Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Preform Updates As Regular Domain User on Windows Vista and 7

Posted on 2014-01-20
Last Modified: 2014-02-20
Hello Everyone,

Was wondering if anyone could give me some assistance on allowing regular domain users to preform updates to programs on Windows 7 machines, in particular to java and to a program they use called UPS worldship.  Both of these programs require admin privileges when updating, the UPS program is particularly annoying because sometimes it will have two to three updates in the space of a day two, resulting in a time consuming support session involving logging into each of the 20 or so computers (and every computer on site runs java) that use the program and running the update.  I've read about programs such as ninite that will push out updates for programs but I don't see worldship in its listed supported software, and obviously making everyone local admins is out of the question.  Anyone got any ideas?

Thanks in advance for any help you can offer.
Question by:ctagle
LVL 54

Expert Comment

ID: 39795622
Please make your self familiar with MSI wrapping. With commands wrapped into MSIs, we can do things like
Setup /quiet
which will install without user interaction and, as it's wrapped into a (deployed) MSI, even elevated.
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39796600
If you want to give domain users local access to update software without being local administrators you will need to use something like Priviledge Authority (dell). This software works with your group policy and allows you to create a "white list" for applications that users can have administrative rights to. You cannot do this natively with Group Policy, (allowing users to interact administratively with an applicaiton).

Priviledge Authority

LVL 54

Expert Comment

ID: 39796654
Hi Will. I'd like to comment on "You cannot do this natively with Group Policy, (allowing users to interact administratively with an applicaiton)."
Oh yes, we can. If you publish applications to user objects, then this is indeed possible.
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Author Comment

ID: 39800412
Thank you for the replies, McKnife can you go more into detail on publishing applications to user objects, I would like to use gpo's if possible, makes managing things more simple
LVL 54

Expert Comment

ID: 39800484
It is explained here: http://technet.microsoft.com/en-us/library/cc783635(v=ws.10).aspx
It is simply done in the user configuration section of a GPO. -> Policies ->Software settings.

Author Comment

ID: 39800811
so the idea behind this is to allow them to do the update themselves using the gpo, and not necessarily, pushing it out to the machine?
LVL 54

Accepted Solution

McKnife earned 500 total points
ID: 39802335
That is correct. What you publish to users can be seen as on-demand-installs. They may install it with non-admin rights, only if they need it.
I was in your situation once, where a manager requested to update a software on a group of computers on a weekly basis. In order to save me from fondling with MSIs every week, I created a wget job that pulled the setup from the internet to our server and deployed a scheduled task to these computers that ran with system rights, checked if the app was running, and if not, updated it (using system rights).
That's another approach that does not even require user interaction, nor restarts.
LVL 59

Expert Comment

ID: 39872880
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question