Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

AD Group Policy software restrictions but need to install software in user profile

Posted on 2013-11-12
6
Medium Priority
?
325 Views
Last Modified: 2013-12-10
I had a question come up from a technician here that is having a problem with some installations that he needs to install remotely.  We have an AD in place where the Group Policy is set to software installation restricted.  What he has been doing is creating an OU without that restriction and moving the users effected to that "temp" OU then install while logged in as them.  He told me this software needs to be loaded while in the user profile in order to work within their account.  It is time consuming and disruptive since we are using VNC to remote log in to these places across the state.  Is there anyway to install software at the user level, while logged in remotely as the user, install, without going the route of getting into the server, and moving users into a different OU?

Thanks for any help.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39642288
he can login while they are on and shift+right click the executable and run as other user or as administrator and do the install without all that other mess.
0
 
LVL 4
ID: 39642349
He said that he tried that and it still didn't work...
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 1000 total points
ID: 39643514
You need to first verify are the policy of s/w restriction still applied on client compter.Is this policy userbased or computer.If it is computer based then this will not work as still machine as s/w restriction policy applied moving the user to temp ou will not work.

Yo deploy s/w you can refer this GPO:http://www.advancedinstaller.com/user-guide/tutorial-gpo.html
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 56

Accepted Solution

by:
McKnife earned 1000 total points
ID: 39647666
Has to be user based, Sandeshdubey, otherwise his move would not succeed - but it does.
netcepter, you could only deny the "apply group policy" entry in the ACL of the group policy for that very user and do a gpupdate.

But that's not much better. Please give some more info on the following:
-are your users admins or why can they install software unless restricted?
-why is there software in use that can only run under your account when installed by you? Ask the manufacturer about that crappy behavior. He should be able to avoid it
-what particular setting is being used for restriction?
0
 
LVL 4
ID: 39709175
I am so sorry for being late on this.  I have started a new job, and when asking this question, I tried to get a quick solution as I thought that it was a priority.  However, my boss is great and gave me time to learn the system.  I am splitting the reward points as you were both right in the questions you asked and GP.   The solution is Additional path rules.  I set up a directory on the server to allow certain executables run for the help desk dept when they are VNC'd to different computers.   The software needed were small programs that helped the desktop team solve issue.  In this case, they wanted to install PFBackup.exe on machines to backup certain users Outlook Email.  I placed the .exe in the additional rule directory and it worked like a charm for the help desk people.   Again sorry for the tardiness.  I am not usually late.  And actually help out with Access questions, etc.   BUT its a new job!   lol...

Thanks again!
0
 
LVL 4

Author Closing Comment

by:get-ADuser -F ($_.Name -eq "Todd")
ID: 39709180
Additional Path Rule in Group Policy did the trick
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question