Windows Installer and Software Restriction Policy
Windows Installer is integrated with Software Restriction Policy in Microsoft Windows XP. Software Restriction Policy is configurable through group policy. Software Restriction Policy allows an administrator to restrict both administrators and nonadministrators from running files based upon the path, URL zone, hash, or publisher criteria. Software Restriction Policy has two levels: unrestricted and disallowed. The Windows Installer only installs packages allowed to run at the unrestricted level.
Patches or transforms must also be allowed to run at the unrestricted level. If a package, patch, or transform is configured to run at a level different from unrestricted, the Windows Installer displays an error message and logs an entry in the application event log. Software restriction policy is evaluated the first time an application is installed, when a new patch is applied, and when the installation package is re-cached.
If a package, patch, or transform is restricted, the Windows Installer displays an error message and writes an Event Logging entry in the application event log. Software restriction policy is evaluated the first time an application is installed, when a new patch is applied, and when the installation package is re-cached.
For more information on software restriction policy, consult the product documentation and Microsoft Q&A.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for