asked on Application privileges
We have a client with with a custom client/server application running from a mid of XP Pro and Win7 Pro machines and two win2008 machines. One is a sbs2008 and the other is a win2008 r2. The custom app server portion is running on the win2008 r2 box
Occasionally, the custom app needs to install updates to all the clients. Right now these updates cannot be executed by the client PCs, as the logged in users do not have admin rights.
Is there a way that I can be give the specific client application privileges to update itself? Or is there a better way to accomplish this? Right now we are having to login to each PC as a user with domain admin rights.
thanks much in advance for your help!
Occasionally, the custom app needs to install updates to all the clients. Right now these updates cannot be executed by the client PCs, as the logged in users do not have admin rights.
Is there a way that I can be give the specific client application privileges to update itself? Or is there a better way to accomplish this? Right now we are having to login to each PC as a user with domain admin rights.
thanks much in advance for your help!
Active DirectorySBSNetwork Security
Last Comment
McKnife
Hi.
Sorry to say, but I have no idea, what TrepExe is talking about. Tieing? There is no way to achieve what you would to do like via GPOs as you would like to enable some non-admin to update a single program and that process would require administrative privileges.
What can be done with GPOs is the following:
-elevate non-admins to install ANY program ... which is a huge security risk and not wanted here
-deploy those updates using GPO software deployment ...requires the updates to be packaged as .MSI files ->which is often not the case. If this is indeed the case, just whistle.
So I see only this way: use this free third party software: http://www.beyondtrust.com/Products/PowerBroker-Desktops-Free-Tool/
Sorry to say, but I have no idea, what TrepExe is talking about. Tieing? There is no way to achieve what you would to do like via GPOs as you would like to enable some non-admin to update a single program and that process would require administrative privileges.
What can be done with GPOs is the following:
-elevate non-admins to install ANY program ... which is a huge security risk and not wanted here
-deploy those updates using GPO software deployment ...requires the updates to be packaged as .MSI files ->which is often not the case. If this is indeed the case, just whistle.
So I see only this way: use this free third party software: http://www.beyondtrust.com/Products/PowerBroker-Desktops-Free-Tool/
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Hi CSI-Windows_com, that looks very promising, indeed. Seems to be an approach quite similar to what beyond trust is using. Have to try it someday.
Following pricing info taken from http://www.windowsitpro.com/article/security/review-beyondtrust-powerbroker-desktops-windows-edition-142651 , Priv. Auth. seems to cost less than Powerbroker (if you want the fully managable non-free editions).
Following pricing info taken from http://www.windowsitpro.com/article/security/review-beyondtrust-powerbroker-desktops-windows-edition-142651 , Priv. Auth. seems to cost less than Powerbroker (if you want the fully managable non-free editions).
Hello TrepExe!
Did you try my recommendation? I am interested in why you decided against that product.
Did you try my recommendation? I am interested in why you decided against that product.
If you create an AD account with enough rights to install the updates and tie it to the application from within the application itself or via gpo.
Hope it helps!