The Realm of the Verbal Processor

Jarvis's Ramblings

Installing an Application as a Non Admin

Recently I was working with a client who had the following business requirements:

  1. Users are not administrators on their XP workstations
  2. Traveling users need the ability to install “whatever software they wish” while on the road

That’s a tricky combination of requirements. At face value this isn’t possible. As I was thinking through the problem, I came up with an idea for how to get around this issue. I could create an HTA/VBscript wrapper that I would advertise with ConfigMgr…that the user could run via Run Advertised Programs. Through this HTA they would be able to browse to locate the EXE/MSI that they wanted to install. Because it is running via ConfigMgr, it will have permissions…running as Local System.

The script could also have other data gathering capabilities for inventory purposes. Obviously from an enterprise perspective, someone would need to periodically review this inventory to ensure that all software was properly licensed…and that the user wasn’t installing garbage software.

Now…from a “best practices” perspective, this is not something you want to do. Way too big of a whole for garbage to enter your environment. But…if this is a requirement for whatever reason…at least theoretically, this would work. I have not written the script yet. We are still talking with the client about whether this is a true requirement or not. That is yet to be determined.

After fleshing out the idea, I called Brian Mason to run the idea by him to see if I was in the ballpark of reality. He confirmed that this would work. I think his statement was something like, “Oh yeah, people have been doing that for years.” So…while it may have been a great idea…it’s not an original idea. :-)

Advertisements

January 18, 2010 - Posted by | ConfigMgr

2 Comments »

  1. Hi,

    Sounds like a really good idea, did you ever get to implement this at all? Would be interested in the code basis of the HTA

    Thanks

    Shaun

    Comment by Shaun Croucher | July 10, 2010

  2. We ended up going a different route (custom code developement) because of some specific requirements that the client had, so I never did anything with this.

    Comment by Jarvis | July 14, 2010


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s