Looking suggestion, how to delegate an user or group for Patch installation.
AD delegation for Patch installation
- 507 Views
- Last Post 01 March 2017
Thanks Atul; for reply but actually I am not looking only for Patch, it could be any apps, hotfix or Patch, that can be install with specific delegation.
Please suggest if there is any.
On Feb 27, 2017 12:03 PM, "Atul A" <theatula@xxxxxxxxxxxxxxxx> wrote:
have a look at URL
Thanks Ken for reply.
Please keep all the tools aside. I just wanted to know can we delegate an user or group for manual installation? As we know that without local administrator privilege installation can't be done.
Is there any way to delegate without giving admin privilege ?
On Feb 28, 2017 2:13 AM, "Ken Schaefer" <ken@xxxxxxxxxxxxxxxx> wrote:
What are your actual requirements?
Most organisations would use a deployment tool that has its own roles/permissions/delegation model, and a trusted subsystem model (aka a trusted
agent on the target hosts). Microsoft has one called System Center Configuration Manager.
You are talking about rights on a server itself – that is separate to delegation within AD, which provides rights (e.g. reset password) within AD.
There is no “delegation” in Active Directory that permits installation of patches on a server (or workstation)
When deploying patches, many possible things may be altered: file system, registry, DCOM/RPC, services etc. – a user would need appropriate permissions
to every single one of these resources in order to deploy the particular patch.
Hence why these 3rd party tools exist.