OK, I've been having the problem of trying to run a setup.exe file from a network drive as a dynamic admin. So I either need to package up many of my migrated apps, add files to the content repo or assign the public object RF rights to the nss volume where we stash our setup files. The public RF option would be the easiest, but does that blow a hole in our security?