Deploy App as Local Admin for std user

mikedisd2

Hi all, I need to an deploy an application (HP TRIM 7.1) to all Win7 PCs. TRIM will only install for the user, not system; problem is TRIM can only install if the user is a local administrator. Management is adamant that noone is to be a local admin to any PC which makes it a bit difficult. I thought if SCCM installs with the SYSTEM account it should ignore any local restrictions.

I've tried deploying a Powershell script to add the domain user to the local admins group; came back with an access denied. Any ideas? There must be a way to get this pushed out.

Claymoore

Is it an .msi or .exe? If it's an MSI it should elevate or prompt for elevation and install. If it's an .exe you'll probably have to shim the hell out of it.
Download Microsoft Application Compatibility Toolkit from Official Microsoft Download Center
Demystifying Shims - or - Using the App Compat Toolkit to make your old stuff work with your new stuff - Ask the Performance Team - Site Home - TechNet Blogs

Run the standard user analyzer against the install and see what shims it requires. You may need to use the SpecificNonInstaller shim to get around the setup detection (if the exe is detected as an installation) along with the ForceAdminAccess Shim to lie to the app saying the standard user is a member of the Administrators Group. Follow that up with VirtualizeHKCRLite to handle the com objects it is trying to register and it just might work.

You will need to understand why the app wants admin access. It may be trying to write to Program Files or System32, which would require admin access in earlier versions, however Win7 redirects writes to those areas to the Virtual Store in the profile. Win7 will redirect writes to HKLM to HKCU as well. If all the app is doing is copying some config information to the registry or user profile, see if those edits orfiles can be pushed out through Group Policy Preferences.