Gotomeeting install on Win7 without elevated privileges??

Networking/Security Forums -> Windows

Author: manningLocation: Northern Ohio USA PostPosted: Mon Jun 06, 2011 3:57 pm    Post subject: Gotomeeting install on Win7 without elevated privileges??
    ----
I have recently started rolling out Windows 7 PCs to my users. One issue that has popped up right away is the inability to install such things as gotomeeting or webex clients without elevated privileges. This was never an issue on XP. I work at a relatively small company so walking around and installing as needed wouldn't be an issue except that my users frequently travel, and new versions come out pretty frequently. I do not want to give admin rights to my users because they are 1) careless, and 2) will install stupid apps that should not be installed on these computer.

So, is there a local policy that can be set to allow these clients to install without elevated privileges? I found one post on another forum regarding this but no real solution.

thank you

Author: georgec PostPosted: Wed Jun 08, 2011 7:48 pm    Post subject:
    ----
So you want to the give the travelling users the ability to install applications while they are travelling?

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Thu Jun 09, 2011 6:53 am    Post subject:
    ----
georgec, it sounds like he wants to allow his users to update existing applications?

Author: manningLocation: Northern Ohio USA PostPosted: Thu Jun 09, 2011 3:23 pm    Post subject:
    ----
I want people to be able to use things like go to meeting and webex. As I stated, in the past with XP users could install or update these plugins without elevated privileges, but this is not the case with Win 7. Frankly I'm kind of glad in a way since they also used to install stupid toolbars and the like.

My situation is that we are supply chain consultancy and my users wind up on site for extended period as facilities are being built and going live. They frequently need to install local printers, which has been a problem since XP SP2 I think, VPN clients, ActiveX controls for web based warehouse management systems, etc. They are pretty hamstrung with Win7. Even granting Net config operator rights for example doesn't seem to allow them to make network changes.

My fallback option is to create a local user with elevated privileges so if they do wind up in a situation where they have to install or update something like WebEx they can do so. Obviously I won't tell them about that user until they are in a situation that requires it. My only concern is once users figure out there is a local admin account that they can access, they will start to get out of hand.

Author: georgec PostPosted: Thu Jun 09, 2011 6:11 pm    Post subject:
    ----
Your requirement is a tough one Smile I am not sure if you can work around using Software Restriction Policies which are found in Windows 7, Vista and XP as they might have some limitations but AppLocker – Application Control Policies are quite powerful. You can specify which users can run specific applications. The only problem is that they are available only in Windows 7 Enterprise and Ultimate editions!
Check this article for a quick intro to start testing your scenario - http://www.windows7library.com/blog/security/how-to-restrict-applications-using-applocker/

Author: manningLocation: Northern Ohio USA PostPosted: Fri Jun 10, 2011 7:33 pm    Post subject:
    ----
That looks promising. I'm going to have to play with that a bit and see if I can creating effective rules with it without cramping too many people.

Thank you

Author: AdamVLocation: Leeds, UK PostPosted: Sat Jun 11, 2011 4:06 am    Post subject:
    ----
If you do go down the route of a local account you can let the use, don't forget you can use PwdMan to change the password remotely (when it is next in the office, say) so they can't keep going back and abusing it.

More info: http://wp.me/p2I5L-c

Also, you may be able to install and update these apps proactively for them using GPSI, and avoid the problem altogether.



Networking/Security Forums -> Windows


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group