Currently, we are using Zen 7 with DLU on XP SP2 workstations to make all users admins of their machines. We have four physical locations with user accounts separated out into containers that correspond to each location. We associate the DLU policy to all four containers. We are not currently using UNC paths for our Zen apps, we use a hard drive mapping in the container logon scripts that dynamically maps a common drive letter to the local file server. We do this so that we can provide the best performance by localizing traffic to each particular site. Zen apps that are available to all users are associated to all containers. Zen apps that are limited to certain users, are controlled via groups in eDirectory.

The problem we have now is that we have received a mandate to take admin rights away from the users. This is easy enough to do, just modify the DLU policy. However, now we face an issue that removal of admin rights results in some of our Zen apps not working. From what I've seen, the Run As Unsecure System User will allow the rights to be elevated to install some apps but hard coded drive paths cannot be used, only UNC paths can be used. While we can add a single UNC patch to the path in the Zen app, this would probably result in some apps running very slow if at all due to having to to launched over our intersite links.

Is there any way to dynamically change the UNC path so that if a user is at site A and launches a Zenworks application, it will launch from the local file server at site A. Likewise, a user at site B launching a Zenworks application would actually be running it from the local file server at site B. If this is not possible, we would have to find another way to allow elevated rights to launch applications so that they would run/install after the users are moved into the users group.

Thanks in advance!