Results 1 to 9 of 9

Thread: Signed installers in Active Directory

  1. #1
    Member
    Join Date
    Aug 2005
    Posts
    74
    Thanks
    0
    Thanked
    0 times in 0 posts

    Signed installers in Active Directory

    I'd like to be able to grant non-local-administrator users on our domain the right to install packages signed by my organisation (we can get whatever certs are needed, and create MSI/exe packages fine).

    Is there a simple way to do this? Even if you add the organisation as trusted, users still don't have the rights to do the install. I know we could distribute packages using GP, and we do that lots, but there are a few programmes and other bits and bobs it would be nice to allow users to install themselves (and without doing an advertised link, either).

    Thanks in advance.

  2. #2
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    have you anything like SMS in your envornment ?
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  3. #3
    Member
    Join Date
    Aug 2005
    Posts
    74
    Thanks
    0
    Thanked
    0 times in 0 posts
    Most of our machines (should be all of our machines, but it's taking a while to track them all down) are installed with RIS, and then managed with Group Policies on the installation of specific MSI packages. We've got a few scripts about the place too, but that's it.

    So that's a no we don't have SMS, really.

  4. #4
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    its not a good solution to start letting users install stuff.

    Could you deploy the applications via RPC on each terminal as an when.

    If your not using SMS, and there isn't a good reason why not to use it, i'd highly recomend using it. (As i'm sure Moby-Dick would agree).
    throw new ArgumentException (String, String, Exception)

  5. #5
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    Oddly enough we dont use it either but that a decision I didn't have any input in.
    Most of our stuff is deployed with custon scripts - we dont use gp to deploy software to keep our DC's lightweight ish ( with 500 of them , replication isn't fun )
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  6. #6
    Member
    Join Date
    Aug 2005
    Posts
    74
    Thanks
    0
    Thanked
    0 times in 0 posts
    I suppose advertised installs would probably do it, but there are some licensing issues (things like, for example, OEM CD burning s/w that only came with specific machines).

    The more I think about it, there's not a huge amount of difference between advertised installs and giving the users the package. What would SMS actually do for us that we can't currently do with GPs?

  7. #7
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    SMs is better form an inventory / reporting point of view.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  8. #8
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    with some advertised packages , they still require you to key in a licence code so you can exert some controll that way ?
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  9. #9
    Member
    Join Date
    Aug 2005
    Posts
    74
    Thanks
    0
    Thanked
    0 times in 0 posts
    That would work, but they're fairly rubisshy bits of software really. We're due a chunk of money in a few months, so SMS might have to go on the list along with Exchange and a few other bits and bobs.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Microsoft Active Directory
    By Taz in forum Help! Quick Relief From Tech Headaches
    Replies: 5
    Last Post: 17-11-2005, 05:23 PM
  2. Active Sync - Email syncs
    By LaughingJon in forum Smartphones and Tablets
    Replies: 3
    Last Post: 13-09-2005, 03:06 PM
  3. Replies: 8
    Last Post: 07-04-2004, 02:45 PM
  4. Active Directory
    By Raz316 in forum Software
    Replies: 2
    Last Post: 16-02-2004, 12:40 PM
  5. Domains, DNS and Active Directory
    By Howard in forum Networking and Broadband
    Replies: 2
    Last Post: 24-01-2004, 10:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •