pixelchef
asked on
Allow non-admin users to update applications with the Principal of Least Priviledge
I have a program, Lexis-Nexis Time Matters 9, that needs to install an update. Most of the users on our network have local admin accounts. I know this is bad, and I'm trying to change it. When updates like this need to take place, I do not know how to allow users to run the update. When I run it as a non-admin user, it is an msiexec executable.
This is an SBS 2003 domain, and I am somewhat comfortable with Group Policy, and I think I would simply need to allow user access to some registry keys/files to allow this to happen. I have combed through a computer with Procmon, but I can't see something (obvious) that should be changed.
How do I allow users to install updates to programs that they already have permission to run, so that I don't have to run a sneaker net for every update?
This is an SBS 2003 domain, and I am somewhat comfortable with Group Policy, and I think I would simply need to allow user access to some registry keys/files to allow this to happen. I have combed through a computer with Procmon, but I can't see something (obvious) that should be changed.
How do I allow users to install updates to programs that they already have permission to run, so that I don't have to run a sneaker net for every update?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks all. I haven't gotten it all figured out, but this is a great start.
Thanks for the points and grade! Take care.
ASKER
Lexis Nexis has released an MSI that updates the installed application. Is this update MSI what I should have pushed out, or would it have worked to use the MSI that contains the latest service release? Is this behavior consistent for any MSI, or does it depend on the vendor?
Do you have any ideas why the MSI was not installing, or more importantly, how I would test these sort of problems? The machines were definitely in scope...