Granting Installation Rights !


I have an AD GROUP named SalesManagers which has 2 members, CASalesManagers and NYSalesManagers. I have a user named KEN who is a member of the CASalesManagers group.

I have an OU under the root domain named DesktopComputers. I have created a GPO and linked it to this OU. This GPO defines a Restricted Groups Policy for the Administrators group under Computer Configuration. As per the Restricted Groups Policy, the SalesManagers group is a 'Member' of the Administrators Group on this OU. The OU contains a computer object named Client01.

I have deployed an MSI package using a GPO linked to the domain (Published under User Configuration). This GPO has security filtering enabled as a result of which applies only to the members of the SalesManagers Group (Hence inherited by KEN).

Client01 is a VISTA machine. Upon logging in using KEN's credentials i am able to locate the published app in control panel. If i try to install it, the process throws an error stating "only users with administrative privileges can install software on this computer".

I have verified that the SalesManagers group is listed under the Local Administrators on Client01. Also i have generated an RSOP data on Client01 and cannot see any policies defined in specific that might be causing the problem.

UAC is enabled in the VISTA client. I am not sure if that is the cause of the issue.

I need members of SalesManagers to be able to install software onto the desktops within the DesktopComputers OU.

Am i overlooking certain policies that might be restricting the users to install softwares (RSop didnt show anything) or is it that UAC is enabled on the client which supersedes all the other settings ?

MCITP: EA 2008| VCP4| MCSE 2003 | CCNA | MCSA 2003: Security | MCDST | Security+ | ITILV3


Sign In or Register to comment.