtches like /quiet) into an MSI package using WIWW (vinsvision)
-look for native MSI software or MSI versions of software (sometimes they come as exe and sometimes as MSI package)
-use a tool to record what a setup does and have that "recording" repackaged into an msi - even freeware is able to do that: wininstall LE 10 by scalable software.
-read how others did it at appdeploy.com
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:pixelchef
ID: 24088146
Thank you for the links and help. I was not able to get the MSI to install, and thought it was because of options that I needed to set during the installation. So I created an 'administrative install', which started to push out the update through the application's native upgrade (which requires local admin rights). So this upgrade was a flop, but I will definitely be using these in the future.

Lexis Nexis has released an MSI that updates the installed application. Is this update MSI what I should have pushed out, or would it have worked to use the MSI that contains the latest service release? Is this behavior consistent for any MSI, or does it depend on the vendor?

Do you have any ideas why the MSI was not installing, or more importantly, how I would test these sort of problems? The machines were definitely in scope...
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 24090118
To find out why it did not install, simply have a look at the application event log at the client.
0
 

Author Closing Comment

by:pixelchef
ID: 31566464
Thanks all. I haven't gotten it all figured out, but this is a great start.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24363824
Thanks for the points and grade!  Take care.

0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
default domain policy in AD exemptions 3 73
Thin secure Windows 10 5 97
How to install Windows XP Driver 28 141
Work with App store 7 52
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question