Link to home
Start Free TrialLog in
Avatar of Scott C
Scott CFlag for United States of America

asked on

Allow users to install software on thier desktops without being a Local Admin

Does anybody know of a way to allow users to install software on their machines without being a Local Admin?

This is kind of a unique situation where our users have the potential to be able to "install" hundreds of .exe and .msi files.  The "install" programs are essentially contain data and this data is copied to a specific location during the install.

Installing via GPO or SCCM isn't an option as there are potentially 100's of programs that can be installed.

Below is the link for the software and all of the programs that can be installed just so you have an idea what I'm talking about.

http://us.krohne.com/en/dlc/software/

At this point I can only see granting local admin rights, but wanted to see if anybody had any creative solution.
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Arana (G.P.)
Arana (G.P.)

you could create msi packages for eacch of them then publish them and allow users to install via add/remove programs, but yes that would be a lot of work, but a once time job only.
Avatar of Scott C

ASKER

John, I totally agree.  We don't want to grant rights as you said the potential damage is exactly what we're afraid of.

I was hoping to find something like allowing installation of programs from a particular publisher or something like that.  

I just don't see a good way of doing this outside of the "bad" way or else they contact us when they need another app installed.
You can build click-once installers which installs into user's AppData such as Chrome when you install it without administrators rights.

Click-once installers can also be signed with a Code-signing Certificate
Chrome is a bit different. Lots of software must write to the registry and so need real admin permissions to install.
Not correct. All registry setting are visualized in modern OS to allow it to write to HKLM without actually doing it. Anybody can that their code and build a Click-once application
I will have to look at my software because I have software that will not do that.

So it may be correct for you but not for me.
For those you can use ACT (application compatibility toolkit) to write shims for it. For Windows 10 it is called Windows Assessment and Deployment Kit (ADK)
I have software that may need UAC OK'd two, maybe 3 times. I think that software will not work (as provided to me) the way you describe. I am not suggesting all software is like this - just some.
All software can be made to work without admin rights unless it is designed to do system administration tasks.
Applications that do not work in user mode is considered to have LUA Bugs.
Avatar of Scott C

ASKER

Thanks...you confirmed what I already knew and suspected.

Creating the .msi packages is an ok idea, but we'd be forever making these when the data changes on the website.  That is something else we'd have to monitor.
Please provide which specific software on http://us.krohne.com/en/dlc/software/ you want to install without admin rights.

If the package just contains data which is copied to a specific location, a new installer can be build to copy this data to a user location such as AppData and create the shortcuts
Avatar of Scott C

ASKER

Thanks.  I thought I had closed this question.
Thanks for following up - appreciated!