I have app developed in Visual Studio 2008 for internal corporate environment that my network admin has deployed. I put some rudimentary application update mechanism that would automatically download a new msi file from server and launch the installation to update the exe and other associated files (installed in Program Files) as required. However the end users' computers (XP Pro) are all locked down by group policy so that they receive a message that says they can't install any software when the msi file is started. I am told to get an update out - the IT dept will need to login to everyone's workstation with an admin user. Should there be some way I can "sign" my application (in conjunction with admin) so that the Window's group policy allows my application to update/install but still blocks everything else?