Questions

User/Software Management - This is a difficult one

+
1 Votes
Locked

User/Software Management - This is a difficult one

Nikolzox3
So here is the scenario;

I've not long begun a new role, on arrival i was made aware that EVERY user within the business has local ADMIN rights. To which i replied "pardon?!".

As a result of this, as im sure you can imagine. I have a 'rebuild' list as long as my arm which is continually growing.

There is a reason for this however! A major part of what the company does is consultancy all over the world and mainly in very rural areas which have limited/no internet connectivity. I.e Africa, Areas of Pakistan (Also rife for virus/malware).

Usually the clients have software packages or clients etc. which our consultants must install to access the clients databases/systems. Due to the lack of internet connectivity, this isn't something we can even do remotely - Therefore they have local admin to do it themselves.

Help!! This is causing me a world of headaches!

Here's what i would like to achieve;
1) I want to remove all local admin rights from the user accounts
2) I want to enable users to install software temporarily in a 'quarantined' area (i think 'sandbox' solutions sort of do this?? I'm not 100%) - Obviously i would want this to be the ONLY place they can install and ideally on a different partition. (Easy to format when it goes 'belly up') - which it always does hence the rebuild list.

Any Help, Advice, Resources, Software recommendations would be much appreciated.

Thanks in advance.
  • +
    1 Votes
    scndtnr

    something like Deep Freeze. I've seen it in use in a public computer lab; users were free to install stuff, make configuration changes, etc., but the PC would revert back to a "base state" on reboot.

    +
    0 Votes
    Nikolzox3

    Thanks - Sounds great, i will look in to this one and update.

    Thanks again.

    +
    0 Votes
    Nikolzox3

    Hi, Have looked into this one.

    Unfortunately, the consultants need the 'client packages' for the length of there stay 'on-site' during their project/s. This means them reinstalling the applications every day which isn't really viable.

    Unless i can 'force' installation to another partition for everything or change the 'wipe' from "every restart" to every "20 restarts" or "once a week"?

    Thanks again for the suggestion.

    Adam

    +
    1 Votes
    OH Smeg

    Though I'm not sure that either Steady State or Deep Freeze is what is required here.

    http://www.microsoft .com/download/en/details.aspx?id=24373

    Just remember to remove the space for a working URL.

    Col

    +
    0 Votes
    Nikolzox3

    This also sounds very good! - Thanks.

    Sorry for the lack of info, thankfully this one is soley a windows environment!

    The idea here is to partition off the hard disks and have the users work on the non system parition (Stroage). They can install the clients software they need on 'C:' but this will revert back after use.

    When the laptops gives up, which there always doing i can get rid of the infect/corrupt partition as opposed to 'rebuild'

    This is all helpful stuff! Thankyou.

    +
    0 Votes
    Nikolzox3

    I now see what you meant by OS, this isn't supported for Win7. Infact, this isn't supported atall anymore.

    We're using mainly Windows 7 x64.

    Were deffinately on the right track though!

    Thanks,
    Adam

    +
    0 Votes
    a.portman

    Virtualbox (https://www.virtualbox.org/) is a visualization system that will work in a Win XP/7 environment. You could create a virtual computer within the users desk top. They would be admins on the virtual machine, but not the host. Install, trash whatever inside the virtual machine, it does not matter. You could then have a backup of the original machine to revert to.

    The other thing would be to send the users out in the field with an image DVD. When the project is over, image back to a clean state.

    +
    0 Votes
    Nikolzox3

    Hi, this is an interesting one.

    I had not thought of this to be honest - certainly a different route. My main concern toward this would be the 'non-tech' users. I have trouble getting them to understand physical machine, let alone virtual ones.

    Will have a good poke around and see if i could make this viable though.

    Thanks.

    +
    0 Votes
    Alan.craig1499

    After installing the Vmbox make a snapshot of the virtual machine. After they finish with the project the consultant can revert to the original as installed configuration. You can also make a copy/image and keep it on your server.

