• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

Allow non admin users to install applications from a certain path

Hi all,

We have some applications that have been produced in house.  We have an Intranet page with links to the setup.exe’s for these applications where our users can install them if and when they need them.

In Windows XP our users were allowed to install these applications themselves.  In Windows 7 we have removed this as we do not want them to be administrator’s on their local computer.

However, this has caused a problem as we would like to allow them to install certain applications without having to running them as an administrator each time.  We also don’t want to push them by GPO or install them on an image as we want people to keep installing them if and when they need them.

How can we allow our users to install these applications from specific local paths, without giving them admin permissions?
0
fieldj
Asked:
fieldj
  • 5
  • 5
1 Solution
 
jpgobertEnterprise IT Systems ConsultantCommented:
Here's exactly what you're looking for if I'm not mistaken:

MSDN - Installing a Package with Elevated Privileges for a Non-Admin
0
 
fieldjAuthor Commented:
That gives me some options, but none that really suit my requirements.  

I would like our users to continue to install the application from a specific path (I dont want to advertise it by publishing (its an .exe anyway, not an .msi)

I dont want to have to go to each machine and type in elevated administrator permissions

I dont want to allow users to install any application, just specific ones in a specific path.

I dont think any of the solutions in that link are suitable
0
 
jpgobertEnterprise IT Systems ConsultantCommented:
Then unfortunately you're painting yourself into a corner.

If you don't want them to have the permissions on the workstations to install software and you don't want to use the options available for advertising the applications then I'm not sure what to tell you.

You're basically saying you don't want to do any of the available options...
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
fieldjAuthor Commented:
What about applocker?  I am not too familiar with this tool but it looks like it might do what I am trying to achieve?
0
 
jpgobertEnterprise IT Systems ConsultantCommented:
The short answer is probably yes, it will do what you're looking for.  

Ultimately you are going to have some management overhead for this no matter how you decide to do it.  I don't really know what the reasons are for you to not want to publish the apps so your users can install them at will.  If those reasons have anything to do with the personnel overhead involved in managing that process then you're only going to introduce more IT personnel overhead with trying to setup and manage applocker in your environment.

I don't really know what the underlying issues or your reasons are so it's hard for me to give a really good opinion... just know that it will take a bit of time to get applocker setup and running smoothly... that will be the case with any software management system you put in place though... so if you need or want to deploy software management then this would probably be one of the better ways for you to go...
0
 
David Johnson, CD, MVPOwnerCommented:
In your situation I'd probably go with remote app over applocker
0
 
jpgobertEnterprise IT Systems ConsultantCommented:
RemoteApp won't necessarily work depending on his application(s) and if they don't want to publish apps to the users for install then they won't want to publish apps through Remote Desktop...
0
 
fieldjAuthor Commented:
Its not that I dont want to publish it.  Its just that historically our users have gone to an intranet page with a link to install the software and I would like to continue with this if possible.
0
 
jpgobertEnterprise IT Systems ConsultantCommented:
How are you creating the installers for your applications?

I'm thinking this through and depending on how you create them, and IF they are MSI installers, you may be able to have standard users install them without any admin rights needed.

I just built a set of installers for work that standard users would need to be able to install... problem is that some parts needed admin rights... after researching I found that there are certain points in an MSI installation that tasks that need admin rights can be executed without requiring elevation.

I'll pull up the details on that and send it to you if it will help... ??
0
 
fieldjAuthor Commented:
The installers are created by our in-house developers, I am not sure how they do it.

I appreciate your help but I might have found a way around this.  Just looking into it and will get back to you in due course.
0
 
fieldjAuthor Commented:
I found that the applications also had a ****.application version.  These seemed to work ok.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now