Making "Run advertised programs" available only to members of the local administrators group on targeted machine..
- Hi!
I was wondering.. Is it possible to make "run advertised programs" only available to members of the local administrators group? The reason I ask is that we use SCCM to deploy applications to our servers and we do not want everyone to be able to install applications. I know its possible to make the application not show up in the "Run advertised programs" but its a nice feature that we would like to keep as long as we can control access to it :)
Answers
Well if you have a Domain group that you use for the Local Admins group then you could deploy the Adv per user, but then if they logged into another machine then they would see it.
One way to accomplish this is to write a vbscript wrapper that when the user clicks to run the adv it would then lookup [is current user in the local admin group]
if so then it can kick off otherwise it would exit.
I assume your running in a locked down enviroment where all the users are running in domain user rights only.
http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com- Marked As Answer byNico_ Monday, November 09, 2009 2:00 PM
All Replies
Well if you have a Domain group that you use for the Local Admins group then you could deploy the Adv per user, but then if they logged into another machine then they would see it.
One way to accomplish this is to write a vbscript wrapper that when the user clicks to run the adv it would then lookup [is current user in the local admin group]
if so then it can kick off otherwise it would exit.
I assume your running in a locked down enviroment where all the users are running in domain user rights only.
http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com- Marked As Answer byNico_ Monday, November 09, 2009 2:00 PM
- You could also have a look at tasksequences with conditions (that's basically the idea Matthew already mentioned).
