1
1
Need to deploy an MSI file with Group Policy. No other software deployment options are available, so no SCCM, etc.
Here is what I need: 1. Software must be deployed PER USER. 2. Software must auto-install itself at logon. 3. Software must remove itself if a user logs in that is not part of the Security Group.
So far, I can accomplish this with User Configuration > Policies > Software Settings > Software Installation. But here is the hard part: 4. Most of the users DO NOT have admin rights to their PC, and won't be getting it.
I have this currently implemented, and when a user with Local Admin privileges logs in, the app installs. But when a user without Local Admin privileges logs in, the app will not install.
So far, I found only found suggestions about applying the software per computer (which is a stupid idea), giving users admin rights (also a stupid idea), or enabling "AlwaysInstallElevated" (which is an insane idea).
So, here is my question: Is there a way, with standard Group Policy on a Windows Domain, to specify a list of "safe" applications that can be installed without admin rights...while all others require admin rights?
(I ask because I did the same for printers. I use GP to deploy printers, and set up the domain to allow users to install Network Printers without Admin Rights.)
Cypheros
Posted 2015-03-05T18:35:08.360
Reputation: 11
Your requirements are unrealistic. Your not going to be able to get setup a configuration which removes software if a user in another user group accesses the computer. – Ramhound – 2015-03-05T18:57:43.423
@Ramhound: There is an option in the Software Installation system that provides "Remove this software when it falls out of scope." This will remove the software when another user logs in...but the per-user section of Group Policy won't work if the user is not a Local Administrator. – Cypheros – 2015-03-06T20:57:18.430