Hi All ,

We have implemented CA USD tool in our company for software deployment . All desktops are locked down (No access to c drive) . In this scenario we want to install the applications with elevated rights .

We want to open up restricted areas in C drive on an application basis so that they can write runtime data to those directories with elevated rights .

Most of the people suggest to create application groups in AD and elevate rights for that group to restricted directories (C:\PF|[ProductName] ) and then deploy the application hence during installation rights to identified restricted folders will be elevated .

I have few questions (I am new to AD policies):

1) Does right elevation for such directories mean adding this application group to the Administrator group and then deploy
OR

2) Actually access target directory folders in the AD and assign elevated permissions

Kindly suggest pointers to best practises for the same from your experience .

Cheers ,
V
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Hi V,

I also need to let (badly written!) apps write back to their local install location and subfolders.

I got round it by writing an MSI that elevates privileges on the install location for named local groups.

K
Answered 08/19/2005 by: Qazmo
Orange Belt

Please log in to comment
0
why do we need to write an msi . I have read that this can be achieved through gpo .

Has anybody tried this ?

Cheers ,
V
Answered 08/21/2005 by: viv_bhatt1
Senior Purple Belt

Please log in to comment
0
I don't get your question, are you asking

1. how to install applications through CA USD with elevated rights?
2. how to open upp security permissions (write) to special files, folders or registry that users need to use "bad written" applications?
Answered 08/21/2005 by: AngelD
Red Belt

Please log in to comment
0
> why do we need to write an msi?

Weeeeeellllll...because you originally said:

> We want to open up restricted areas in C drive on an application basis so that they can write runtime data to those directories with elevated rights

And (as far as I'm aware) GPO isn't that granular.
Answered 08/22/2005 by: Qazmo
Orange Belt

Please log in to comment
0
GPO can be used to set access rights
Answered 08/22/2005 by: AngelD
Red Belt

Please log in to comment
0
Your question isn't really clear, but could the solution be as simple as cacls?
Answered 08/25/2005 by: shuffle
Orange Belt

Please log in to comment
Answer this question or Comment on this question for clarity