Mar 15 2021 01:16 AM
Hi All,
I have windows server 2016 and I have applied a User software restriction rule,
and I allowed the program files and teams path
then I pushed Team with MSI to all PCs
but on the Domain user, the teams start to be installed again and because of the restriction it gets blocked
is there any way that I allow the teams installation and start on Domain user
as it works normally on local Admin
thanks
Mar 16 2021 01:14 PM
Mar 16 2021 03:06 PM
@AhmedG130 Teams installs and runs from a folder in the userprofile, the machine wide installer you deployed just sets up the machines so it installs into the users profile as they log on.
To use an ARP or AppLocker policy you'll need to trust the publishers certificate.
Mar 17 2021 12:46 AM
Hi Jangliss
I mean first I've created "software restriction policies" in
User Configuration >windows settings>software restriction policies
with Security levels > disallowed
in additional Rules, i added some Paths for " windows Program Files both versions and AppData Teams Folder
but still on domain user Teams doesn't initiate the wide installer
and say when i try to do it manually from that user " failed to extract installer "
Mar 17 2021 12:51 AM
Hi Steven,
correct me if I am wrong
i did the following
exported Teams Certificate and in Additional Rule, i created a new Certificate Rule unrestricted and added the Certificate i exported earlier
then in
User Configuration >windows settings>software restriction policies
in Trusted Publishers
i defined the policy settings to Allow all admin. and users to manage user own trusted publishers
and marked the two other options for any revoke
still the installer on the domain user didn't start
and when i try to do it manually from that user " failed to extract installer "
Mar 17 2021 02:00 AM