Security Basics mailing list archives
RE: Allowing Non admin users to install approved software
From: "Duncan McAlynn" <duncan () mcalynn com>
Date: Tue, 17 Oct 2006 20:14:39 -0500
There are several solutions available to help meet this need. But, I would urge you not to take the easy way out and grant them (even temporary) local admin rights. Look at your Microsoft license agreement first. If you have a standard Enterprise Agreement, then you've already licensed the clients for Systems Management Server. This is Microsoft's solution for desktop and server management - including software distribution. The only additional costs would come from the SMS Site Server and attached SQL Server. If you don't already have a SQL Server there is a great option for that called the "SMS w/ SQL Server Technology" license. It's around $1500 but limits the SQL Server usage to just SMS. Alternatively, you could use group policy to publish/assign MSI packages, but this lacks the ability to throttle and control when those apps are distributed and will potentially bring the network to its knees. Other solutions for Software Distribution include Altiris & ManageSoft; Google for others. Lastly, you could use something like PSExec to remotely execute the command-line for the setup file. I hope this helps. Duncan -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Saqib Ali Sent: Tuesday, October 17, 2006 4:25 PM To: Gary Collis; markruss () microsoft com; Bryce Cogswell Cc: security-basics () securityfocus com Subject: Re: Allowing Non admin users to install approved software
How can I allow non admin/power users in a w2k domain, using XP machines to install software that is approved by IT, whilist maintaining some degree of security and control over what is installed?
Looks like a job for Protection Manager: http://www.winternals.com/Products/ProtectionManager/Default.aspx -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Allowing Non admin users to install approved software Gary Collis (Oct 17)
- Re: Allowing Non admin users to install approved software Saqib Ali (Oct 17)
- RE: Allowing Non admin users to install approved software Duncan McAlynn (Oct 18)
- Re: Allowing Non admin users to install approved software Jon Wallace (Oct 18)
- <Possible follow-ups>
- RE: Allowing Non admin users to install approved software Laundrup, Jens (Oct 17)
- RE: Allowing Non admin users to install approved software Isaac Van Name (Oct 18)
- RE: Allowing Non admin users to install approved software Scott Ramsdell (Oct 17)
- Re: Allowing Non admin users to install approved software Saqib Ali (Oct 17)