Group Policy Security Context

D

Dom

I have a few questions regarding Group Policy deployment of
applications to users (not machines).

1. To deploy an application using Group Policy, it seems that using an
MSI is highly recommended. Could my MSI call into "friend" EXE located
in the same shared folder? Or should everything "fit" within one big
MSI?

2. Under what security context does the MSI get executed? Is it the
security context of the target install user, with local administrative
permissions? Or is it some other security context?

3. Does anything prevent the install user from attaching a debugger to
the executing MSI and changing instructions (in assembly, etc.) to
elevate privileges?

Thank you for your insight / comments!
 
C

Chriss3

1. Depends form vendor to vendor, the best is to make only one MSI for
complete automatically deployment.

2. The particular user, This can be changed by define the "Always install
with elevated privileges" setting within the Windows Installer Section of a
Group Policy, This policy appears both in the Computer Configuration and
User Configuration folders. To make this policy effective, you must enable
the policy in both folders.

3. There is no way to change the instructions when the MSI package are made
to a package from source.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Software Installation Via Group Policy 3
Deploying MSI packages with Group Policy is not working. 3
Deploying Software Permissions 3
Deploying sw via group policy issue!! PLEASE HELP!! 1
DEPLOY MESSENGER VIA GROUP POLICY 3
Can I directly assign .MSP files to workstations with group policy 2
Problems with Group Policy on Win2k Server 5
i can't deploy OfficeXP through group policy 3

Top