Re: Least privilege vs efficiency

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

A little update.
I've found a software (Privilege Manager from BeyondTrust) that seems to be
exactly what I was looking for.
It's based on Group Policy and permits sw installation and usage to normal
users, assuming that installers or executables are located inside specific
folders or are digital signed by a certain manufacture.
At the moment I'm trying the trial version, but until now I feel really
satisfied.

Thanks for your help and please let me know should you have further advices.
Cheers

"Paul Bergson [MVP-DS]" wrote:

Correct.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.


"Big Passeron" <BigPasseron@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6B6D49FA-1598-4312-AB71-841FDFF6E065@xxxxxxxxxxxxxxxx
So there'no way on earth to permit software's installation when
preauthorized, while blocking all other installations?



"Paul Bergson [MVP-DS]" wrote:

Most times they need to be an admin when installing complex software and
there is no way around it unless you have a push program such as SMS
which
in this situation isn't possible.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.


"Big Passeron" <BigPasseron@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2F238C3F-2180-473C-A51A-1FC1AC18F483@xxxxxxxxxxxxxxxx
Hi Florian, I got another question.
Now part of our users belongs to "Network Configuration Operators"
groups.
However, some people need to uninstall old versions of our own
softwares
and
install the new ones.

Very often it happens like this:
A user is abroad, when he suddendly realizes that the SW he's using has
a
bug to be fixed ASAP.
So our programmers prepare a new version to be installed and send it to
him.
Unfortunately, not having admin privileges, installation will be
denied.
So basically, the chance to permit just the installation of our
softwares
is
mandatory.
How can I accomplish this goal?

"Florian Frommherz [MVP]" wrote:

Howdie!

Big Passeron wrote:
Our users need sometimes to change IP settings since they're
engineers,
using our own SW tools that work in conjunction with some HW devices
we
produce.
To be able to communicate with these measurement devices every
engineer,
when performing measurements abroad, needs to set some network
parameters.
All that said, will this people still able to make these
modifications
and
also set up (for example) a connection to access a Wlan (and tasks
like
these) once inside an hotel?

What standard TCP/IP network configuration and WLAN concerns, putting
the users into the Network Configuration Operators group (not that
group
is there on Windows XP and above), you should be okay.

As far as the hardware devices go - I'm not sure if you can handle
programmers and devices attached to the serial port then and whether
the
dev tools all work after that. That's the part you'd have to test on a
sample machine.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german):
http://frickelsoft.net/cms/index.php?page=mailingliste



.

Relevant Pages

  • Re: Least privilege vs efficiency
    ... Now part of our users belongs to "Network Configuration Operators" groups. ... Unfortunately, not having admin privileges, installation will be denied. ... the chance to permit just the installation of our softwares is ...
    (microsoft.public.windows.server.active_directory)
  • Re: Least privilege vs efficiency
    ... Now part of our users belongs to "Network Configuration Operators" groups. ... So our programmers prepare a new version to be installed and send it to him. ... Unfortunately, not having admin privileges, installation will be denied. ... the chance to permit just the installation of our softwares is ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows Update Error on XP 64bit: update is redirected from v6
    ... Antivir *usually* does not interfere with the installation of core ... Proxycfg settings WORKED. ... Microsoft Windows 2000 Operating System Group Policy Result tool ...
    (microsoft.public.windowsupdate)
  • Re: Windows Update Error on XP 64bit: update is redirected from v6
    ... Antivir *usually* does not interfere with the installation of core system updating components. ... Microsoft Windows 2000 Operating System Group Policy Result tool ... The user is a member of the following security groups: ... Open the AULOGS subfolder located in the root drive [the drive where WINDOWS is installed to, usually C:\] Extract the contents of the data.cab as you would a .zip file. ...
    (microsoft.public.windowsupdate)
  • Re: Windows Update Service Crashes When check for new updates starts
    ... Apparently the installation of the latest Version of the WUA is not running to completion as the log indicates that it's being downloaded over and over. ... When the download completes close all browsers and open programs. ... Group policy undefined for peer caching. ... SUCCESS - IBackgroundCopyJob is correctly registered. ...
    (microsoft.public.windowsupdate)