Device Installation - Elevated Privileges

Hi, I have a quesiton which has been bugging me since we rolled out Vista to
our desktops almost a years ago....

Whenever I have to go to a users PC to install a new device (USB Storage Key
for example) I usually have to spend about 10 minutes there as the Elevated
Privileges dialoge box will pop up several times, as each component of the
device tries to install itself...

Is there any way to set this up so that when you apporve a device for
installation, all the drivers and components for that device are also
approved for install - it's quite frustratring having to spend 10 minutes
doing a task which should take 30 seconds!

Thanks in advance for any help/advice

Mike Dower
Sys admin - Ministry of Sound

Hello Mike,
You can use Group Policy to change this setting.
MMC.exe, load snap-in, Group Policy, Local machine.

Local Computer Policy
-Windows Settings
- - Security Settings
- - - Local Policies
- - - - User Rights Assignment
- - - - - Load and unload device drivers

This user right determines which users can dynamically load and unload
device drivers or other code in to kernel mode. This user right does not
apply to Plug and Play device drivers. It is recommended that you do not
assign this privilege to other users.
Caution
Assigning this user right can be a security risk. Do not assign this user
right to any user, group, or process that you do not want to take over the
system.
Default on workstations and servers: Administrators.

Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|> Thread-Topic: Device Installation - Elevated Privileges
|> thread-index: AchtmxdrcPQDeEMKRuKxpKeDsyKiOw==
|> X-WBNR-Posting-Host: 62.244.189.242
|> From: =?Utf-8?B?TWlrZSBEb3dlcg==?= <MikeDower@xxxxxx>
|> Subject: Device Installation - Elevated Privileges
|> Date: Tue, 12 Feb 2008 09:17:06 -0800
|> Lines: 18
|> Message-ID: <A283328A-2127-47ED-B761-BB8AB5107138@xxxxxx>
|> MIME-Version: 1.0
|> Content-Type: text/plain;
|> charset="Utf-8"
|> Content-Transfer-Encoding: 7bit
|> X-Newsreader: Microsoft CDO for Windows 2000
|> Content-Class: urn:content-classes:message
|> Importance: normal
|> Priority: normal
|> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
|> Newsgroups:
microsoft.public.windows.vista.administration_accounts_passwords
|> Path: TK2MSFTNGHUB02.phx.gbl
|> Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.administration_accounts_passwords:8650
|> NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
|> X-Tomcat-NG:
microsoft.public.windows.vista.administration_accounts_passwords
|>
|> Hi, I have a quesiton which has been bugging me since we rolled out
Vista to
|> our desktops almost a years ago....
|>
|> Whenever I have to go to a users PC to install a new device (USB Storage
Key
|> for example) I usually have to spend about 10 minutes there as the
Elevated
|> Privileges dialoge box will pop up several times, as each component of
the
|> device tries to install itself...
|>
|> Is there any way to set this up so that when you apporve a device for
|> installation, all the drivers and components for that device are also
|> approved for install - it's quite frustratring having to spend 10
minutes
|> doing a task which should take 30 seconds!
|>
|> Thanks in advance for any help/advice
|>
|> Mike Dower
|> Sys admin - Ministry of Sound
|>
|>

Hi Darrell,

Thanks for getting back to me......we actually restrict device installation
through the Device Installation GPO and block users installing devices such
as USB Keys, External HDDs etc as a way of locking down our desktops, so I
wouldn't want to grant users access to install Drivers in this way

My question was just that if I am going to a users desktop and saying 'ok,
you can use this device' is there a way of me just entering my Admin username
and password once and the elevated priviliges being applied to all subsequent
driver installs for that device at that time? Rather than the being promopted
to enter my logon each time a differn't component of the device needs to
downlod and install a driver?

Thanks again

Mike

""Darrell Gorter[MSFT]"" wrote:

