Managing options for users through Group Policy
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Managing options for users through Group Policy
Windows Installer can be configured by using Group Policy and Active Directory to manage the user installation options.
This table shows policies concerned with managing the Group Policy user options for Windows Installer. To configure these policies, start Group Policy, then in the console tree, click the Windows Installer node.
Where?
- applicable policy name/User Configuration/Administrative Templates/Windows Installer
| Policy | Details |
|---|---|
Always install with elevated privileges |
Directs Windows Installer to use system permissions when it installs any program on the system. This policy extends to all programs the elevated privileges usually reserved for programs that have been assigned to the user (offered on the desktop) or the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This policy lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers. If you disable this policy, or do not configure it, the system applies the current user's permissions when it installs programs that are not distributed or offered by an administrator. Note
|
Search order |
Specifies the order in which Windows Installer searches for installation files. By default, Windows Installer searches the network first, then removable media (floppy drive, CD-ROM, or DVD), and finally, the Internet (URL). To change the search order, enable the policy, and then type the following letters for each file source in the order that you want Windows Installer to search. For example, if you want to search the network, the Internet, and then removable media, type num. To exclude a file source, omit or delete the letter representing that source type.
|
Prohibit rollback |
Prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation. This policy prevents Windows Installer from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete. This policy is designed to reduce the amount of temporary disk space required to install applications. It also prevents malicious users from interrupting an installation to gather data about internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or an application inoperable, this policy should not be used unless it is essential. Note
|
Prevent removable media source for any install |
Prevents users from installing programs from removable media. If a user tries to install a program from removable media, such as CD-ROMs, floppy disks, or DVDs, a message informs the user that the feature cannot be found. This policy applies even when the installation is running in the user's security context. If you disable or do not configure this policy, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs. |