The Realm of the Verbal Processor

Installing an Application as a Non Admin

Recently I was working with a client who had the following business requirements:

1. Users are not administrators on their XP workstations
2. Traveling users need the ability to install “whatever software they wish” while on the road

That’s a tricky combination of requirements. At face value this isn’t possible. As I was thinking through the problem, I came up with an idea for how to get around this issue. I could create an HTA/VBscript wrapper that I would advertise with ConfigMgr…that the user could run via Run Advertised Programs. Through this HTA they would be able to browse to locate the EXE/MSI that they wanted to install. Because it is running via ConfigMgr, it will have permissions…running as Local System.

The script could also have other data gathering capabilities for inventory purposes. Obviously from an enterprise perspective, someone would need to periodically review this inventory to ensure that all software was properly licensed…and that the user wasn’t installing garbage software.

Now…from a “best practices” perspective, this is not something you want to do. Way too big of a whole for garbage to enter your environment. But…if this is a requirement for whatever reason…at least theoretically, this would work. I have not written the script yet. We are still talking with the client about whether this is a true requirement or not. That is yet to be determined.

After fleshing out the idea, I called Brian Mason to run the idea by him to see if I was in the ballpark of reality. He confirmed that this would work. I think his statement was something like, “Oh yeah, people have been doing that for years.” So…while it may have been a great idea…it’s not an original idea. :-)

January 18, 2010 - Posted by Jarvis | ConfigMgr