Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Allow non-admin users to update applications with the Principal of Least Priviledge

Posted on 2009-04-03
7
Medium Priority
?
557 Views
Last Modified: 2013-12-04
I have a program, Lexis-Nexis Time Matters 9, that needs to install an update. Most of the users on our network have local admin accounts. I know this is bad, and I'm trying to change it. When updates like this need to take place, I do not know how to allow users to run the update. When I run it as a non-admin user, it is an msiexec executable.

This is an SBS 2003 domain, and I am somewhat comfortable with Group Policy, and I think I would simply need to allow user access to some registry keys/files to allow this to happen. I have combed through a computer with Procmon, but I can't see something (obvious) that should be changed.

How do I allow users to install updates to programs that they already have permission to run, so that I don't have to run a sneaker net for every update?
0
Comment
Question by:pixelchef
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Accepted Solution

by:
samiam41 earned 1000 total points
ID: 24065128
If the file is an msi, then use this:

http://support.microsoft.com/kb/887405

Substitute the msi mentioned in the article for the msi of the LN app.  I do this to install Adobe Reader and other 3rd party apps.
0
 
LVL 9

Assisted Solution

by:samiam41
samiam41 earned 1000 total points
ID: 24065134
One last thing, since this could become a way for you to install other 3rd party apps and updates, I would recommend a quick jog through this app.  It helped me in the beginning.

And above all else, TEST - TEST - TEST.

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 24083303
You can assign apps in msi file format to computers (using system rights, will install without users being logged on) or to users (using system rights as well, but here, the user will be able to decide if he wants that package). There are varoius ways to create or obtain MSI packages:
-wrap a silent setup (a setup that supports swtches like /quiet) into an MSI package using WIWW (vinsvision)
-look for native MSI software or MSI versions of software (sometimes they come as exe and sometimes as MSI package)
-use a tool to record what a setup does and have that "recording" repackaged into an msi - even freeware is able to do that: wininstall LE 10 by scalable software.
-read how others did it at appdeploy.com
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:pixelchef
ID: 24088146
Thank you for the links and help. I was not able to get the MSI to install, and thought it was because of options that I needed to set during the installation. So I created an 'administrative install', which started to push out the update through the application's native upgrade (which requires local admin rights). So this upgrade was a flop, but I will definitely be using these in the future.

Lexis Nexis has released an MSI that updates the installed application. Is this update MSI what I should have pushed out, or would it have worked to use the MSI that contains the latest service release? Is this behavior consistent for any MSI, or does it depend on the vendor?

Do you have any ideas why the MSI was not installing, or more importantly, how I would test these sort of problems? The machines were definitely in scope...
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 24090118
To find out why it did not install, simply have a look at the application event log at the client.
0
 

Author Closing Comment

by:pixelchef
ID: 31566464
Thanks all. I haven't gotten it all figured out, but this is a great start.
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24363824
Thanks for the points and grade!  Take care.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Read about why it is more lucrative for an IT company to participate in government projects.
Progress
Introduction to Processes
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question