    If all the laptops are the same, you may even be able to use this "Master image" to install the same virtual machine to all of the laptops. That way they will be identical and easier to manage. Even if you need to create a few different images, it is easier to apply the image than to rebuild each machine.

    +
    1 Votes
    Kenone

    Sandboxie, might work for you.

    +
    0 Votes
    Nikolzox3

    Hi,

    Sandboxie was my very first port of call. This only issue im having with this is that we want to tie installs ONLY to sandboxie, without admin permissions.

    Would you know if this is possible?

    Thanks for bringing this one up.

    Ive also been looking at other 'sandbox' stuff but im not sure it works in the same way as 'Sandboxie'.

    Thanks Again,
    Adam

  • +
    1 Votes
    scndtnr

    something like Deep Freeze. I've seen it in use in a public computer lab; users were free to install stuff, make configuration changes, etc., but the PC would revert back to a "base state" on reboot.

    +
    0 Votes
    Nikolzox3

    Thanks - Sounds great, i will look in to this one and update.

    Thanks again.

    +
    0 Votes
    Nikolzox3

    Hi, Have looked into this one.

    Unfortunately, the consultants need the 'client packages' for the length of there stay 'on-site' during their project/s. This means them reinstalling the applications every day which isn't really viable.

    Unless i can 'force' installation to another partition for everything or change the 'wipe' from "every restart" to every "20 restarts" or "once a week"?

    Thanks again for the suggestion.

    Adam

    +
    1 Votes
    OH Smeg

    Though I'm not sure that either Steady State or Deep Freeze is what is required here.

    http://www.microsoft .com/download/en/details.aspx?id=24373

    Just remember to remove the space for a working URL.

    Col

    +
    0 Votes
    Nikolzox3

    This also sounds very good! - Thanks.

    Sorry for the lack of info, thankfully this one is soley a windows environment!

    The idea here is to partition off the hard disks and have the users work on the non system parition (Stroage). They can install the clients software they need on 'C:' but this will revert back after use.

    When the laptops gives up, which there always doing i can get rid of the infect/corrupt partition as opposed to 'rebuild'

    This is all helpful stuff! Thankyou.

    +
    0 Votes
    Nikolzox3

    I now see what you meant by OS, this isn't supported for Win7. Infact, this isn't supported atall anymore.

    We're using mainly Windows 7 x64.

    Were deffinately on the right track though!

    Thanks,
    Adam

    +
    0 Votes
    a.portman

    Virtualbox (https://www.virtualbox.org/) is a visualization system that will work in a Win XP/7 environment. You could create a virtual computer within the users desk top. They would be admins on the virtual machine, but not the host. Install, trash whatever inside the virtual machine, it does not matter. You could then have a backup of the original machine to revert to.

    The other thing would be to send the users out in the field with an image DVD. When the project is over, image back to a clean state.

    +
    0 Votes
    Nikolzox3

    Hi, this is an interesting one.

    I had not thought of this to be honest - certainly a different route. My main concern toward this would be the 'non-tech' users. I have trouble getting them to understand physical machine, let alone virtual ones.

    Will have a good poke around and see if i could make this viable though.

    Thanks.

    +
    0 Votes
    Alan.craig1499

    After installing the Vmbox make a snapshot of the virtual machine. After they finish with the project the consultant can revert to the original as installed configuration. You can also make a copy/image and keep it on your server.

    If all the laptops are the same, you may even be able to use this "Master image" to install the same virtual machine to all of the laptops. That way they will be identical and easier to manage. Even if you need to create a few different images, it is easier to apply the image than to rebuild each machine.

    +
    1 Votes
    Kenone

    Sandboxie, might work for you.

    +
    0 Votes
    Nikolzox3

    Hi,

    Sandboxie was my very first port of call. This only issue im having with this is that we want to tie installs ONLY to sandboxie, without admin permissions.

    Would you know if this is possible?

    Thanks for bringing this one up.

    Ive also been looking at other 'sandbox' stuff but im not sure it works in the same way as 'Sandboxie'.

    Thanks Again,
    Adam