Device Installation - Elevated Privileges

Mike Dower Guest · 12 Feb 2008

Hi, I have a quesiton which has been bugging me since we rolled out Vista to
our desktops almost a years ago....

Whenever I have to go to a users PC to install a new device (USB Storage Key
for example) I usually have to spend about 10 minutes there as the Elevated
Privileges dialoge box will pop up several times, as each component of the
device tries to install itself...

Is there any way to set this up so that when you apporve a device for
installation, all the drivers and components for that device are also
approved for install - it's quite frustratring having to spend 10 minutes
doing a task which should take 30 seconds!

Thanks in advance for any help/advice

Mike Dower
Sys admin - Ministry of Sound

Darrell Gorter[MSFT] Guest · 12 Feb 2008

Hello Mike,
You can use Group Policy to change this setting.
MMC.exe, load snap-in, Group Policy, Local machine.

Local Computer Policy
-Windows Settings
- - Security Settings
- - - Local Policies
- - - - User Rights Assignment
- - - - - Load and unload device drivers

This user right determines which users can dynamically load and unload
device drivers or other code in to kernel mode. This user right does not
apply to Plug and Play device drivers. It is recommended that you do not
assign this privilege to other users.
Caution
Assigning this user right can be a security risk. Do not assign this user
right to any user, group, or process that you do not want to take over the
system.
Default on workstations and servers: Administrators.

Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|> Thread-Topic: Device Installation - Elevated Privileges
|> thread-index: AchtmxdrcPQDeEMKRuKxpKeDsyKiOw==
|> X-WBNR-Posting-Host: 62.244.189.242
|> From: =?Utf-8?B?TWlrZSBEb3dlcg==?= <MikeDower@xxxxxx>
|> Subject: Device Installation - Elevated Privileges
|> Date: Tue, 12 Feb 2008 09:17:06 -0800
|> Lines: 18
|> Message-ID: <A283328A-2127-47ED-B761-BB8AB5107138@xxxxxx>
|> MIME-Version: 1.0
|> Content-Type: text/plain;
|> charset="Utf-8"
|> Content-Transfer-Encoding: 7bit
|> X-Newsreader: Microsoft CDO for Windows 2000
|> Content-Class: urn:content-classes:message
|> Importance: normal
|> Priority: normal
|> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
|> Newsgroups:
microsoft.public.windows.vista.administration_accounts_passwords
|> Path: TK2MSFTNGHUB02.phx.gbl
|> Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.administration_accounts_passwords:8650
|> NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
|> X-Tomcat-NG:
microsoft.public.windows.vista.administration_accounts_passwords
|>
|> Hi, I have a quesiton which has been bugging me since we rolled out
Vista to
|> our desktops almost a years ago....
|>
|> Whenever I have to go to a users PC to install a new device (USB Storage
Key
|> for example) I usually have to spend about 10 minutes there as the
Elevated
|> Privileges dialoge box will pop up several times, as each component of
the
|> device tries to install itself...
|>
|> Is there any way to set this up so that when you apporve a device for
|> installation, all the drivers and components for that device are also
|> approved for install - it's quite frustratring having to spend 10
minutes
|> doing a task which should take 30 seconds!
|>
|> Thanks in advance for any help/advice
|>
|> Mike Dower
|> Sys admin - Ministry of Sound
|>
|>

Mike Dower Guest · 13 Feb 2008

Hi Darrell,

Thanks for getting back to me......we actually restrict device installation
through the Device Installation GPO and block users installing devices such
as USB Keys, External HDDs etc as a way of locking down our desktops, so I
wouldn't want to grant users access to install Drivers in this way

My question was just that if I am going to a users desktop and saying 'ok,
you can use this device' is there a way of me just entering my Admin username
and password once and the elevated priviliges being applied to all subsequent
driver installs for that device at that time? Rather than the being promopted
to enter my logon each time a differn't component of the device needs to
downlod and install a driver?

Thanks again

Mike

""Darrell Gorter[MSFT]"" wrote:

> Hello Mike,
> You can use Group Policy to change this setting.
> MMC.exe, load snap-in, Group Policy, Local machine.
>
> Local Computer Policy
> -Windows Settings
> - - Security Settings
> - - - Local Policies
> - - - - User Rights Assignment
> - - - - - Load and unload device drivers
>
> This user right determines which users can dynamically load and unload
> device drivers or other code in to kernel mode. This user right does not
> apply to Plug and Play device drivers. It is recommended that you do not
> assign this privilege to other users.
> Caution
> Assigning this user right can be a security risk. Do not assign this user
> right to any user, group, or process that you do not want to take over the
> system.
> Default on workstations and servers: Administrators.
>
> Thanks,
> Darrell Gorter[MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights
> --------------------
> |> Thread-Topic: Device Installation - Elevated Privileges
> |> thread-index: AchtmxdrcPQDeEMKRuKxpKeDsyKiOw==
> |> X-WBNR-Posting-Host: 62.244.189.242
> |> From: =?Utf-8?B?TWlrZSBEb3dlcg==?= <MikeDower@xxxxxx>
> |> Subject: Device Installation - Elevated Privileges
> |> Date: Tue, 12 Feb 2008 09:17:06 -0800
> |> Lines: 18
> |> Message-ID: <A283328A-2127-47ED-B761-BB8AB5107138@xxxxxx>
> |> MIME-Version: 1.0
> |> Content-Type: text/plain;
> |> charset="Utf-8"
> |> Content-Transfer-Encoding: 7bit
> |> X-Newsreader: Microsoft CDO for Windows 2000
> |> Content-Class: urn:content-classes:message
> |> Importance: normal
> |> Priority: normal
> |> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
> |> Newsgroups:
> microsoft.public.windows.vista.administration_accounts_passwords
> |> Path: TK2MSFTNGHUB02.phx.gbl
> |> Xref: TK2MSFTNGHUB02.phx.gbl
> microsoft.public.windows.vista.administration_accounts_passwords:8650
> |> NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
> |> X-Tomcat-NG:
> microsoft.public.windows.vista.administration_accounts_passwords
> |>
> |> Hi, I have a quesiton which has been bugging me since we rolled out
> Vista to
> |> our desktops almost a years ago....
> |>
> |> Whenever I have to go to a users PC to install a new device (USB Storage
> Key
> |> for example) I usually have to spend about 10 minutes there as the
> Elevated
> |> Privileges dialoge box will pop up several times, as each component of
> the
> |> device tries to install itself...
> |>
> |> Is there any way to set this up so that when you apporve a device for
> |> installation, all the drivers and components for that device are also
> |> approved for install - it's quite frustratring having to spend 10
> minutes
> |> doing a task which should take 30 seconds!
> |>
> |> Thanks in advance for any help/advice
> |>
> |> Mike Dower
> |> Sys admin - Ministry of Sound
> |>
> |>
>
>

Darrell Gorter[MSFT] Guest · 13 Feb 2008

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Installer: No elevated privileges on Vista during change?	ckasabula	Vista security	0	17 Mar 2009
script in logon with elevated privileges enables	NT	PowerShell	2	30 Sep 2008
Cant get elevated privileges	epichero	General Discussion	1	08 Apr 2008
Device Installation - Elevated Privileges	Mike Dower	Vista hardware & devices	3	16 Feb 2008
Elevated privileges for MSI Package in Vista.	Marimuthu	Vista security	2	13 Jan 2007

Device Installation - Elevated Privileges

RE: Device Installation - Elevated Privileges

RE: Device Installation - Elevated Privileges

RE: Device Installation - Elevated Privileges

Posting Permissions