I am running MS SBS 2008 at one of my clients companies and they have a mixed client environment of XP, Vista and 7.
For XP I give the users local admin rights but for the Vista and 7 machines I do not.
What I want to achieve on the Vista and 7 machines is to allow the user to install certain application updates but not give them full administrator privliges.
This way when daily or weekly updates for Adobe Reader, Java etc prompt for administrator credentials they can use their own (or simply click yes to the UAC popup). But if they wanted to install another application like msn etc their credentials would not allow such an action.
How can I achieve this?