Gpo...

Hi guys,

Apologies if this question has an obvious answer but I’m still quite new to software rights / distribution via group policy.

The problem I have is this – within the company that I work for, as with most companies, our standard users have their local pc admin rights locked down. We want to give users the ability to apply updates to certain applications despite only having standard user accounts. Therefore allow certain applications to run with administrative rights. I’ve been looking at software that allows us to do this such as Avecto – Privilege Guard.

Is there a way of doing this through group policy without giving users temp admins?

Sorry if this question has a very obvious answer... I’m just at the start of my 70-640 and I’m not really “in the know” where the limitations of GPO are concerned.

Thanks if you have taken time to read this post and many thanks to those that take the time to respond.

Cheers.

Find more posts tagged with

Comments

BADfish10

mattipler wrote: »

Hi guys,

Apologies if this question has an obvious answer but I’m still quite new to software rights / distribution via group policy.

The problem I have is this – within the company that I work for, as with most companies, our standard users have their local pc admin rights locked down. We want to give users the ability to apply updates to certain applications despite only having standard user accounts. Therefore allow certain applications to run with administrative rights. I’ve been looking at software that allows us to do this such as Avecto – Privilege Guard.

Is there a way of doing this through group policy without giving users temp admins?

Sorry if this question has a very obvious answer... I’m just at the start of my 70-640 and I’m not really “in the know” where the limitations of GPO are concerned.

Thanks if you have taken time to read this post and many thanks to those that take the time to respond.

Cheers.

What programs are you looking to let them update independently?
Also what level is your Domain/Forest running at?
most apps in my veiw should be updated to the same level across the org if it is Office windows and any MS stuff just use WSUS.
If it is Adobe and the like you should role out the update via GPO for all.
If it is a cr@p finance package like Sage you have to get all on the same version anyway.
If this is not an option There is a good 3rd party tool i used a while back called beyond trust that allows elevation for specific applications and functions.
If you are running a 2008 AD and your client computers are a min of XP sp3 + GPO extention rollup you may be able to use the extended functions to allow what you whant. dont get my wrong without looking @ it i would guess it will still be a faf.

Cheers

J

Hyper-Me

You can roll out update files if they are in mSI format, using a GPO.

Alternatively, you may also want to try the "allow standard users to patch elevated products" GPO and see if that provides the functionality you are looking for.