Managing Windows Installer with Group Policy
You control many Windows Installer settings by using Group Policy so that you can configure the behavior of the Windows Installer centrally. Table 23.11 lists some of the settings that you can configure.
Table 23.11 Group Policy Settings for Managing the Behavior of Windows Installer
Group Policy Setting |
Description |
|---|---|
Disable Microsoft Windows Installer |
Prevents users from using Windows Installer to install software that is not assigned or published to them. Prevents users from installing unauthorized application. However, it affects only those applications that use Windows Installer. Software that is not installed by using Windows Installer is not affected. |
Always install with elevated privileges |
Directs Windows Installer to use system permissions when it installs any program on the system. Extends elevated privileges to all programs and lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers. |
Disable local patching |
Prevents user from using Windows Installer to install software updates or patches. Helps limit the potential harm caused by unauthorized updates that contain viruses or are not compatible with your existing software policy. Administrators can still deploy patches by updating the server. |
Dimmed Start menu shortcuts |
Allows you to use dimmed Start menu shortcuts for applications that are assigned to users but have not been installed. Provides a visual cue that selecting one of these Start menu shortcuts does not immediately open the application but starts the installation process. |
Specify search order |
Allows you to specify the order in which Windows Installer looks for installation files. By default, first Windows Installer searches for a network software distribution point and then for removable media, such as floppy disk drive, CD, or Digital Versatile Disc (DVD), and it then searches for an Internet location. You can use this policy to change the search order or to exclude a source location from the search order list. |
Specifying logging events |
Allows you to specify which Windows Installer events are recorded in the Installation log (.msi.log in the temp folder). By changing the logon options, you can compile deployment related information. |
Disable rollback |
Prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation. Prevents Windows Installer from recording the original state of the system; as a result, Windows Installer cannot restore the system to its original state if the installation is not completed. Designed to reduce the temporary disk space required to install programs. Do not use this policy unless it is essential. |