Guys, girls, I'm a developer so forgive my naivete on system fronts, I've come for the guru's who know better than I on these issues.
I am trying to be a corporate citizen and not run my services on Win2k3 server as adminstrator. Unfortunately there is a "configuration manager" which will need to from time to time upgrade the entire application via an MSI.
I've been desperately trying to find information on MSDN but they all end up hyperlinking away to something which isn't an answer, so I have read that you can "bless" an MSI to run as administrator. This scenario is OK, if the application needs a blessing from the IT dept, but the application must be able to call the MSI (i.e to rollback a failed upgrade) automatically.
I'm trying desperately to avoid lowering the security of the environment and to run with the least priveleges possible. AFAIK there is no SMS available, but I do have a full domain setup which can have settings changed etc.
UPDATE: The installation has to install a windows service, so it must run with administrative privilege.