Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Preform Updates As Regular Domain User on Windows Vista and 7

Posted on 2014-01-20
Medium Priority
Last Modified: 2014-02-20
Hello Everyone,

Was wondering if anyone could give me some assistance on allowing regular domain users to preform updates to programs on Windows 7 machines, in particular to java and to a program they use called UPS worldship.  Both of these programs require admin privileges when updating, the UPS program is particularly annoying because sometimes it will have two to three updates in the space of a day two, resulting in a time consuming support session involving logging into each of the 20 or so computers (and every computer on site runs java) that use the program and running the update.  I've read about programs such as ninite that will push out updates for programs but I don't see worldship in its listed supported software, and obviously making everyone local admins is out of the question.  Anyone got any ideas?

Thanks in advance for any help you can offer.
Question by:ctagle
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 56

Expert Comment

ID: 39795622
Please make your self familiar with MSI wrapping. With commands wrapped into MSIs, we can do things like
Setup /quiet
which will install without user interaction and, as it's wrapped into a (deployed) MSI, even elevated.
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39796600
If you want to give domain users local access to update software without being local administrators you will need to use something like Priviledge Authority (dell). This software works with your group policy and allows you to create a "white list" for applications that users can have administrative rights to. You cannot do this natively with Group Policy, (allowing users to interact administratively with an applicaiton).

Priviledge Authority

LVL 56

Expert Comment

ID: 39796654
Hi Will. I'd like to comment on "You cannot do this natively with Group Policy, (allowing users to interact administratively with an applicaiton)."
Oh yes, we can. If you publish applications to user objects, then this is indeed possible.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 39800412
Thank you for the replies, McKnife can you go more into detail on publishing applications to user objects, I would like to use gpo's if possible, makes managing things more simple
LVL 56

Expert Comment

ID: 39800484
It is explained here:
It is simply done in the user configuration section of a GPO. -> Policies ->Software settings.

Author Comment

ID: 39800811
so the idea behind this is to allow them to do the update themselves using the gpo, and not necessarily, pushing it out to the machine?
LVL 56

Accepted Solution

McKnife earned 2000 total points
ID: 39802335
That is correct. What you publish to users can be seen as on-demand-installs. They may install it with non-admin rights, only if they need it.
I was in your situation once, where a manager requested to update a software on a group of computers on a weekly basis. In order to save me from fondling with MSIs every week, I created a wget job that pulled the setup from the internet to our server and deployed a scheduled task to these computers that ran with system rights, checked if the app was running, and if not, updated it (using system rights).
That's another approach that does not even require user interaction, nor restarts.
LVL 59

Expert Comment

ID: 39872880
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Here's a look at newsworthy articles and community happenings during the last month.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question