This seems to be the 'Question' that understandably is encased in a 'Grey' area. I have a project to allow our Windows 7 Desktop users to install (Work) Applications as needed without full local admin rights like our previous Windows XP-Power User account allowed.
Here is what I do know and from this I hope someone can give me their knowledge:
1) The Power User account for Windows 7 has been downgraded for Application installations.
2) UAC is the new controller used for installations.
3) I need to use a GPO to allow/prevent permissions for user to be able to install applications when instructed to do so.
4) My main goal is to remove as much IT interaction as possible.
5) My thoughts were looking at the GPOE-User Configs-Preferences-Control Panel-Local Users and Groups and allowing the users to be added to the local admin group temporarily until the application has been installed.
6) We do not want to push-install the applications ourselves as they will be presented at different times etc. We want to allow the corresponding application group to have the users go to a share drive and install the app from there. (Hence taking IT out of the picture - unless we need to tune on the GPO we have created for a certain date etc.)
7) I am also willing to accept my request being to broad to resolve all areas with one fix.
Here is what I need to know:
1) What have you successfully be able to do this task through GPO?
Thank you ALL,