Solved

Allow non admin users to install applications from a certain path

Posted on 2013-05-20
11
502 Views
Last Modified: 2013-07-09
Hi all,

We have some applications that have been produced in house.  We have an Intranet page with links to the setup.exe’s for these applications where our users can install them if and when they need them.

In Windows XP our users were allowed to install these applications themselves.  In Windows 7 we have removed this as we do not want them to be administrator’s on their local computer.

However, this has caused a problem as we would like to allow them to install certain applications without having to running them as an administrator each time.  We also don’t want to push them by GPO or install them on an image as we want people to keep installing them if and when they need them.

How can we allow our users to install these applications from specific local paths, without giving them admin permissions?
0
Comment
Question by:fieldj
  • 5
  • 5
11 Comments
 
LVL 8

Accepted Solution

by:
jpgobert earned 500 total points
ID: 39180254
Here's exactly what you're looking for if I'm not mistaken:

MSDN - Installing a Package with Elevated Privileges for a Non-Admin
0
 

Author Comment

by:fieldj
ID: 39180275
That gives me some options, but none that really suit my requirements.  

I would like our users to continue to install the application from a specific path (I dont want to advertise it by publishing (its an .exe anyway, not an .msi)

I dont want to have to go to each machine and type in elevated administrator permissions

I dont want to allow users to install any application, just specific ones in a specific path.

I dont think any of the solutions in that link are suitable
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180280
Then unfortunately you're painting yourself into a corner.

If you don't want them to have the permissions on the workstations to install software and you don't want to use the options available for advertising the applications then I'm not sure what to tell you.

You're basically saying you don't want to do any of the available options...
0
 

Author Comment

by:fieldj
ID: 39180303
What about applocker?  I am not too familiar with this tool but it looks like it might do what I am trying to achieve?
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180324
The short answer is probably yes, it will do what you're looking for.  

Ultimately you are going to have some management overhead for this no matter how you decide to do it.  I don't really know what the reasons are for you to not want to publish the apps so your users can install them at will.  If those reasons have anything to do with the personnel overhead involved in managing that process then you're only going to introduce more IT personnel overhead with trying to setup and manage applocker in your environment.

I don't really know what the underlying issues or your reasons are so it's hard for me to give a really good opinion... just know that it will take a bit of time to get applocker setup and running smoothly... that will be the case with any software management system you put in place though... so if you need or want to deploy software management then this would probably be one of the better ways for you to go...
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39180497
In your situation I'd probably go with remote app over applocker
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180506
RemoteApp won't necessarily work depending on his application(s) and if they don't want to publish apps to the users for install then they won't want to publish apps through Remote Desktop...
0
 

Author Comment

by:fieldj
ID: 39180510
Its not that I dont want to publish it.  Its just that historically our users have gone to an intranet page with a link to install the software and I would like to continue with this if possible.
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180535
How are you creating the installers for your applications?

I'm thinking this through and depending on how you create them, and IF they are MSI installers, you may be able to have standard users install them without any admin rights needed.

I just built a set of installers for work that standard users would need to be able to install... problem is that some parts needed admin rights... after researching I found that there are certain points in an MSI installation that tasks that need admin rights can be executed without requiring elevation.

I'll pull up the details on that and send it to you if it will help... ??
0
 

Author Comment

by:fieldj
ID: 39180549
The installers are created by our in-house developers, I am not sure how they do it.

I appreciate your help but I might have found a way around this.  Just looking into it and will get back to you in due course.
0
 

Author Comment

by:fieldj
ID: 39309881
I found that the applications also had a ****.application version.  These seemed to work ok.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now