?
Solved

Allow non admin users to install applications from a certain path

Posted on 2013-05-20
11
Medium Priority
?
543 Views
Last Modified: 2013-07-09
Hi all,

We have some applications that have been produced in house.  We have an Intranet page with links to the setup.exe’s for these applications where our users can install them if and when they need them.

In Windows XP our users were allowed to install these applications themselves.  In Windows 7 we have removed this as we do not want them to be administrator’s on their local computer.

However, this has caused a problem as we would like to allow them to install certain applications without having to running them as an administrator each time.  We also don’t want to push them by GPO or install them on an image as we want people to keep installing them if and when they need them.

How can we allow our users to install these applications from specific local paths, without giving them admin permissions?
0
Comment
Question by:fieldj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 8

Accepted Solution

by:
jpgobert earned 2000 total points
ID: 39180254
Here's exactly what you're looking for if I'm not mistaken:

MSDN - Installing a Package with Elevated Privileges for a Non-Admin
0
 

Author Comment

by:fieldj
ID: 39180275
That gives me some options, but none that really suit my requirements.  

I would like our users to continue to install the application from a specific path (I dont want to advertise it by publishing (its an .exe anyway, not an .msi)

I dont want to have to go to each machine and type in elevated administrator permissions

I dont want to allow users to install any application, just specific ones in a specific path.

I dont think any of the solutions in that link are suitable
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180280
Then unfortunately you're painting yourself into a corner.

If you don't want them to have the permissions on the workstations to install software and you don't want to use the options available for advertising the applications then I'm not sure what to tell you.

You're basically saying you don't want to do any of the available options...
0
WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

 

Author Comment

by:fieldj
ID: 39180303
What about applocker?  I am not too familiar with this tool but it looks like it might do what I am trying to achieve?
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180324
The short answer is probably yes, it will do what you're looking for.  

Ultimately you are going to have some management overhead for this no matter how you decide to do it.  I don't really know what the reasons are for you to not want to publish the apps so your users can install them at will.  If those reasons have anything to do with the personnel overhead involved in managing that process then you're only going to introduce more IT personnel overhead with trying to setup and manage applocker in your environment.

I don't really know what the underlying issues or your reasons are so it's hard for me to give a really good opinion... just know that it will take a bit of time to get applocker setup and running smoothly... that will be the case with any software management system you put in place though... so if you need or want to deploy software management then this would probably be one of the better ways for you to go...
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39180497
In your situation I'd probably go with remote app over applocker
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180506
RemoteApp won't necessarily work depending on his application(s) and if they don't want to publish apps to the users for install then they won't want to publish apps through Remote Desktop...
0
 

Author Comment

by:fieldj
ID: 39180510
Its not that I dont want to publish it.  Its just that historically our users have gone to an intranet page with a link to install the software and I would like to continue with this if possible.
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180535
How are you creating the installers for your applications?

I'm thinking this through and depending on how you create them, and IF they are MSI installers, you may be able to have standard users install them without any admin rights needed.

I just built a set of installers for work that standard users would need to be able to install... problem is that some parts needed admin rights... after researching I found that there are certain points in an MSI installation that tasks that need admin rights can be executed without requiring elevation.

I'll pull up the details on that and send it to you if it will help... ??
0
 

Author Comment

by:fieldj
ID: 39180549
The installers are created by our in-house developers, I am not sure how they do it.

I appreciate your help but I might have found a way around this.  Just looking into it and will get back to you in due course.
0
 

Author Comment

by:fieldj
ID: 39309881
I found that the applications also had a ****.application version.  These seemed to work ok.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question