Can Windows Terminal Server run a GPO to install a program -- as a standard (non-admin) user?
Posted on 2011-03-15
This occurs on Windows 2003 Servers, with the Terminal Services role activated, in a corporate environment.
The following error occurs:
This installation is forbidden by system policy. Contact your system administrator.
The error occurs when a non-administrator runs an MSI package on any of our Windows 2003 Terminal Servers.
The error does NOT occur when an administrator runs the MSI package.
The error does NOT occur on workstations (XP, Vista, Win7-32, Win7-64) for any user.
The Group Policy containing a software installation package (MSI) successfully installs a program shortcut, but when the shortcut is clicked, the above error occurs.
The GPO has "Computer Configuration Settings" disabled - so it can only apply "User Configuration Settings".
The MSI places three files (.exe .ico .ini) in the user's "AppData" folder (within their roaming profile) plus a program shortcut pointing to the .exe - no other files, no registry entries.
The shortcut gets installed, the other 3 files do not get installed.
The error occurs when the shortcut is clicked.