ukitsme
asked on
Group Policy
hi,
We are a company of about 400 users. Users are not local admins of their computers and our company policy doesn't allow us to do it. But now our manager wants to allow users to upgrade itunes and Java without our intervention. apart from those two programs users should not be able to install any other programs,
I know you can manually do it by downloading Itunes and Java when there is a update and run a script at start up, but can this be done automatically. I mean when there is a update users should be able to download itunes and java and install them. Can this be set by using Group Policies.
We are a company of about 400 users. Users are not local admins of their computers and our company policy doesn't allow us to do it. But now our manager wants to allow users to upgrade itunes and Java without our intervention. apart from those two programs users should not be able to install any other programs,
I know you can manually do it by downloading Itunes and Java when there is a update and run a script at start up, but can this be done automatically. I mean when there is a update users should be able to download itunes and java and install them. Can this be set by using Group Policies.
You can through GPO also grant user install rights.
You can as pointed out using software deployment GPO push software install/updates as andrewjamesb illustrated.
You can as pointed out using software deployment GPO push software install/updates as andrewjamesb illustrated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Decided to run a script in the end
Start the Active Directory Users and Computers snap-in.
To do this, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
In the console tree, right-click your domain, and then click Properties.
Click the Group Policy tab, select the policy that you want, and then click Edit.
Under Computer Configuration, expand Software Settings.
Right-click Software installation, point to New, and then click Package.
In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \file server\share\file name.msi.
Make sure that you use the UNC path of the shared installer package.
Click Open. Click Assigned, and then click OK. The package is listed in the right-pane of the Group Policy window.
Close the Group Policy snap-in, click OK, and then close the Active Directory Users and Computers snap-in.
When the client computer starts, the managed software package is automatically installed.
Another option is:
Create a an user with privileges on the machines.
Install CPAU
Run CPAU with the -enc and -jobs switches (and the admin user) to encrypt the file
"cpau -u domain\pcadmin -p password -ex "setup.exe" -enc -file install.job" - creates job file called install.job to run setup.exe as domain\pcadmin.
Run cpau with -dec -file switches to run setup.exe as saved in the previous step.
cpau -dec -file install.job -lwp
Hope this helps