[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 7 UAC, SBS 2008, Updater applications, Disable UAC for certain apps

Posted on 2011-10-25
8
Medium Priority
?
536 Views
Last Modified: 2012-05-12
Hi,

I have a small network of 10 users on a SBS 2008 server, half are Windows 7 clients and half are Windows XP.

Users do not have local administrator access on their computers.

For them to be able to update applications such as Apple Updater (iTunes/Quicktime) on Windows 7 an administrator username and password must be typed in when the UAC prompt appears.

Is there a way we can allow certain applications to run as an administrator without the user being prompted for admin credentials, basically giving them permanent access to run these updaters as administrator.

Ive been searching for a while and have read about Microsoft applications compatability toolkit (http://www.ghacks.net/2010/07/08/get-rid-of-uac-prompts-with-microsofts-application-compatibility-toolkit/) but I want to deply these settings accross the domain if possible in a GP style method.

Thanks in advance.

Harry
0
Comment
Question by:TheDonkey148
  • 3
  • 3
  • 2
8 Comments
 
LVL 13

Expert Comment

by:Felix Leven
ID: 37027691
Not possible, workaround could be a task like this:

http://sbs.seandaniel.com/2007/05/how-to-launch-program-always-elevated.html

But bypassing security this way is not recommended.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 37028268
That ms tool should do just that. You would need to script the installs of the .sdb files...Machine startup script etc....
0
 
LVL 1

Author Comment

by:TheDonkey148
ID: 37028473
Sounds like a good idea john, ill look into it.

Any elaborations on that?

Harry
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 1

Author Comment

by:TheDonkey148
ID: 37028478
Otherwise, what do enterprise networks do to keep software up to date eg Java, Apple etc?
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 1800 total points
ID: 37028896
You use sdbinst.exe to install the shim that the act helps you create. I havent used it muchoutside of evaluating... we are still planning our win7 deployment.... i am sure others can add to the specifics.

As for keeping apps up to date, we conrrol them and deploy upgrades across the board. We do not allow individuals to run tbe updaters.... we have too many apps to worry. About to allow a user to just update them on the fly... There is too much for them to break....

Now that i think about this, i dont think this will help with the updaters. The act is designd to remedjate an app so that it runs under a.standard user context. You might better off looking at using software deployment policies. Once you package them, you can publish them and make them available to.the users.. or use machine startup scripts to install....
0
 
LVL 13

Assisted Solution

by:Felix Leven
Felix Leven earned 200 total points
ID: 37029319
You can use gpo's to deploy updated software to clients in MSI format. If you need a more advanced software you can use systemcenter configuration manager.
0
 
LVL 1

Author Closing Comment

by:TheDonkey148
ID: 37040497
Thanks all,

Im going to look into managing software deployment ourselves as per john's reccommendation.

Harry
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 37051770
Good choice....
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question