basic msi deployment question (least priv)
Hey all,
Question... I am currently setting up a GPO to push our Adobe Reader 7.0.9. I have performed the admin install, and have used Adobe's InstallShield Tuner to create a transform file.
In reading thier documentation, they specify that along with defining the package settings that I need to set "Always install with elevated privileges" option under computer configuration.
Is this necessary? Is this something that should be done as a best practice for deploying software via GPO (aside from deploying acrobat reader)? If this policy were applied to a workstation, would it allow for a user to run other installations with the elevated privs?
Question... I am currently setting up a GPO to push our Adobe Reader 7.0.9. I have performed the admin install, and have used Adobe's InstallShield Tuner to create a transform file.
In reading thier documentation, they specify that along with defining the package settings that I need to set "Always install with elevated privileges" option under computer configuration.
Is this necessary? Is this something that should be done as a best practice for deploying software via GPO (aside from deploying acrobat reader)? If this policy were applied to a workstation, would it allow for a user to run other installations with the elevated privs?
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
fosteky
17 years ago
deploying the MSI and MST using the either the computer assigned or user assigned portion of a GPO will result in the installation occuring with administrative priveleges. Computer assigned apps will run the MSI&MST using the system credentials (always an administrator), and user assigned apps will install using the user's credentials - but at a temporarily elevated privelege level - which will be taken away once the installation is completed, meaning they'll be backed down to their normal priveleges once Installer completes running the MSI&MST. These admin privs are granted regardless of whether the package is installed at logon, or when its advertised entry points are triggered. Note, any custom actions in the package will be performed without these elevated privelege however.
So by virtue of pushing the application via GPO you will have achieved administrative priveleges.
So by virtue of pushing the application via GPO you will have achieved administrative priveleges.
Posted by:
dlevine
17 years ago
Thanks for the reply!
That was my assumption as well... but you know what they say...
So anyway, it is rather unusual that Adobe would be recommending that the /Windows Components/Windows Installer/Always install with elevated privs be set in order to deploy reader via a GPO...
Thanks again!
That was my assumption as well... but you know what they say...
So anyway, it is rather unusual that Adobe would be recommending that the /Windows Components/Windows Installer/Always install with elevated privs be set in order to deploy reader via a GPO...
Thanks again!
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.