3 replies to this topic

[marting]

Hi,

when you distribute an msi package using SMS to a Windows 2000 machine, but the target user is a standard user, and can therefore not install software on the machine, will the software installation work?  Does SMS have some method of assigning elevated privileges to an advertised package?

Thanks.

[hambone]

you would normally use gpo to assign the elevated privs...  elevated privs. can then apply to the user and the system. this is then combined with the ALLUSERS to allow for tighter control ( ALLUSERS=1 or ALLUSERS=2)...  

when used together it allows managed apps to use elevated privs.  but non-managed apps to use user security privs...

[GMDons]

In that case when you are setting the program properties in SMS, and you wish to distribute to the system (ALLUSERS="1") what effect does setting the program to run with administrative rights have?  Does this not 'elevate' the privileges of the users on the targeted machines, or is this feature worthless without having first elevated the privileges using Group Policy?

Thanks,

Graham

[hambone]

if you check in the MSI v2.0 SDK help and look for 'Source Resiliency Policy - Windows Installer Version 2.0" and ALLUSERS they have a table there that describes what occurs under the different conditions.  

i have tried to copy said but would not paste with table formatting retained...

basically it will only elevated the privileges for the 'managed apps'.  all other apps that are attempted to be installed by the user will fall under the users' security context...