Installing software for non admin users

anything I don't mind · 17 Nov 2011 at 18:15

On a domain if you have to install client software that requires a bat file to install due to its complexity. What is the best method of installing the software via scripts. The only option I can think of is to give all the users temporary administrator rights during the installation. Which of course is not ideal.

LostCorpse · 17 Nov 2011 at 19:28

in the bat file you can select the "runas" command to run it as an administrator, and leave the users account unchanged. at least this would be my first choice, it covers 99% ish of activities.

anything I don't mind · 17 Nov 2011 at 19:47

So you would have an administrator password in plain text in a bat file instead of giving all users domain admins. The other alternative is going to each pc individually and installing it manually as admin. One other one i thought of was setting domain admin rights during the day and then sending an email to everyone before and telling them that they will have a scheduled restart and then set admin rights and at the end of the script remove them.

SoundsGood · 17 Nov 2011 at 19:53

Add it as a GP computer startup script so it runs as system account?

Or make an MSI out of it and just deploy it as a normal package.. or manually/scripted using PSEXEC & MSIEXEC

anything I don't mind · 17 Nov 2011 at 20:05

I tried to run it as a start up script on a gpo with a computer ou and it did not work.

When i tried to add a domain user as a local admin on a pc and run the bat file came up with access denied messages. I am not sure if i could make a msi out of that.

Deleted member 77746 · 17 Nov 2011 at 20:13

What software is it your trying to install?

anything I don't mind · 17 Nov 2011 at 20:15

ok it is windream, http://www.windream.com/produkte/sbe/windream-50.html

Deleted member 77746 · 17 Nov 2011 at 20:36

Does the package have an msi? You may be able to deploy it to users so they can add/remove through control panel.

blueboy2001 · 17 Nov 2011 at 21:14

We use a product called Encrypted RunAs. It was pretty cheap - about £130 for a Domain licence, but it allows you to use RunAs without compromising security by revealing passwords. It can also connect network drives and printers as the admin user.

We use it for deploying new software and also running apps that need or run best with administrative permissions.

chrislip · 21 Nov 2011 at 20:04

If you can package it up in a vbs file you can use screnc to encrypt the entire script. I used this to allow users to run a defrag. script basically started defrag.msc as an administrator so it brought up the defrag window for the user, but this was running under a local admin account so had the rights to run this. Best of all it is free, depends who much interaction you want the users to have

carte_blanche · 24 Nov 2011 at 16:50

how many clients? would an rdp/vnc/dameware remote session work? (assuming you have the resources)
if the app is admin dependant during install, will it require admin during first run for instance to create local user folders etc?
I would be concerned if I had added a domain user to the local admin group, got them to log off and on again (because their security tokens won't be updated till then) and they still could not install a package. (there is a gp security setting that removes anything but an authorised set of users from certain groups - is this in effect?)

SoundsGood · 25 Nov 2011 at 06:21

groen said:
I tried to run it as a start up script on a gpo with a computer ou and it did not work.

Add some tracing to the bat as there's no reason why this shouldn't work