Aug 10 2022 04:00 AM
Hi,
in our organisation we use the Setup School PC App to deploy Windows to our student PCs.
All apps should be deployed only by Admin and the students should not be able to install anything.
To realize this we use MS365, Intune with Configuration manager profiles. The device configuration GPO „Turn off Windows Installer (\Windows Components\Windows Installer) returns with error code 0x20100 with some PCs.
If the students uses a organisation - PC with „by hand installation“ they do not have installation rights as required.
Any hint how to solve this issue?
Best regards.
Aug 10 2022 05:04 AM
You are aware that only disabling Windows Installer (msiexec) doesn't block all installation options?
If you're looking to prevent any software from being installed, your best bet would be something like WDAC or AppLocker.
To address your specific question: is anything logged to your DeviceManagement-Enterprise-Diagnostics-Provider event log?
Aug 14 2022 11:41 PM
Aug 15 2022 04:37 AM