Solved

Allow non admin users to install applications from a certain path

Posted on 2013-05-20
11
513 Views
Last Modified: 2013-07-09
Hi all,

We have some applications that have been produced in house.  We have an Intranet page with links to the setup.exe’s for these applications where our users can install them if and when they need them.

In Windows XP our users were allowed to install these applications themselves.  In Windows 7 we have removed this as we do not want them to be administrator’s on their local computer.

However, this has caused a problem as we would like to allow them to install certain applications without having to running them as an administrator each time.  We also don’t want to push them by GPO or install them on an image as we want people to keep installing them if and when they need them.

How can we allow our users to install these applications from specific local paths, without giving them admin permissions?
0
Comment
Question by:fieldj
  • 5
  • 5
11 Comments
 
LVL 8

Accepted Solution

by:
jpgobert earned 500 total points
ID: 39180254
Here's exactly what you're looking for if I'm not mistaken:

MSDN - Installing a Package with Elevated Privileges for a Non-Admin
0
 

Author Comment

by:fieldj
ID: 39180275
That gives me some options, but none that really suit my requirements.  

I would like our users to continue to install the application from a specific path (I dont want to advertise it by publishing (its an .exe anyway, not an .msi)

I dont want to have to go to each machine and type in elevated administrator permissions

I dont want to allow users to install any application, just specific ones in a specific path.

I dont think any of the solutions in that link are suitable
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180280
Then unfortunately you're painting yourself into a corner.

If you don't want them to have the permissions on the workstations to install software and you don't want to use the options available for advertising the applications then I'm not sure what to tell you.

You're basically saying you don't want to do any of the available options...
0
How our DevOps Team Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 

Author Comment

by:fieldj
ID: 39180303
What about applocker?  I am not too familiar with this tool but it looks like it might do what I am trying to achieve?
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180324
The short answer is probably yes, it will do what you're looking for.  

Ultimately you are going to have some management overhead for this no matter how you decide to do it.  I don't really know what the reasons are for you to not want to publish the apps so your users can install them at will.  If those reasons have anything to do with the personnel overhead involved in managing that process then you're only going to introduce more IT personnel overhead with trying to setup and manage applocker in your environment.

I don't really know what the underlying issues or your reasons are so it's hard for me to give a really good opinion... just know that it will take a bit of time to get applocker setup and running smoothly... that will be the case with any software management system you put in place though... so if you need or want to deploy software management then this would probably be one of the better ways for you to go...
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 39180497
In your situation I'd probably go with remote app over applocker
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180506
RemoteApp won't necessarily work depending on his application(s) and if they don't want to publish apps to the users for install then they won't want to publish apps through Remote Desktop...
0
 

Author Comment

by:fieldj
ID: 39180510
Its not that I dont want to publish it.  Its just that historically our users have gone to an intranet page with a link to install the software and I would like to continue with this if possible.
0
 
LVL 8

Expert Comment

by:jpgobert
ID: 39180535
How are you creating the installers for your applications?

I'm thinking this through and depending on how you create them, and IF they are MSI installers, you may be able to have standard users install them without any admin rights needed.

I just built a set of installers for work that standard users would need to be able to install... problem is that some parts needed admin rights... after researching I found that there are certain points in an MSI installation that tasks that need admin rights can be executed without requiring elevation.

I'll pull up the details on that and send it to you if it will help... ??
0
 

Author Comment

by:fieldj
ID: 39180549
The installers are created by our in-house developers, I am not sure how they do it.

I appreciate your help but I might have found a way around this.  Just looking into it and will get back to you in due course.
0
 

Author Comment

by:fieldj
ID: 39309881
I found that the applications also had a ****.application version.  These seemed to work ok.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question