• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 696
  • Last Modified:

Windows 2008 / Rights to install programs WITHOUT being an Admin

I need to be able to modify a policy that allows a small network using a Windows 2008 server / AD to be able to install programs on their respective computers WITHOUT making the Local Admins or Power Users of the PC.  The client doesn't want them to be able to see each other's files in their profiles, but they do want them to have the ability to install programs / updates on their own.

Suggestions?

rpierce1373
0
rpierce1373
Asked:
rpierce1373
  • 3
  • 2
  • 2
  • +1
2 Solutions
 
kevinhsiehCommented:
I don't think that a power user can access the files in another profile if it is properly secured.
0
 
connectexCommented:
It's possible depending on the updates. If it's just updating files you could grant the local users group access to the necessary folders. If it needs to update a section of the registry you could again grant the local users group full access to it as well. But you'd have to know exactly what the updates were going to possibly do. Also making any additional permissions maybe used to compromise the systems security.

-Matt-
0
 
rpierce1373IT ManagerAuthor Commented:
@kevin = I made the user a member of the local power users group and she had the abilities to go into Documents & Settings and view another user's documents.  This I can't have per the owner of the company.

@connectex:  I wouldn't know what would have to be changed per program.  They just need the rights to be able to install any program or updates but not have the right to go into another user's profile.  I also can't lock the profile because I don't know what users will use the PC since various users could take turns using it.  I would need the security to automatically allow Domain Users to install Apps but NOT allow them to view another profile on the local PC.

Hope this helps!

rpierce1373
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
connectexCommented:
The only way to do this is to make them local administrators on the systems. In fact, I recommend creating a separate account on the local system just for doing the updates. To avoid them seeing other users documents, the files would have to be on a separate system (i.e. server). The local administrator account wouldn't have access to the server so they could see the files stored there.

An even better solution would be invest in a network management tool. Then you could use it to deploy the updates to the systems for the end users. This would avoid them having access to administrator rights.

-Matt-
0
 
connectexCommented:
The local administrator account wouldn't have access to the server so they could see the files stored there.

That should have been: The local administrator account wouldn't have access to the server so they couldn't see the files stored there.
0
 
kevinhsiehCommented:
Either the users won't be able to install software, or you need to make them power users and remove power users from having access to the profile directories. I don't know how many computers you have. As an Administrator, remove Power Users from the access list to Documents and Settings or c:\Users. Then try to access the other profiles again as a power user and see if that helps.
0
 
rpierce1373IT ManagerAuthor Commented:
@Kevinssieh:  That could work until another user logs into the station and creates another profile.
0
 
TolomirAdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now