|06 Dec 2011||#1|
| || |
Can I allow domain users to install software updates w/o being admins?
I work in and oversee the computer network of a small architecture office. We only have 6 or 7 users right now, and about 12-14 active machines throughout the office. All machines connect through our office domain to our server box running Windows Server 2003 x86. Most production machines are now running Windows 7 x64, but there are a few XP x86 machines still left in the office. Everyone logs onto their machine using their username and password, which is set up in Active Directory Users and Computers on the server. Each username has a login script associated with it that maps various shared folders on the server as network drives on the workstations.
Right now, each user's workstation has that username set up as an Administrator account on that machine. I know that's not recommended, but it's been okay so far. However as time passes, I'm getting more and more concerned about network and computer security.
I'd like to know if there's a way to set up user accounts such that it won't ask for an Admin user name and password every time a program needs an update, but also doesn't allow them full access like Admins have, i.e. deleting software and such.
The issue is that I don't want to have to run around and enter an admin user name and password on the Windows 7 machines every time some software update appears or the user needs to install some software on a machine. We're a small office and don't rely on any actual IT department. I have many other responsibilities in the architecture field (working drawing production, project management, etc) and don't have time to always do that, especially when I'm out of the office on a jobsite, etc.
|My System Specs|| |
|06 Dec 2011||#2|
| || |
I don't think there's any way to add "exceptions" to the UAC prompts. Update installations will depend on the program, as well (e.g., Chrome doesn't, because someone at Google thought it would be a good idea to install Chrome into the user's AppData folder).
For Windows updates, there is an option allow all users to install updates (found in Windows Update > Change settings), so they can still install those without needing admin rights.
|My System Specs|
|Similar help and support threads for: Can I allow domain users to install software updates w/o being admins?|
|Domain users group - no domain?||System Security|
|How to allow users to install all kind of updates?||Network & Sharing|
|Account Operators, Domain Admins, Enterprise Admins||System Security|
|How to make all users desktops same as Admins||General Discussion|