[gptalk] Re: GPO S/W Deployments

• From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Sun, 7 Sep 2008 17:06:27 -0700

Not configured-since it's a policy, it will be removed during the next
background refresh cycle.


Darren

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Robert Mariani
Sent: Sunday, September 07, 2008 5:03 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO S/W Deployments

 

Hi Darren,

  Since it the option to Always elevate has been set in around 25 GP's,
should I set it to Disabled or just the default Not Configured in each of
them?


Robert

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Monday, 8 September 2008 9:53 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO S/W Deployments

 

Robert-

That policy (Always install elevated) only applies to MSI installations that
are un-managed (i.e. not deployed via GP). As such, its probably not a good
idea, from a security perspective, to enable that policy unless you really
really need to.

 

Any software deployed via GP is automatically elevated (either per-computer
or per-user). However, there are circumstances when settings within
individual MSI packages will try to thwart this (e.g. by requiring that only
administrators can install).  But normally, GP-deployed packages are already
elevated.


Darren

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Robert Mariani
Sent: Sunday, September 07, 2008 3:57 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO S/W Deployments

 

Hi All,

  I would like to ask the experts about GPO software deployments.  

 

Currently I have software being deployed via MSI/MST computer based GP's
which are linked to the computers OU. 

In the GPO I have set Windows installer for standard logging and enabled
"Always install with elevated privileges".  Does having this privilege -
even though only applied to the computer allow a user (who is just a domain
user) to install software.  I have only found conflicting advice using
Google.

 

Is this a recommended setting for deploying software?  We only use computer
targeted software deployments rather than publishing to a user.

 

Regards,

Robert Mariani
Applications Manager


-- 
The Buchan Group, Melbourne
Architecture+Master Planning+Interiors+Graphics
A  133 Rosslyn St West Melbourne Vic 3003 Australia
GPO Box 4584 Melbourne Vic 3001 Australia
W  www.buchan.com.au <http://www.buchan.com.au/> 

This message is transmitted subject to our email policies and may only be
relied on by an authorised recipient.
Click on this link to view the policies:
http://www.buchan.com.au/policies.htm 

• Follow-Ups:
  • [gptalk] Re: GPO S/W Deployments
    • From: Robert Mariani

• References:
  • [gptalk] GPO S/W Deployments
    • From: Robert Mariani
  • [gptalk] Re: GPO S/W Deployments
    • From: Darren Mar-Elia
  • [gptalk] Re: GPO S/W Deployments
    • From: Robert Mariani

Other related posts:

• » [gptalk] GPO S/W Deployments
• » [gptalk] Re: GPO S/W Deployments
• » [gptalk] Re: GPO S/W Deployments
• » [gptalk] Re: GPO S/W Deployments
• » [gptalk] Re: GPO S/W Deployments

1. Home
2. gptalk
3. Archive
4. 09-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---