What are your desktops running? In Vista or Win7, if you are installing printer drivers from an INF file, privilege escalation happens "automagically". If you are using setup's, they should be MSI's which can have a trusted manifest to indicate that the drivers should be escalated. Otherwise, you are looking at some type of mechanism to provide that escalated privilege.
No clue about the USB drives. ________________________________ From: Tom Miller [[email protected]] Sent: Tuesday, March 31, 2009 9:22 AM To: NT System Admin Issues Subject: Limited Users but some permissions Hi Folks: Currently most users are members of the local "administrators" group on their workstations. We have a crappy enterprise application that, for (the many) component installations, the user account runs the install so the account needs to be Power User/Administrator. We are moving away from it thank goodness... I can change the users to be members of the "Users" group during times when there are no updates to that application. When I do that I notice the following: - We have a web page where we allow users to install networked printers as needed. This saves IT Support lots of time, since we just tell users which printer to click on, drivers are downloaded, printer installed, done. How do I address this for "Users"? There is no permission to install. Our remote control assumes the permissions of the local user, so we'd have to physically go to the computer, log on as a tech, run the install, then let the user log back in. I'd like to avoid that. - Similar situation with our USB drives. We use secure USB drives which run a little program each time the user inserts the drive into the port. Those drives (seemingly) need administrator permissions to run the program. We are currently an eDirectory (Novell) shop using Zenworks to control local groups. So any suggestions via a domain I could probably perform via Zenworks. How do your support shops address these sort of things? Thanks, Tom Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
