Installing Clients w/o Admin rights

Our company policy will not allow giving users local Admin rights to their machines.
Does anyone have a complete list of Registry keys that will need to be set to Full Control for the group "Users"?

I got a list from JDE, but it seems to be a bit incomplete. I still get quite a few error messages during the install.

On the same subject:
What are all the functions a user needs to be a local Admin for? My list so far is essentially only 2: Installs (Package deployments), and DD replication. Do other replications require Admin rights? What about any other functions?

Thanks for your help!

Are you using NT, 2000 or XP clients? Check the doc on the download section
of www.jdelist.com titled Fat Client Management.

Essentially here are the Registry Keys that all users need Full access to:
[HKEY_LOCAL_MACHINE\SOFTWARE\JDEdwards]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
[HKEY_CLASSES_ROOT] (Windows 2000 and XP only - not NT)


Colin

Here is the info from JDE.


HowTo Data Classification: Confidential

----------------------------------------------------------------------------
----

Title: Setting up full access to the JDEdwards software key on NT
workstations
Abstract: Granting access to the JD Edwards software key to allow update
package installations on workstation without LAN administrative authority.

Product OneWorld
Suite Technical
Release All
Document ID OTI-01-0077
Date Created 05/21/2001
Date Reviewed 05/21/2001
Date Revised 05/21/2001

----------------------------------------------------------------------------
----

How to have full access to the J D Edwards software key without LAN
administrative authority

----------------------------------------------------------------------------
----

1. From the Start toolbar, select Run

2. Enter the command regedt32 and select the OK button.

3. Click on the window entitled HKEY_LOCAL_MACHINE on the local machine.

4. Double click the Software folder. Locate and highlight JDEdwards.

5. From the menu bar select security, then select permissions.

6. Highlight the Everyone group. From the Type of Access Field drop down
menu select Full Control.

7. Place an X in the Replace Permissions on Existing Subkey box. Click
OK.

Thai Nguyen
J.D. Edwards System Admin.
email: [email protected]

If you are using Windows 2000 Active Directory in your enterprise, here is a Security Template that we use to set the specific registry key permissions, at a fine-grained level. We place all Win2kPro computers with JDE installed in an OU, and apply the Security Template to the OU. It also changes the permissions on the JDE.INI, which a user needs elevated permissions for. Works great for Windows 2000 clients - mileage may vary.

Thank you, thank you, thank you ScottyMac!
We ARE using Active Directory and W2K machines, so this should be just what we need.
One add-on question for you: Does this work for initial installs (before the JDE keys are there), or just for package deployments after the inital installs?

This does not work for initial installs, as we only want Administrators doing those. If you have any issues with the Security Template in your scenario, simply monitor the registry keys that are denied access using Regmon, and add them to the template using the MMC Snap-In.