DLL registration without local administrator rights

Business/IT alignment
Desktop management applications
Microsoft Windows
SQL Server
Hi there We create an Excel addin using MATLAB Builder for Excel. Our IT department has taken away local administrator rights from all users of our addin. We are able to install the addin using Altiris, but how can we allow users without admin rights to upgrade to new versions of our addin? To upgrade, they need to register a DLL(same name every time) and they need write access to a folder called C:SCMBExcelTools. Would it be possible to permit upgrades using Group Policy? Please point me to documentation/references that describe how to do it. Thank you very much, Willem van Schalkwyk

Answer Wiki

Thanks. We'll let you know when a new response is added.


We use BeyondTrust Privilege Manager to elevate permissions to applications while the user still has user rights.

snippet from beyondtrust http://www.beyondtrust.com/products/PrivilegeManager.aspx

BeyondTrust? Privilege Manager gives organizations the ability to implement the fundamental security principle of least privilege using native Windows security constructs. This principle is essential not only as a security best-practice, but also to satisfy most security-focused regulatory compliance directives. The principle is defined in the famed ?Orange Book? as follows:

?Least Privilege ? This principle requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.?

The product is implemented as a true Group Policy extension that allows administrators to attach permission levels to applications. Applications, users and computers are targeted using standard Group Policy conventions and Privilege Manager per-setting filters. Simply specify the application and which security groups should be added to and/or removed from the process token when the application is launched.


Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Jjuliannc
    You can register a DLL by using an account that does not have administrative credentials as long as the DLL does not write to the registry or change files in the System32 folder. That said, updating an existing dll with a new version of the same name with existing keys in the HKEY_CURRENT_USER hive should not be an issue. The custom folder C:SCMBExcelTools (assuming not "C:Program FilesSCMBExcelTools") should not be affected by the security level of the logged on user unless the IT admin or through the logon process the folder security is being set restrictive. Hope this helps. Aideme
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: