Software Deployment

Turn on security auditing for all security access failures (i.e. access denied). Perform the desired action, then check the Security Event Log. That will tell you exactly what action is being denied access. From there you can create a local security policy to permit the resetting of the card, at a granular level, for regular users. You may need to go through this process several times until you are sucessful if there are multiple items that will be denied access in this process.

To prepare you, though, since you are dealing with hardware you will probably have a more difficult time as opposed to simple file/registry security blocks. You may find that it attempts to do things prohibited in a global policy.

Have you tried advertising the utility via SMS so that the end user selects it as if they were installing an application? If the job is set to run as SYSTEM it should be able to re-initialize the hardware.

You could also create a sufficiently privileged service that look for the existence of a ‘trigger file’ within an area of the disk that the user can write to. Once is ‘sees’ the file it runs the utility.

That’s all I can think of other that identifying the minimal account level i.e. POWERUSERS and perform a RUNAS or SU action that spawns off and runs the utility. However you would have to secure the Password and userID within the wrapper somehow (and be able to maintain it) – could be run from a network resource to overcome the maintenance issues although secutity issues still remain.

Good Luck,

JamesT

Usually, what I do is plug the PNP device and when the OS is asking for admin rights, I cancel the installation. Then I send the SMS package and the setup will completely install the device because SMS has full admin rights.

If you want to repackage it then try using the PNP Driver Installation Template listed in a sticky at the top of the forum. This template installs it to the machine and doesn't need user rights at all.