Group policy install on a per user basis

1

This is a group policy question for Windows.

I have developed an Outlook add-in using VSTO 4.0 in VS 2010. I currently have the issue whereby the add-in can only be installed on a per user basis as Office reads from the CURRENT_USER registry to decide which add-ins to load when Outlook starts. This is fine if Group policy allows installation on a per user basis. I have read up a little on group policy, which I am not too familiar with, and it looks like MSI installs can indeed be distributed on a user OR machine basis.

My question is, does the user still need to have local administrative privileges to write the files to the 'Program Files' directory, or does group policy look after this, and allow the installion to take place regardless? Unfortunately we are in a Linux environment and this is very difficult for me to test.

Any help would be greatly appreciated.

Thanks

Rich

Grub

Posted 2012-05-28T08:04:46.023

Reputation: 13

Keep in mind that you also have the ability to modify registry keys for the current user with group policy. In some cases the best way to do an install might be to do it for the computer but then add some additional configuration for users. – Shannon Wagner – 2012-06-05T00:45:47.787

That looks like a workable approach, thanks for the suggestion. It seems as though it should be part of the install though. – Grub – 2012-06-07T00:08:59.117

Answers

1

An MSI deployed via a computer GPO doesn't need administrative rights for the user as the system runs it on startup. An MSI deployed via a user GPO also does not need administrative rights for the user - here you have a choice of Assigning or Publishing the application for the user. If it is a required application, it should be Assigned.

According to Group Policy Software Installation overview on Technet, "Winlogon is the privileged agent that applies software installation policy."

Oli

Posted 2012-05-28T08:04:46.023

Reputation: 48

1Thanks. That's a good article and appears to clear up a few abmiguities regarding privileges. Having looked at the two methods, publishing and assigning. I guess the same would apply to an Outlook addin as a standard application. For a published addin, it would just appear in the add/remove programs list just like a any other application (i would assume). – Grub – 2012-06-07T00:07:44.653

Asked: 2012-05-28T08:04:46.023

Viewed: 2 520 times

Active: 2012-06-05T02:36:45.580