rights elevation for applications during deployment in a locked down environment
Hi All ,
We have implemented CA USD tool in our company for software deployment . All desktops are locked down (No access to c drive) . In this scenario we want to install the applications with elevated rights .
We want to open up restricted areas in C drive on an application basis so that they can write runtime data to those directories with elevated rights .
Most of the people suggest to create application groups in AD and elevate rights for that group to restricted directories (C:\PF|[ProductName] ) and then deploy the application hence during installation rights to identified restricted folders will be elevated .
I have few questions (I am new to AD policies):
1) Does right elevation for such directories mean adding this application group to the Administrator group and then deploy
OR
2) Actually access target directory folders in the AD and assign elevated permissions
Kindly suggest pointers to best practises for the same from your experience .
Cheers ,
V
We have implemented CA USD tool in our company for software deployment . All desktops are locked down (No access to c drive) . In this scenario we want to install the applications with elevated rights .
We want to open up restricted areas in C drive on an application basis so that they can write runtime data to those directories with elevated rights .
Most of the people suggest to create application groups in AD and elevate rights for that group to restricted directories (C:\PF|[ProductName] ) and then deploy the application hence during installation rights to identified restricted folders will be elevated .
I have few questions (I am new to AD policies):
1) Does right elevation for such directories mean adding this application group to the Administrator group and then deploy
OR
2) Actually access target directory folders in the AD and assign elevated permissions
Kindly suggest pointers to best practises for the same from your experience .
Cheers ,
V
0 Comments
[ + ] Show comments
Answers (6)
Please log in to answer
Posted by:
Qazmo
18 years ago
Hi V,
I also need to let (badly written!) apps write back to their local install location and subfolders.
I got round it by writing an MSI that elevates privileges on the install location for named local groups.
K
I also need to let (badly written!) apps write back to their local install location and subfolders.
I got round it by writing an MSI that elevates privileges on the install location for named local groups.
K
Posted by:
viv_bhatt1
18 years ago
why do we need to write an msi . I have read that this can be achieved through gpo .
Has anybody tried this ?
Cheers ,
V
Has anybody tried this ?
Cheers ,
V
Posted by:
AngelD
18 years ago
I don't get your question, are you asking
1. how to install applications through CA USD with elevated rights?
2. how to open upp security permissions (write) to special files, folders or registry that users need to use "bad written" applications?
1. how to install applications through CA USD with elevated rights?
2. how to open upp security permissions (write) to special files, folders or registry that users need to use "bad written" applications?
Posted by:
Qazmo
18 years ago
> why do we need to write an msi?
Weeeeeellllll...because you originally said:
> We want to open up restricted areas in C drive on an application basis so that they can write runtime data to those directories with elevated rights
And (as far as I'm aware) GPO isn't that granular.
Weeeeeellllll...because you originally said:
> We want to open up restricted areas in C drive on an application basis so that they can write runtime data to those directories with elevated rights
And (as far as I'm aware) GPO isn't that granular.
Posted by:
shuffle
18 years ago
Your question isn't really clear, but could the solution be as simple as cacls?
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.