Interesting. Might write a blog post investigating this (as soon as BriForum is out of the way)
From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: 05 May 2015 16:38 To: [email protected] Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps Depends on the arguments to msiexec. Those are all different arguments. I just tested with a couple of MSIs for programs on my laptop and if the program was already installed, then the installer aborted. I don’t know if that’s a feature of msiexec or of the particular installer. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of James Rankin Sent: Tuesday, May 5, 2015 11:24 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps If the applications were already installed, then would that trigger a reinstall/repair/uninstall? Or would you have to write in some logic to check if the apps are already installed? I know you said it was hackish ☺ From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: 05 May 2015 16:19 To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps You can actually do this using standard tools, but it’s a bit hackish. You create a Scheduled Task that looks into a folder every 5 minutes or so and executes any installers found in the folder. You would definitely want to restrict to MSI/MSU/MSP. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Tuesday, May 5, 2015 9:38 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps Thanks Uriah, James and Webster. It sounds like it will have to be a third party app. I’ll look into Viewfinity and AppSense. I was thinking AppLocker or another MS feature might give me what I’m looking for, so I’m glad I asked. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Patton, Uriah Allen Sent: Tuesday, May 5, 2015 8:07 AM To: '[email protected]<mailto:[email protected]>' Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps We use an application called Viewfinity which works great. They have an in-house and SAAS version. It is highly customizable and works better than any other privilege management software I have found. http://www.viewfinity.com/default.aspx If you would like more details you can email me directly. Thanks, Uriah Patton Systems Administrator IU School of Medicine From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Monday, May 04, 2015 4:28 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Allow Non-Admins to Install Apps Has anyone had to come up with a way for non-admins to install software on their application servers? We are trying to meet PCI requirements and someone in my group had the idea to enable the Power Users group as a solution for this (brings back bad memories of NT 4). If we could do that and remain PCI compliant I would do it, since we’re used to giving the app owners Administrator rights on their particular servers anyway, but I’m skeptical that we would be compliant. Charlie Sullivan Sr. Windows Systems Administrator
