I am looking to deploy a piece of vital software within the organization. This is a domain-based setup, with everyone having just basic user accounts. However, the software in question demands to run with administrative rights.
I would normally just use /savecred on a standalone computer, to provide admin access to the program while in a restricted user account, but in a domain I am not sure this will still work reliably.
I can create and use an administrative account for just this program (and hand it out to everyone), but this means I would have to manage and maintain another account with its own password. Plus, then anyone can log onto the domain using this account - not good.
However, there are such things as Managed Service Accounts that can be used - in a domain, can I use these to allow basic domain users to launch programs that demand administrative rights?
Specifically, I want users to be able to launch the program with zero additional input - no usernames, no passwords, no elevated rights. Everything should be transparent so the program just runs, despite running in a basic User account.
No comments:
Post a Comment