# [SOLVED] Domain Users Install Programs



## cl0udedth0ught (Sep 29, 2004)

Hi, We have a small network where I work. We have a server running Server 2003 Enterprise edition set up as a domain controller and 10-15 workstations running Windows XP SP3. Anyway, some of the user accounts were created before I started here and they have the ability to install software as needed. These "original users" with installation ability are members of the following: Domain users, standard_updates,updates_group,and users in the active directory. However, they have access to install/use the software we use here. However, I recently created 2 new user accounts, and it says access denied when trying to install and use the software we use here. So i created another temp account and made it a member of the domain admin group and went into gpedit.msc and made sure that I selected user accounts ability to be able to install programs from there and it works for this account. Now the problem is, I don't want to make these users domain admins. I just want them to be able to install software as needed. I don't understand why the permissions aren't the same for the new users. I know Im probably missing something simple but I can't seem to figure out what I'm doing wrong.:4-dontkno

Thanks in advance for any and all help.


----------



## cluberti (Aug 26, 2010)

*Re: Domain Users Install Programs*

You must have the ability to write to all kinds of locations in the registry and filesystem, not to mention holding certain privileges a normal user does not, to install software as a non-admin on XP. Sounds like the permissions on these machines have been hacked all to shreds to make it work, and in general it is definitely NOT a good idea (you have to basically make the user an administrator anyway, with the security and permissions changes to a system, to make this work - if a user can install software, they're an administrator, even if not in technical group membership). It would be better to use software designed to make this happen if you don't wish to make users admins (and you shouldn't, if you can avoid it).


----------



## cl0udedth0ught (Sep 29, 2004)

*Re: Domain Users Install Programs*

Yeah thats what I was afraid of. I haven't been working here super long but I can't figure out for the life of me how they did it with the other user accounts. The problem is, the work we do requires the use of this specific software thats set up to work with our database. I tried even temporarily making the user accounts admins so I could install the software but that doesn't work either. The software gives error messages when you try and use it after switching them back to just "domain_users". We absolutely have to use this software (its not up to me) so not sure what to do other than leave the users as admins which im not too happy with either.

Thanks for the reply though. Any other suggestions are welcome


----------



## JMPC (Jan 15, 2011)

*Re: Domain Users Install Programs*

Are the users, old or new, local admins on those machines? Are they able to log into the local admin account to do the install?

Is this software something they have to install more than one time?


----------



## cl0udedth0ught (Sep 29, 2004)

*Re: Domain Users Install Programs*

I will try and be more clear. I find this a little difficult to try and explain. Here goes...

Some of the users were there before I started working here and they "seem" to have local admin rights...but the problem is concerning new users that I'm trying to add. When I create the new user accounts, I make them members of the same "groups" in the active directory as the other users that were already created and they can't install or use the software we need but the other users can who were previously added. 

The software only gets installed once, but doesn't seem to work properly unless they are give admin privelages. The users have to sync handheld janam scanners that communicate with our servers/database. If the user doesn't have admin privelages, we get an error message when we try and sync the scanner with the database.

I hope that makes things a bit more clear.

Thanks for all the help


----------



## JMPC (Jan 15, 2011)

*Re: Domain Users Install Programs*

Do you know if the users who are able to install and use the software are members of the local admins group on the workstations?


----------



## cl0udedth0ught (Sep 29, 2004)

*Re: Domain Users Install Programs*

Yes, that is why it wasn't working. The other original users were made into local admins but I never physically verified it until you brought it up. Thanks you so much for your help. Talk about overlooking the obvious. LOL


----------

