Preform Updates As Regular Domain User on Windows Vista and 7

Posted on 2014-01-20
Last Modified: 2014-02-20
Hello Everyone,

Was wondering if anyone could give me some assistance on allowing regular domain users to preform updates to programs on Windows 7 machines, in particular to java and to a program they use called UPS worldship.  Both of these programs require admin privileges when updating, the UPS program is particularly annoying because sometimes it will have two to three updates in the space of a day two, resulting in a time consuming support session involving logging into each of the 20 or so computers (and every computer on site runs java) that use the program and running the update.  I've read about programs such as ninite that will push out updates for programs but I don't see worldship in its listed supported software, and obviously making everyone local admins is out of the question.  Anyone got any ideas?

Thanks in advance for any help you can offer.
Question by:ctagle
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 55

Expert Comment

ID: 39795622
Please make your self familiar with MSI wrapping. With commands wrapped into MSIs, we can do things like
Setup /quiet
which will install without user interaction and, as it's wrapped into a (deployed) MSI, even elevated.
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39796600
If you want to give domain users local access to update software without being local administrators you will need to use something like Priviledge Authority (dell). This software works with your group policy and allows you to create a "white list" for applications that users can have administrative rights to. You cannot do this natively with Group Policy, (allowing users to interact administratively with an applicaiton).

Priviledge Authority

LVL 55

Expert Comment

ID: 39796654
Hi Will. I'd like to comment on "You cannot do this natively with Group Policy, (allowing users to interact administratively with an applicaiton)."
Oh yes, we can. If you publish applications to user objects, then this is indeed possible.
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Author Comment

ID: 39800412
Thank you for the replies, McKnife can you go more into detail on publishing applications to user objects, I would like to use gpo's if possible, makes managing things more simple
LVL 55

Expert Comment

ID: 39800484
It is explained here:
It is simply done in the user configuration section of a GPO. -> Policies ->Software settings.

Author Comment

ID: 39800811
so the idea behind this is to allow them to do the update themselves using the gpo, and not necessarily, pushing it out to the machine?
LVL 55

Accepted Solution

McKnife earned 500 total points
ID: 39802335
That is correct. What you publish to users can be seen as on-demand-installs. They may install it with non-admin rights, only if they need it.
I was in your situation once, where a manager requested to update a software on a group of computers on a weekly basis. In order to save me from fondling with MSIs every week, I created a wget job that pulled the setup from the internet to our server and deployed a scheduled task to these computers that ran with system rights, checked if the app was running, and if not, updated it (using system rights).
That's another approach that does not even require user interaction, nor restarts.
LVL 59

Expert Comment

ID: 39872880
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question