Install Software as Standard User


  1. matty3021
    Posts : 1
    Windows 7
       New #1

    Install Software as Standard User


    I have a dilemma, I have searched the threads but not found something that matches my exact problem.

    We are implementing Windows 7 and Bitlocker as encryption. While this works brilliantly, I am now worried that our offsite engineers if they are given Local admin rights, can disable bitlocker. They need to install software onto there machines and this cannot be taken away from them. Problem is company policy also states that they are not allowed to disable the encryption, which is where my dilemma lies.

    I can lock down bitlocker through Grou Policy, but the offsite engineers are software developers so it wouldn't take them long to disable it if they do have local admins.

    Is there anyway at all I can give them access to install software without Local admins?
      My Computer
    Quote Quote

  3. fseal
    Posts : 2,528
    Windows 7 x64 Ultimate
       New #2

    Software engineers typically /require/ admin prives (local admin that is) to their machines as part of their work. Especially driver writers but even standard apps while test installing and uninstalling sometimes require "hand work" to remove mis installed items or undo the damage caused by bugs.

    There really is no way around it.

    You could do periodic checks on the systems remotely if needed to check of they have not messed with any setings and of course if they have once, warn, twice, fire...
      My Computer
    Quote Quote

  4. cluberti
    Posts : 2,528
    Windows 10 Pro x64
       New #3

    That's actually what we do - check Bitlocker periodically in the logon script (manage-bde.exe), and if it's been disabled we popup a custom HTA that the user MUST interact with (which will re-enable bitlocker on the next reboot) and we make a note on a network location. If the next reboot comes up and bitlocker is still disabled (and the PC is capable of bitlocker, of course) the user's network port is disabled. This forces them to call the helpdesk to re-enable the port, and then explain why they need bitlocker disabled (anyone with a really valid reason will be exempted, but those reasons are pretty rare).
    Last edited by cluberti; 06 Aug 2010 at 12:11.
      My Computer
    Quote Quote

  6. atsteger
    Posts : 1
    Windows 7 Ulimate
       New #4

    Hy Carl, is it possible to get this script, we have still the same situation, but how you going to this with remote users, because I wouldn´t let them connect if Bitlocker is disabled, maybe you can gave me a hint or how I can handle that?

    thx
    Gerald

    Austria isn´t Australia
      My Computer
    Quote Quote

 

  Related Discussions
Hi all, I'm a Linux user (Ubuntu) but the wife has a Windows 7 laptop. In Linux one can install software as a regular user to his own ~/bin (like Program Files in Windows) and that software cannot affect other users of the computer (they cannot run it, and it cannot mess with the system...
Hi, I have over 120 clients running Windows 7 Enterprise in a Windows Server 2008 R2 domain. I am currently doing some testing around AppLocker, and generally locking down the user environment. I will soon be setting up some new Windows 7 clients with the users added as the Standard User type....
I have a set of of users who should be able to install softwares as a standard user. Is is possible, if yes then how.
Hello all, and thanks in advance for any help you can provide. Seems like a simple enough question, but not one I'm easily finding an answer to - either here or in Google. If I'm the 4,376,124th user to ask this question, then please be done with me and point me at the right link. I'd appreciate...
I use a standard user account for my day to day computing. Today I installed the Google Chrome beta and it fully installed without ever asking for the elevation to administrator. I thought standard users could not install software. Any ideas what happened here? Thanks
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 01:46.
Find Us