Avatar of ziceman
Flag for United States of America asked on

Application privileges

We have a client with with a custom client/server application running from a mid of XP Pro and Win7 Pro machines and two win2008 machines. One is a sbs2008 and the other is a win2008 r2. The custom app server portion is running on the win2008 r2 box

Occasionally, the custom app needs to install updates to all the clients. Right now these updates cannot be executed by the client PCs, as the logged in users do not have admin rights.

Is there a way that I can be give the specific client application privileges to update itself? Or is there a better way to accomplish this? Right now we are having to login to each PC as a user with domain admin rights.

thanks much in advance for your help!
Active DirectorySBSNetwork Security

Avatar of undefined
Last Comment

8/22/2022 - Mon


If you create an AD account with enough rights to install the updates and tie it to the application from within the application itself or via gpo.

Hope it helps!


Sorry to say, but I have no idea, what TrepExe is talking about. Tieing? There is no way to achieve what you would to do like via GPOs as you would like to enable some non-admin to update a single program and that process would require administrative privileges.

What can be done with GPOs is the following:
-elevate non-admins to install ANY program ... which is a huge security risk and not wanted here
-deploy those updates using GPO software deployment ...requires the updates to be packaged as .MSI files ->which is often not the case. If this is indeed the case, just whistle.

So I see only this way: use this free third party software: http://www.beyondtrust.com/Products/PowerBroker-Desktops-Free-Tool/

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Hi CSI-Windows_com, that looks very promising, indeed. Seems to be an approach quite similar to what beyond trust is using. Have to try it someday.
Following pricing info taken from http://www.windowsitpro.com/article/security/review-beyondtrust-powerbroker-desktops-windows-edition-142651 , Priv. Auth. seems to cost less than Powerbroker (if you want the fully managable non-free editions).
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

Hello TrepExe!

Did you try my recommendation? I am interested in why you decided against that product.