Home > IT Answers > CIO > DLL registration without local administrator ...
Help

Question

  Asked: Nov 22 2006   11:56 AM GMT
  Asked by: NotAnAdministrator

DLL registration without local administrator rights


Business/IT alignment, OS, Servers, SQL Server, Security, Desktops, Management, Microsoft Windows, DataCenter, Desktop management applications, Altiris, Software

Hi there

We create an Excel addin using MATLAB Builder for Excel.

Our IT department has taken away local administrator rights from all users of our addin.

We are able to install the addin using Altiris, but how can we allow users without
admin rights to upgrade to new versions of our addin? To upgrade, they need to register a
DLL(same name every time) and they need write access to a folder called C:SCMBExcelTools.

Would it be possible to permit upgrades using Group Policy? Please point me to documentation/references that describe how to do it.

Thank you very much,

Willem van Schalkwyk

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Nov 22 2006  2:14 PM GMT  by Dipstah




Hello,

We use BeyondTrust Privilege Manager to elevate permissions to applications while the user still has user rights.

snippet from beyondtrust http://www.beyondtrust.com/products/PrivilegeManager.aspx

BeyondTrust? Privilege Manager gives organizations the ability to implement the fundamental security principle of least privilege using native Windows security constructs. This principle is essential not only as a security best-practice, but also to satisfy most security-focused regulatory compliance directives. The principle is defined in the famed ?Orange Book? as follows:

?Least Privilege ? This principle requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.?

The product is implemented as a true Group Policy extension that allows administrators to attach permission levels to applications. Applications, users and computers are targeted using standard Group Policy conventions and Privilege Manager per-setting filters. Simply specify the application and which security groups should be added to and/or removed from the process token when the application is launched.

Regards
Mike
  • AddThis Social Bookmark Button

Browse more Questions and Answers on CIO, Microsoft Windows and DataCenter.

Looking for relevant CIO Whitepapers? Visit the SearchCIO-Midmarket.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

jjuliannc  |   Nov 22 2006  4:00PM GMT

You can register a DLL by using an account that does not have administrative credentials as long as the DLL does not write to the registry or change files in the System32 folder.

That said, updating an existing dll with a new version of the same name with existing keys in the HKEY_CURRENT_USER hive should not be an issue.

The custom folder C:SCMBExcelTools (assuming not “C:Program FilesSCMBExcelTools”) should not be affected by the security level of the logged on user unless the IT admin or through the logon process the folder security is being set restrictive.

Hope this helps.

Aideme