What about scripting it somehow to run under an admin account?
I have a similar situation- a closed environment with no access to our lan.
Do you use ePO at all?
Because if so then you could use ePO to create a repository that only has dat, engine and BO updates and copy all the files in that manually to a local machine then setup each machine to look at that directory as their unc repo.
Bit longwinded- but it does work.
We do not use ePO.
However, I worked out a method using WMI to schedule a job on the client machine that calls my VBScript and runs under NT_AUTHORITY\SYSTEM, this has sufficient authority to complete the job without the previously mentioned changes to folder access and McAfee rules.
I am facing a similar issue and was wondering whether you can share your solution of using WMI to schedule a job on the client machine that calls my VBScript and runs under NT_AUTHORITY\SYSTEM
To get things to work, I used a batch file with
schtasks /create /ru "NT AUTHORITY\SYSTEM" /tn "Security Script" /tr C:\Archive\debugjob.vbs /sc ONSTART
obviously change the vbs target. This gets it running on the machine after it has started up and before anybody logs in. You could also add a job to run regularly at a specified time as the machine may be 'on' for some days on end!
NOTE! Your vbs will have to monitor for services having been started, i.e. the last ones if possible. I monitored for the 'logon' service before I ran the .exe updater, one of the last services to start is the 'spooler' service. You need services running before you can do the update!! I did all this eventually in C# but it is possible in vbs. In my case the program just looked in a set folder for an updater file, got the version number from it checked the McAfee version from the registry and if the updater was newer I ran the .exe. If you install your script on your machines all you need to ensure is that the folder gets updated with new .exe's now and again as required. The start up job was mainly for the server, on clients you could just add a logon job and the update is run on logon if it is a new update!!
That should sort you out!!
Apologies for the delay in acknowledging your response. Thanks for sharing with me your experience.
Unfortunately I have no vb skills - can you please send me a an example of your script so that I can modify it for my environment?