Hello Mike,
Not that I am aware for that situation.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|> Thread-Topic: Device Installation - Elevated Privileges
|> thread-index: AchuHLgKTse8Vw2BQ6CeU2imlnZN6g==
|> X-WBNR-Posting-Host: 62.244.189.242
|> From: =?Utf-8?B?TWlrZSBEb3dlcg==?= <MikeDower@xxxxxx>
|> References: <A283328A-2127-47ED-B761-BB8AB5107138@xxxxxx>
<NCaCErdbIHA.6372@xxxxxx>
|> Subject: RE: Device Installation - Elevated Privileges
|> Date: Wed, 13 Feb 2008 00:45:00 -0800
|> Lines: 98
|> Message-ID: <24542A46-EF7B-45F4-A938-4EF02A50CC4F@xxxxxx>
|> MIME-Version: 1.0
|> Content-Type: text/plain;
|> charset="Utf-8"
|> Content-Transfer-Encoding: 7bit
|> X-Newsreader: Microsoft CDO for Windows 2000
|> Content-Class: urn:content-classes:message
|> Importance: normal
|> Priority: normal
|> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
|> Newsgroups:
microsoft.public.windows.vista.administration_accounts_passwords
|> Path: TK2MSFTNGHUB02.phx.gbl
|> Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.administration_accounts_passwords:8671
|> NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
|> X-Tomcat-NG:
microsoft.public.windows.vista.administration_accounts_passwords
|>
|> Hi Darrell,
|>
|> Thanks for getting back to me......we actually restrict device
installation
|> through the Device Installation GPO and block users installing devices
such
|> as USB Keys, External HDDs etc as a way of locking down our desktops, so
I
|> wouldn't want to grant users access to install Drivers in this way
|>
|> My question was just that if I am going to a users desktop and saying
'ok,
|> you can use this device' is there a way of me just entering my Admin
username
|> and password once and the elevated priviliges being applied to all
subsequent
|> driver installs for that device at that time? Rather than the being
promopted
|> to enter my logon each time a differn't component of the device needs to
|> downlod and install a driver?
|>
|> Thanks again
|>
|> Mike
|>
|> ""Darrell Gorter[MSFT]"" wrote:
|>
|> > Hello Mike,
|> > You can use Group Policy to change this setting.
|> > MMC.exe, load snap-in, Group Policy, Local machine.
|> >
|> > Local Computer Policy
|> > -Windows Settings
|> > - - Security Settings
|> > - - - Local Policies
|> > - - - - User Rights Assignment
|> > - - - - - Load and unload device drivers
|> >
|> > This user right determines which users can dynamically load and unload
|> > device drivers or other code in to kernel mode. This user right does
not
|> > apply to Plug and Play device drivers. It is recommended that you do
not
|> > assign this privilege to other users.
|> > Caution
|> > Assigning this user right can be a security risk. Do not assign this
user
|> > right to any user, group, or process that you do not want to take over
the
|> > system.
|> > Default on workstations and servers: Administrators.
|> >
|> > Thanks,
|> > Darrell Gorter[MSFT]
|> >
|> > This posting is provided "AS IS" with no warranties, and confers no
rights
|> > --------------------
|> > |> Thread-Topic: Device Installation - Elevated Privileges
|> > |> thread-index: AchtmxdrcPQDeEMKRuKxpKeDsyKiOw==
|> > |> X-WBNR-Posting-Host: 62.244.189.242
|> > |> From: =?Utf-8?B?TWlrZSBEb3dlcg==?=
<MikeDower@xxxxxx>
|> > |> Subject: Device Installation - Elevated Privileges
|> > |> Date: Tue, 12 Feb 2008 09:17:06 -0800
|> > |> Lines: 18
|> > |> Message-ID: <A283328A-2127-47ED-B761-BB8AB5107138@xxxxxx>
|> > |> MIME-Version: 1.0
|> > |> Content-Type: text/plain;
|> > |> charset="Utf-8"
|> > |> Content-Transfer-Encoding: 7bit
|> > |> X-Newsreader: Microsoft CDO for Windows 2000
|> > |> Content-Class: urn:content-classes:message
|> > |> Importance: normal
|> > |> Priority: normal
|> > |> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
|> > |> Newsgroups:
|> > microsoft.public.windows.vista.administration_accounts_passwords
|> > |> Path: TK2MSFTNGHUB02.phx.gbl
|> > |> Xref: TK2MSFTNGHUB02.phx.gbl
|> > microsoft.public.windows.vista.administration_accounts_passwords:8650
|> > |> NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
|> > |> X-Tomcat-NG:
|> > microsoft.public.windows.vista.administration_accounts_passwords
|> > |>
|> > |> Hi, I have a quesiton which has been bugging me since we rolled out
|> > Vista to
|> > |> our desktops almost a years ago....
|> > |>
|> > |> Whenever I have to go to a users PC to install a new device (USB
Storage
|> > Key
|> > |> for example) I usually have to spend about 10 minutes there as the
|> > Elevated
|> > |> Privileges dialoge box will pop up several times, as each component
of
|> > the
|> > |> device tries to install itself...
|> > |>
|> > |> Is there any way to set this up so that when you apporve a device
for
|> > |> installation, all the drivers and components for that device are
also
|> > |> approved for install - it's quite frustratring having to spend 10
|> > minutes
|> > |> doing a task which should take 30 seconds!
|> > |>
|> > |> Thanks in advance for any help/advice
|> > |>
|> > |> Mike Dower
|> > |> Sys admin - Ministry of Sound
|> > |>
|> > |>
|> >
|> >
|>