Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 562
  • Last Modified:

Allow non-admin users to update applications with the Principal of Least Priviledge

I have a program, Lexis-Nexis Time Matters 9, that needs to install an update. Most of the users on our network have local admin accounts. I know this is bad, and I'm trying to change it. When updates like this need to take place, I do not know how to allow users to run the update. When I run it as a non-admin user, it is an msiexec executable.

This is an SBS 2003 domain, and I am somewhat comfortable with Group Policy, and I think I would simply need to allow user access to some registry keys/files to allow this to happen. I have combed through a computer with Procmon, but I can't see something (obvious) that should be changed.

How do I allow users to install updates to programs that they already have permission to run, so that I don't have to run a sneaker net for every update?
0
pixelchef
Asked:
pixelchef
  • 3
  • 2
  • 2
4 Solutions
 
samiam41Commented:
If the file is an msi, then use this:

http://support.microsoft.com/kb/887405

Substitute the msi mentioned in the article for the msi of the LN app.  I do this to install Adobe Reader and other 3rd party apps.
0
 
samiam41Commented:
One last thing, since this could become a way for you to install other 3rd party apps and updates, I would recommend a quick jog through this app.  It helped me in the beginning.

And above all else, TEST - TEST - TEST.

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html
0
 
McKnifeCommented:
You can assign apps in msi file format to computers (using system rights, will install without users being logged on) or to users (using system rights as well, but here, the user will be able to decide if he wants that package). There are varoius ways to create or obtain MSI packages:
-wrap a silent setup (a setup that supports swtches like /quiet) into an MSI package using WIWW (vinsvision)
-look for native MSI software or MSI versions of software (sometimes they come as exe and sometimes as MSI package)
-use a tool to record what a setup does and have that "recording" repackaged into an msi - even freeware is able to do that: wininstall LE 10 by scalable software.
-read how others did it at appdeploy.com
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
pixelchefAuthor Commented:
Thank you for the links and help. I was not able to get the MSI to install, and thought it was because of options that I needed to set during the installation. So I created an 'administrative install', which started to push out the update through the application's native upgrade (which requires local admin rights). So this upgrade was a flop, but I will definitely be using these in the future.

Lexis Nexis has released an MSI that updates the installed application. Is this update MSI what I should have pushed out, or would it have worked to use the MSI that contains the latest service release? Is this behavior consistent for any MSI, or does it depend on the vendor?

Do you have any ideas why the MSI was not installing, or more importantly, how I would test these sort of problems? The machines were definitely in scope...
0
 
McKnifeCommented:
To find out why it did not install, simply have a look at the application event log at the client.
0
 
pixelchefAuthor Commented:
Thanks all. I haven't gotten it all figured out, but this is a great start.
0
 
samiam41Commented:
Thanks for the points and grade!  Take care.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now