Well, if you wanted, you could get moderately fancy with this. If the intent is
to allow users to maintain their programs – but have no other admin privileges
– you could build a folder tree
C:\myInstaller
ToBeProcessed
Install
UnInstall
Repair
Update
AllReadyProcessed
Install
UnInstall
Repair
Update
…with the obvious uses.
From: [email protected] [mailto:[email protected]] On
Behalf Of James Rankin
Sent: Tuesday, May 5, 2015 1:30 PM
To: [email protected]
Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps
Interesting. Might write a blog post investigating this (as soon as BriForum is
out of the way)
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Michael B. Smith
Sent: 05 May 2015 16:38
To: [email protected]<mailto:[email protected]>
Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps
Depends on the arguments to msiexec. Those are all different arguments. I just
tested with a couple of MSIs for programs on my laptop and if the program was
already installed, then the installer aborted. I don’t know if that’s a feature
of msiexec or of the particular installer.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of James Rankin
Sent: Tuesday, May 5, 2015 11:24 AM
To: [email protected]<mailto:[email protected]>
Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps
If the applications were already installed, then would that trigger a
reinstall/repair/uninstall? Or would you have to write in some logic to check
if the apps are already installed?
I know you said it was hackish ☺
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Michael B. Smith
Sent: 05 May 2015 16:19
To: [email protected]<mailto:[email protected]>
Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps
You can actually do this using standard tools, but it’s a bit hackish.
You create a Scheduled Task that looks into a folder every 5 minutes or so and
executes any installers found in the folder. You would definitely want to
restrict to MSI/MSU/MSP.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Charles F Sullivan
Sent: Tuesday, May 5, 2015 9:38 AM
To: [email protected]<mailto:[email protected]>
Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps
Thanks Uriah, James and Webster. It sounds like it will have to be a third
party app. I’ll look into Viewfinity and AppSense. I was thinking AppLocker or
another MS feature might give me what I’m looking for, so I’m glad I asked.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]<mailto:[email protected]>]
On Behalf Of Patton, Uriah Allen
Sent: Tuesday, May 5, 2015 8:07 AM
To: '[email protected]<mailto:[email protected]>'
Subject: RE: [NTSysADM] Allow Non-Admins to Install Apps
We use an application called Viewfinity which works great. They have an
in-house and SAAS version. It is highly customizable and works better than any
other privilege management software I have found.
http://www.viewfinity.com/default.aspx If you would like more details you can
email me directly.
Thanks,
Uriah Patton
Systems Administrator
IU School of Medicine
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Charles F Sullivan
Sent: Monday, May 04, 2015 4:28 PM
To: [email protected]<mailto:[email protected]>
Subject: [NTSysADM] Allow Non-Admins to Install Apps
Has anyone had to come up with a way for non-admins to install software on
their application servers? We are trying to meet PCI requirements and someone
in my group had the idea to enable the Power Users group as a solution for this
(brings back bad memories of NT 4). If we could do that and remain PCI
compliant I would do it, since we’re used to giving the app owners
Administrator rights on their particular servers anyway, but I’m skeptical that
we would be compliant.
Charlie Sullivan
Sr. Windows Systems Administrator
