I looking for solution about let normal user (on Standard Group) install all programs using special account like " Installer " but prohibit access to the log on that account and make changes on system such as : add/edit/delete user , change system settings, run command line as admin right, etc..
or if someone knows free ready-made solution. I'm open to suggestions..
all that we must do by using K1000
Explanation
We have much computer registered on K1000 (remarkable thing is that all of these computers are on the WAN network - computers are on different cities). We monitor them and make small changes using scripts. Now someon of the managers came up so that each user could install programs.. but keep control of the unit because we are the guarantor of a running system. All this is done using scripts or free software of course, using the K1000..
what I made
# script .batch
net user Installer /ADD /PASSWORDCHG:NO
wmic useraccount where Name='Installer' SET PasswordExpires=FALSE”
net localgroup Administrators Installer /add
now it's problem. When I create manual directory for user like
everything sounds OK! but.. if we try log in on the accound Installer - system begin make to structure profile directory self with a different name
as Installer.ComputerName or Installer.001 etc.
I do not know how to get him to use this directory C:\Users\Installer as the user directory.
another problem is when I want to upload .reg file on the user register (as Installer to HKCU) - I can not because register is not formed by system for that user.
The problem is caused by creating the C:\Users\Installer folder before that user has ever logged in. When Windows goes to create that profile, it will see that C:\Users\Installer folder already exists, and create a new folder.
What you would need to do is also pre-define the profile folder for that user. However, that gets kind of tricky because the only way I know of to do that is to modify the registry. For that you would need to know the SID of the newly created user in order to manipulate the ProfileList key for that user.
I'm curious, if you're doing this all through the K1000, why not use the User Console Library, and make scripts or managed installs available to your users that way? It runs via the KACE Agent, so it would run from the Local System account, thereby not needing a separate user.
Do if i add some software to K1000 Library then each users must download from k1000 server that software?
If yes, then problem is, because each users are connect to k1000 from WAN network (not LAN like usually) with different network parameters. One have 4 mb/s another 10 mbps so they will be download software like office package who have ~1GB date about i don't know .. one week?
Comments:
set up replication servers at each site and configure it so they get their files from the local rsa. -
SMal.tmcc
8 years ago
This website uses cookies.
By continuing to use this site and/or clicking the "Accept" button you are providing consent
Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our
websites or when you do business with us. For more information about our
Privacy Policy and our data protection
efforts, please visit
GDPR-HQ
