Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Install Software as Standard User


06 Aug 2010   #1

Windows 7
 
 
Install Software as Standard User

I have a dilemma, I have searched the threads but not found something that matches my exact problem.

We are implementing Windows 7 and Bitlocker as encryption. While this works brilliantly, I am now worried that our offsite engineers if they are given Local admin rights, can disable bitlocker. They need to install software onto there machines and this cannot be taken away from them. Problem is company policy also states that they are not allowed to disable the encryption, which is where my dilemma lies.

I can lock down bitlocker through Grou Policy, but the offsite engineers are software developers so it wouldn't take them long to disable it if they do have local admins.

Is there anyway at all I can give them access to install software without Local admins?


My System SpecsSystem Spec
.

06 Aug 2010   #2

Windows 7 x64 Ultimate
 
 

Software engineers typically /require/ admin prives (local admin that is) to their machines as part of their work. Especially driver writers but even standard apps while test installing and uninstalling sometimes require "hand work" to remove mis installed items or undo the damage caused by bugs.

There really is no way around it.

You could do periodic checks on the systems remotely if needed to check of they have not messed with any setings and of course if they have once, warn, twice, fire...
My System SpecsSystem Spec
06 Aug 2010   #3

Windows Server 2008 R2
 
 

That's actually what we do - check Bitlocker periodically in the logon script (manage-bde.exe), and if it's been disabled we popup a custom HTA that the user MUST interact with (which will re-enable bitlocker on the next reboot) and we make a note on a network location. If the next reboot comes up and bitlocker is still disabled (and the PC is capable of bitlocker, of course) the user's network port is disabled. This forces them to call the helpdesk to re-enable the port, and then explain why they need bitlocker disabled (anyone with a really valid reason will be exempted, but those reasons are pretty rare).
My System SpecsSystem Spec
.


25 Nov 2011   #4

Windows 7 Ulimate
 
 

Hy Carl, is it possible to get this script, we have still the same situation, but how you going to this with remote users, because I wouldn´t let them connect if Bitlocker is disabled, maybe you can gave me a hint or how I can handle that?

thx
Gerald

Austria isn´t Australia
My System SpecsSystem Spec
Reply

 Install Software as Standard User




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:11 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33