Securing Licensed Software, But also Allowing For Easy Installation

Posted on 2011-10-13
Last Modified: 2012-08-14
Hello Experts ~ looking for new ideas. (so a simple short answer may not be too helpful for me)

Like every other company, we have many software installers that I'd rather not have copied and wandering around the company (or to home PC's).

Currently, using Active Directory, we only permit folder access to our licensed software to I.T. When an end-user needs an installation, we need to log in as an IT employee and install the software. It's a little tedious, and I'm curious what other companies do.

I've pondered many different ideas, and we even have a remote software installation/delivery implementation from CA, but these are always very complex to setup (correctly and work efficiently) and extremely time-consuming to maintain. We really dont have the time for these ~ at least the ones I've worked with.

Any thoughts?
Question by:ottobock
    LVL 4

    Accepted Solution

    Hello ottobock,

    Let me share how we set up our computers here and in my previous employer's.

    We shared a folder, let's say 'installers', and created one folder for each software we need to install. The folder names start with a four-digit number followed by the name of the software to be installed.

    In each of these folders is a batch file - let's call it 'install_this.cmd' - and it contains the command to run the setup file i.e. setup.exe, plus parameters other commands needed to both expedite and fine tune the installation.

    In the main folder (the 'installers' share), we have another batch file. Let's call it 'install_all.cmd'. What it does is parse through the folders and run each 'install_this.cmd'. In effect the I.T. personnel just clicks on the 'Next' and 'Ok' buttons until everything is completely set up.

    The last folder, named '9999_secure' contains registry tweaks to protect the computer from a few dangers - autorun.inf, unauthorized installation and misleading filenames to name a few.

    Hope this helps.
    LVL 4

    Assisted Solution

    Microsoft System Center will do this. (Earlier SMS) You can send msi package(Software) to the enduser to install themself. there is no IT admin involved to install the SW. IT admin will push the installation to specific PC (Remotely) or he can send the msi package to end user pc.

    for more info..
    LVL 26

    Assisted Solution

    by:Thomas Zucker-Scharff
    Our network people maintain a license server which requires the installed software to "check-in" every 6 months.  This prevents installations at home (limited to predetermined ip range defined on license server)and on the off chance someone figures it out and brings their laptop into work in 6 months the software will disable itself.
    LVL 7

    Author Comment

    Thanks for all the ideas! Very interesting.

    I'm curious with the license server mentioned by "tzucker." It sounds like the software package is modified? How is this possible with something like Office?  

    sravi2208: I've looked at System Center ~ would definitely be an option if we were a little bigger. We've got a competitors asset management and software delivery solution, and it's really a burden to implement and support, given the size and time-available of our team. Of course, since our entire network is M$, I would think System Center would be a little easier. Future option maybe.

    I was trying to remember what was done at the larger companies I've worked for in the past, but couldn't really remember (the technology has evolved a ton anyway). I was really wondering if someone integrated some Active Directory Groups & File/Folder-level permissions solution that I haven't thought of yet. :-) Sounds like Software Delivery solutions are really the most secure (and simple for end users).
    LVL 4

    Assisted Solution

    Trust the template based software deployment will be useful

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now