[gptalk] Re: GPO S/W Deployments

• From: "Robert Mariani" <Robert.Mariani@xxxxxxxxxxxxxxxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Mon, 8 Sep 2008 10:07:19 +1000

Excellent - Thanks for the tip.  Very prompt as usual!

 

Regards,

Robert 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Monday, 8 September 2008 10:06 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO S/W Deployments

 

Not configured-since it's a policy, it will be removed during the next
background refresh cycle.


Darren

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Robert Mariani
Sent: Sunday, September 07, 2008 5:03 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO S/W Deployments

 

Hi Darren,

  Since it the option to Always elevate has been set in around 25 GP's,
should I set it to Disabled or just the default Not Configured in each
of them?


Robert

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Monday, 8 September 2008 9:53 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO S/W Deployments

 

Robert-

That policy (Always install elevated) only applies to MSI installations
that are un-managed (i.e. not deployed via GP). As such, its probably
not a good idea, from a security perspective, to enable that policy
unless you really really need to.

 

Any software deployed via GP is automatically elevated (either
per-computer or per-user). However, there are circumstances when
settings within individual MSI packages will try to thwart this (e.g. by
requiring that only administrators can install).  But normally,
GP-deployed packages are already elevated.


Darren

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Robert Mariani
Sent: Sunday, September 07, 2008 3:57 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO S/W Deployments

 

Hi All,

  I would like to ask the experts about GPO software deployments.  

 

Currently I have software being deployed via MSI/MST computer based GP's
which are linked to the computers OU. 

In the GPO I have set Windows installer for standard logging and enabled
"Always install with elevated privileges".  Does having this privilege -
even though only applied to the computer allow a user (who is just a
domain user) to install software.  I have only found conflicting advice
using Google.

 

Is this a recommended setting for deploying software?  We only use
computer targeted software deployments rather than publishing to a user.

 

Regards,

Robert Mariani
Applications Manager


-- 
The Buchan Group, Melbourne
Architecture+Master Planning+Interiors+Graphics
A  133 Rosslyn St West Melbourne Vic 3003 Australia
GPO Box 4584 Melbourne Vic 3001 Australia
W  www.buchan.com.au <http://www.buchan.com.au/> 

This message is transmitted subject to our email policies and may only
be
relied on by an authorised recipient.
Click on this link to view the policies:
http://www.buchan.com.au/policies.htm 

• References:
  • [gptalk] GPO S/W Deployments
    • From: Robert Mariani
  • [gptalk] Re: GPO S/W Deployments
    • From: Darren Mar-Elia
  • [gptalk] Re: GPO S/W Deployments
    • From: Robert Mariani
  • [gptalk] Re: GPO S/W Deployments
    • From: Darren Mar-Elia

Other related posts:

• » [gptalk] GPO S/W Deployments
• » [gptalk] Re: GPO S/W Deployments
• » [gptalk] Re: GPO S/W Deployments
• » [gptalk] Re: GPO S/W Deployments
• » [gptalk] Re: GPO S/W Deployments

1. Home
2. gptalk
3. Archive
4. 09-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---