[gptalk] Re: GPO S/W Deployments

  • From: "Robert Mariani" <Robert.Mariani@xxxxxxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 8 Sep 2008 10:03:24 +1000

Hi Darren,

  Since it the option to Always elevate has been set in around 25 GP's,
should I set it to Disabled or just the default Not Configured in each
of them?


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Monday, 8 September 2008 9:53 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO S/W Deployments



That policy (Always install elevated) only applies to MSI installations
that are un-managed (i.e. not deployed via GP). As such, its probably
not a good idea, from a security perspective, to enable that policy
unless you really really need to.


Any software deployed via GP is automatically elevated (either
per-computer or per-user). However, there are circumstances when
settings within individual MSI packages will try to thwart this (e.g. by
requiring that only administrators can install).  But normally,
GP-deployed packages are already elevated.




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Robert Mariani
Sent: Sunday, September 07, 2008 3:57 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO S/W Deployments


Hi All,

  I would like to ask the experts about GPO software deployments.  


Currently I have software being deployed via MSI/MST computer based GP's
which are linked to the computers OU. 

In the GPO I have set Windows installer for standard logging and enabled
"Always install with elevated privileges".  Does having this privilege -
even though only applied to the computer allow a user (who is just a
domain user) to install software.  I have only found conflicting advice
using Google.


Is this a recommended setting for deploying software?  We only use
computer targeted software deployments rather than publishing to a user.



Robert Mariani
Applications Manager

The Buchan Group, Melbourne
Architecture+Master Planning+Interiors+Graphics
A  133 Rosslyn St West Melbourne Vic 3003 Australia
GPO Box 4584 Melbourne Vic 3001 Australia
W  www.buchan.com.au <http://www.buchan.com.au/> 

This message is transmitted subject to our email policies and may only
relied on by an authorised recipient.
Click on this link to view the policies:

Other related posts: