Hi all,
I need little clarification on the “Turn off Windows Installer” GPO setting.
It has 3 options Always, For non-manage applications only and Never
This setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs.
So I wonder which option everyone uses in order to prevent standard users from installing any kind of software, but still allow admin to install it by right click “Run as admin”?
Plus, I also have SRP that blocks any exe or msi from running (apply only to the standard user). I guess the “For non-managed apps only” is kinda confusing to me as I’m not entirely sure what will it allow? If I do “always” then even admin can’t install anything.
Thanks for all the help!
