Server 2008 R2: Need an idea for domain user permissions issue

This is a server 2008 r2 site, all Windows 7 Pro clients. Users do NOT have local admin rights to their client machines. In this particular business, some users get DVDs with video on them that they need to review. The only way to view these videos is by running an executable on the DVD. When they try to do that, they are met with the admin credentials prompt. I need an idea how to allow certain users to run these DVD video executables without giving them local admin rights to the entire machine and without them using the domain admin credentials. Thanks.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chad FranksSenior System EngineerCommented:
I have used  (App Locker) in the past.  It lets you create policies regarding specific applications to run as a normal user  - lets you lock it down, rather than give admin rights to everyone

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sean FitzpatrickSr Lab Systems EngineerCommented:
Agree w/ Chad, applocker is your best option

I found the following, may be it will help you:

I faced the same problem , what i did was:(Windows 7)

Ran Regedit and navigated to HKU\z\SYSTEM\CurrentControlSet\Control\Class{4D36E965-E325-11CE-BFC1-08002BE10318}

Right clicked, then click new, then create a new key. Then rename it to Properties. In Properties create two new dwords

    DeviceType Type:reg_dword Value:00000002
    DeviceCharacteristics Type:reg_dword Value:00000100

Then Uninstall the driver of cd/dvd from Device manager.

Scan for New Hardware. Boom!! Problem Solved.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

tcianfloneAuthor Commented:
Thanks for the AppLocker idea. I reviewed some training videos on this. Can I create an AppLocker rule just for the video related programs I'm having problems with WITHOUT having to create rules for ALL of the software the users typically use? Or do I have to define rules for ALL software for this to work?
Sean FitzpatrickSr Lab Systems EngineerCommented:
You should be able to create applocker rules for just for certain software, you should not need to create it for everything.  Everything else would just run with w/e you have as the 'default' rule.
tcianfloneAuthor Commented:
Thanks for the pointer to applocker. I have not had the opportunity to implement it yet, as is often the case with my job. But from what I've read this seems to be the way to do it. Question: Do any of you use applocker to allow things like flash and java auto updates run from a locked down desktop? Seemed like it could be used for something like that as well.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.