Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Pushing msi through GPO with UAC running on clients

Posted on 2014-11-11
2
Medium Priority
?
2,047 Views
Last Modified: 2014-11-15
I have to push a an msi for installing a software audit. My plan is to push it via a Group Policy Startup Script. The problem I believe I'm going to have is that my users are not local admins on their computers and we have UAC enabled on all of them. Is there a way to add an exception to UAC for this application? Or is there a way to script disabling UAC during the install? Any other ideas or thoughts?
0
Comment
Question by:rsgdmn
2 Comments
 
LVL 57

Expert Comment

by:McKnife
ID: 40436327
UAC does not rule the system account. The startup script uses the system account.
That means: no problem for you.
0
 
LVL 6

Accepted Solution

by:
Asif Bacchus earned 2000 total points
ID: 40436411
A computer startup script should not be an issue, McKnife is correct.

However, I would suggest deploying the software via a GPO using Computer Configuration > Policies > Software Settings > Assigned Applications.  This will allow you to install the MSI, apply any needed transforms, auto-install/un-install when the policy is un-applied and control how it shows up in add/remove programs.  Just like the startup script, this will run as the system account, so no UAC issues.  In addition, it utilizes the 'trusted installer' privileges so no worries about user admin rights.  As an added bonus, the GPO checks to see if the program is still installed and then cancels itself whereas a startup script would run every single time the system starts, slowing things down.  Just a suggestion though.

Cheers.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question