Hi there!

I looking for solution about let normal user (on Standard Group) install all programs using special account like " Installer " but prohibit access to the log on that account and make changes on system such as : add/edit/delete user , change system settings, run command line as admin right, etc..
or if someone knows free ready-made solution. I'm open to suggestions.. 

all that we must do by using K1000 

Explanation 
We have much computer registered on K1000 (remarkable thing is that all of these computers are on the WAN network - computers are on different cities). We monitor them and make small changes using scripts. Now someon of the managers came up so that each user could install programs.. but keep control of the unit because we are the guarantor of a running system. All this is done using scripts or free software of course, using the K1000..

what I made 

# script .batch
net user Installer /ADD /PASSWORDCHG:NO 
wmic useraccount where Name='Installer' SET PasswordExpires=FALSE”
net localgroup Administrators Installer /add

now it's problem. When I create manual directory for user like
mkdir C:\Users\Installer\AppData\Roaming\Microsoft\Windows\”Start Menu“\Programs\Startup\

and put there
echo shutdown -l -f > logout.bat 

everything sounds OK! but.. if we try log in on the accound Installer - system begin make to structure profile directory self with a different name
as Installer.ComputerName or Installer.001 etc.
I do not know how to get him to use this directory C:\Users\Installer as the user directory.

another problem is when I want to upload .reg file on the user register (as Installer to HKCU) - I can not because register is not formed by system for that user.

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

3
make the software available via the user portal and say install. It will install as system then.
Answered 10/12/2015 by: SMal.tmcc
Red Belt

Please log in to comment

Answers

2

The problem is caused by creating the C:\Users\Installer folder before that user has ever logged in. When Windows goes to create that profile, it will see that C:\Users\Installer folder already exists, and create a new folder.

What you would need to do is also pre-define the profile folder for that user. However, that gets kind of tricky because the only way I know of to do that is to modify the registry. For that you would need to know the SID of the newly created user in order to manipulate the ProfileList key for that user.

I'm curious, if you're doing this all through the K1000, why not use the User Console Library, and make scripts or managed installs available to your users that way? It runs via the KACE Agent, so it would run from the Local System account, thereby not needing a separate user.

Answered 10/12/2015 by: BHC-Austin
Fourth Degree Black Belt

Please log in to comment
2
Do if i add some software to K1000  Library then each users must download from k1000 server that software? 
If yes, then problem is, because each users are connect to k1000 from WAN network (not LAN like usually) with different network parameters. One have 4 mb/s another 10 mbps so they will be download software like office package who have ~1GB date about i don't know .. one week?
Answered 10/13/2015 by: Najkon
White Belt

  • set up replication servers at each site and configure it so they get their files from the local rsa.
Please log in to comment
Answer this question or Comment on this question for clarity
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja

Share