Elevated privileges relates to access to the registry but does not translate to access to the file system. As such if a user has 'User' security access to a machine they will not be able to install software to it. To be able to do this you need a DMS solution that can manage installations to the box (and keep control of it during installation). Your best bet at a no cost is either to assign/publish though Active Directory or within the login script run the installation at an alternate accounts context (using a VBS, Jscript, CMD wrapper hidden from the user).
Get them to spend money on a Desktop Management Solution so that you get sufficient reporting and delivery management, hard to have a reliable lockdown environment without one. Only introduces more headaches then it is worth! Cheers David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charlie Hope-Lang Sent: 18 July 2002 09:16 To: [EMAIL PROTECTED] Subject: [ActiveDir] Logon scripts Morning all, Does the logon script run with the user rights of the user logging on?? Ie Can we install an MSI from the logon script with out running installer with elevated privileges if the user has user rights to the local machine?? Cheers Charlie ---------------------------------------------------------------------------- -- http://www.channel5.co.uk/ ---------------------------------------------------------------------------- -- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.375 / Virus Database: 210 - Release Date: 10/07/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.375 / Virus Database: 210 - Release Date: 10/07/2002 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
