Forum Discussion

TurtleDeagon's avatar
TurtleDeagon
Copper Contributor
Oct 23, 2023

Group Policy to allow specific users to install specific software without admin privileges

I am a newly system administrator for an organization and I am trying to create a Group Policy that will allow specific users to download and use certain software like LogMeIn123 without having to use admin privileges. We don't want to give full admin rights, but only for this specific instance. I have done some research, but I am not sure the best way to set this up. The problem is our IT team consists of 3 members total and cannot be everywhere at once and this would be beneficial in key times.

 

I have seen some people recommend using a login script, but I am not sure how to do that. I have also seen some people recommend using a third-party tool which is out of the questions for our organization.

 

I am also open to other ways and ideas of having preforming this.

 

Can anyone please provide me with some instructions on how to set this up?

Thanks in advance for your help!

Additional information:

I am using Windows Server 2012R2.

I have a list of the specific users that I want to allow to install LogMeIn123.

I have the LogMeIn123 installation file located on a network server.

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi TurtleDeagon,

     

    To deploy "LogMeIn123" to specific users without granting them full admin privileges, you can try to use the following steps:

    Prepare the Software Package:

    1. Make sure you have a compatible installation package for LogMeIn123. If you have an MSI installer, that's ideal. If not, you may need to repackage the software into an MSI format. You can use tools like msiexec, WiX, or third-party applications for this purpose.
    2. Place the LogMeIn123 installation package on a network share accessible by the target computers. Ensure that the share permissions are set so that the user accounts you specify in Group Policy have read access to the folder containing the installation package.

    Create a New Group Policy Object (GPO):

    1. On your Windows Server 2012 R2, open the Group Policy Management Console (GPMC). You can do this by running "gpmc.msc" from the "Run" dialog or a command prompt.
    2. Create a new GPO by right-clicking on the domain or OU where you want to deploy the software and selecting Create a GPO in this domain, and Link it here...
    3. Give the GPO a name and click OK.

    Configure the GPO to Deploy LogMeIn123:

    1. Expand the GPO in the GPMC and navigate to Computer Configuration > Policies > Software Settings > Software Installation.
    2. Right-click on Software Installation and select New > Package.
    3. Browse to the network share location where the LogMeIn123 installation package is located and select it.
    4. Click Open.
    5. In the Deployment Properties dialog box, click the Assigned to tab.
    6. Click Add and select the security group that contains the users you want to allow to install LogMeIn123.
    7. Click OK to close the Deployment Properties dialog box.
    8. Click OK to close the Software Installation dialog box.

    Link the GPO to the Appropriate OU:

    1. Right-click on the GPO in the GPMC and select Link an Existing GPO.
    2. Select the OU where the target computers are located.
    3. Click OK.

    Test the Deployment:

    1. Log in as one of the users in the security group that you assigned the GPO to.
    2. Restart the computer.
    3. Log in again and check to see if LogMeIn123 is installed.


    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

Resources