AppLocker doesn’t have privilege elevation (yet?) If you went with AppSense you’d be looking at a high-end product that does application management, privilege management, license management and also has workflows for user self-service. It’s pretty expensive, but they do bundles now that can reduce the price somewhat.
On the other hand if you don’t need all those bells and whistles then a specific privilege elevation app would be more suitable, provided it was secure (for instance, AppSense de-elevates privileges from within elevated applications so common Explorer windows like Open dialogs can’t break the security model). That’s the sort of thing I’d look to verify in any product you test. Cheers, JR From: [email protected] [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: 05 May 2015 14:38 To: [email protected] Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps Thanks Uriah, James and Webster. It sounds like it will have to be a third party app. I’ll look into Viewfinity and AppSense. I was thinking AppLocker or another MS feature might give me what I’m looking for, so I’m glad I asked. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Patton, Uriah Allen Sent: Tuesday, May 5, 2015 8:07 AM To: '[email protected]<mailto:[email protected]>' Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps We use an application called Viewfinity which works great. They have an in-house and SAAS version. It is highly customizable and works better than any other privilege management software I have found. http://www.viewfinity.com/default.aspx If you would like more details you can email me directly. Thanks, Uriah Patton Systems Administrator IU School of Medicine From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Monday, May 04, 2015 4:28 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Allow Non-Admins to Install Apps Has anyone had to come up with a way for non-admins to install software on their application servers? We are trying to meet PCI requirements and someone in my group had the idea to enable the Power Users group as a solution for this (brings back bad memories of NT 4). If we could do that and remain PCI compliant I would do it, since we’re used to giving the app owners Administrator rights on their particular servers anyway, but I’m skeptical that we would be compliant. Charlie Sullivan Sr. Windows Systems Administrator
