This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 38%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECG%3C/text%3E%3C/svg%3E)
Hi Guys,
I am trying to find the best secure way to deploy multiple applications. I was expecting I could create a user resource account to deploy the software to desktop / severs. I would have through that there would be a domain security group for this but I cannot find one. Most people indicate they create an account and add it to the local administrators group. Yet if you are pushing it to all computer why not just make it a domain account, then block the rights to logon locally, or make it a local admin and then block logon locally.
I would like to hear what people think is the best secure method? Whether you have to have Admin rights to install an application? Please note that a Group Policy installation will not work as we would like to push application from a deployment package.
Thanks for your time.
Craig
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hello,
Thank you so much for posting here.
According to our description, we will not use Group Policy to install the software. Usually we could use this Group Policy to automatically distribute programs to client computers or users.
As per my understanding, we would like to create a user account (with no admin rights)to be able to install the software. Whether it needs admin rights or not depends on the applications. According to my research, the most suggestion is to add an AD security group to the local administrators group.
Reference:
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello @Craig Garland ,
I am checking how the issue is going, if you still have any questions, please feel free to contact us.
Thank you so much for your time and support.
Best regards,
Hannah Xiong
Hi,
After reviewing your message, I have decided that the best option is to create a standard domain account. Give it local admin rights on each desktop. (Push with group policy.) We will also block the account from log on locally which in increase protection and reduce the chance of the account being compromised.
It looks like an account needs to be administrator to install software, unless that is a user only based application.
Thanks
Craig