Preform Updates As Regular Domain User on Windows Vista and 7

Posted on 2014-01-20
Last Modified: 2014-02-20
Hello Everyone,

Was wondering if anyone could give me some assistance on allowing regular domain users to preform updates to programs on Windows 7 machines, in particular to java and to a program they use called UPS worldship.  Both of these programs require admin privileges when updating, the UPS program is particularly annoying because sometimes it will have two to three updates in the space of a day two, resulting in a time consuming support session involving logging into each of the 20 or so computers (and every computer on site runs java) that use the program and running the update.  I've read about programs such as ninite that will push out updates for programs but I don't see worldship in its listed supported software, and obviously making everyone local admins is out of the question.  Anyone got any ideas?

Thanks in advance for any help you can offer.
Question by:ctagle
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 55

Expert Comment

ID: 39795622
Please make your self familiar with MSI wrapping. With commands wrapped into MSIs, we can do things like
Setup /quiet
which will install without user interaction and, as it's wrapped into a (deployed) MSI, even elevated.
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39796600
If you want to give domain users local access to update software without being local administrators you will need to use something like Priviledge Authority (dell). This software works with your group policy and allows you to create a "white list" for applications that users can have administrative rights to. You cannot do this natively with Group Policy, (allowing users to interact administratively with an applicaiton).

Priviledge Authority

LVL 55

Expert Comment

ID: 39796654
Hi Will. I'd like to comment on "You cannot do this natively with Group Policy, (allowing users to interact administratively with an applicaiton)."
Oh yes, we can. If you publish applications to user objects, then this is indeed possible.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 39800412
Thank you for the replies, McKnife can you go more into detail on publishing applications to user objects, I would like to use gpo's if possible, makes managing things more simple
LVL 55

Expert Comment

ID: 39800484
It is explained here:
It is simply done in the user configuration section of a GPO. -> Policies ->Software settings.

Author Comment

ID: 39800811
so the idea behind this is to allow them to do the update themselves using the gpo, and not necessarily, pushing it out to the machine?
LVL 55

Accepted Solution

McKnife earned 500 total points
ID: 39802335
That is correct. What you publish to users can be seen as on-demand-installs. They may install it with non-admin rights, only if they need it.
I was in your situation once, where a manager requested to update a software on a group of computers on a weekly basis. In order to save me from fondling with MSIs every week, I created a wget job that pulled the setup from the internet to our server and deployed a scheduled task to these computers that ran with system rights, checked if the app was running, and if not, updated it (using system rights).
That's another approach that does not even require user interaction, nor restarts.
LVL 59

Expert Comment

ID: 39872880
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question