We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Windows 2008 / Rights to install programs WITHOUT being an Admin

Medium Priority
710 Views
Last Modified: 2012-05-11
I need to be able to modify a policy that allows a small network using a Windows 2008 server / AD to be able to install programs on their respective computers WITHOUT making the Local Admins or Power Users of the PC.  The client doesn't want them to be able to see each other's files in their profiles, but they do want them to have the ability to install programs / updates on their own.

Suggestions?

rpierce1373
Comment
Watch Question

kevinhsiehNetwork Engineer
CERTIFIED EXPERT

Commented:
I don't think that a power user can access the files in another profile if it is properly secured.
It's possible depending on the updates. If it's just updating files you could grant the local users group access to the necessary folders. If it needs to update a section of the registry you could again grant the local users group full access to it as well. But you'd have to know exactly what the updates were going to possibly do. Also making any additional permissions maybe used to compromise the systems security.

-Matt-
rpierce1373IT Manager

Author

Commented:
@kevin = I made the user a member of the local power users group and she had the abilities to go into Documents & Settings and view another user's documents.  This I can't have per the owner of the company.

@connectex:  I wouldn't know what would have to be changed per program.  They just need the rights to be able to install any program or updates but not have the right to go into another user's profile.  I also can't lock the profile because I don't know what users will use the PC since various users could take turns using it.  I would need the security to automatically allow Domain Users to install Apps but NOT allow them to view another profile on the local PC.

Hope this helps!

rpierce1373
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
The local administrator account wouldn't have access to the server so they could see the files stored there.

That should have been: The local administrator account wouldn't have access to the server so they couldn't see the files stored there.
kevinhsiehNetwork Engineer
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
rpierce1373IT Manager

Author

Commented:
@Kevinssieh:  That could work until another user logs into the station and creates another profile.
TolomirAdministrator
CERTIFIED EXPERT
Top Expert 2005

Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.