|15 Feb 2010||#1|
| || |
Allow non-admin to run software updates
I'm slowly migrating a small church office with 10 machines or so to Windows 7 Pro, mostly by replacing old outdated desktops. The older machines are running XP Pro and the new machines are/will be running Windows 7 Pro.
Currently everyone is running as an admin and I'm trying to get away from this with the new Windows 7 machines. I've spent to much time cleaning up junk off of the machines. There is normally one primary person that will use the machine, but there are others that will use the machine at times. Unfortunately the user of the machine will allow others to use there account and these other users will occasionally install other software. This is the reasoning behind the method I'm trying to implement. It would allow the regular users of the machine to do updates, but would keep others from "helping". Yes I know the others shouldn't be in the normal users account, but there's not a way to stop this so I'm trying to mitigate the issue.
With Windows 7 the power users group is now gone so I'm looking for a way to allow the users to run in the users group, yet provide them with a method of authorizing software updates and such when needed.
My first though was to create an admin user, testadmin1, restrict the local login for this user, and then provide the password to the user of the computer. This would allow the user to remain in there account as a normal user and do there day to day work, but when an application needs to be updated, like java or something of the type, then they could authorize the update with the admin account. The problem I have found with this method is when you restrict the local login then that account can not be used to authenticate to the UAC prompt. The password is entered, but a message is issued at the bottom of the window saying that the user doesn't have the privilege.
My next thought in restricting testadmin1 from logging in was to create a task that logs the user back out as soon as they login. I haven't tried this setup yet, but it's a possibility.
Has anyone run into something like this yet? Does anyone have any idea's on alternative methods that could be used to give the users a little more power to update there own machine, but keeping the machines as safe as possible?
Thanks for any idea's yall might have.
|My System Specs|
|Similar help and support threads for2: Allow non-admin to run software updates|
|Updates deleted my software programs||Windows Updates & Activation|
|Virtual XP Mode doesn't see the Software I installed as Admin||Virtualization|
|Windows 7 Admin Functionality is not working for a software||Windows Updates & Activation|
|software updates, other than windows 7||Software|
|Need advice: installing timer, comms software with no admin rights||General Discussion|
|Restricted Rights on Admin after critical updates||Windows Updates & Activation|
|Admin/permission help for software install plz||Software|