RE: Legacy application installations



Dear Customer,

Based on the research of the error message and my test, you use the syntax
/qn which means Quiet mode installation. In this way, the command won't be
aware of the elevation to administrative right. When an application is
installed silently, users are not prompted to elevate right.

Analysis:
===========

When we install the programs applications designed to deploy software, and
most write to system directories and registry keys. These protected system
locations are typically writeable only by administrator users; this
restriction means that standard users do not have sufficient access to
install most programs. Windows Vista detects installation programs and
requests administrator credentials or administrator approval in order to
run with access privileges. Windows Vista also detects update and
un-installation programs. A design goal of UAC is to prevent installations
from being executed without the user's knowledge and explicit consent since
installations write to protected areas of the file system and registry.

Suggestion:
============

In this way, I would like to suggest that you disable the UAC feature via
Group Policy management console on the DC.

1. If you use AD-based GPO, please open Group Policy Management Console
(Start > Run > gpmc.msc) from a Windows Server that is a member of the
domain. In the GPMC window, browse to the required GPO that is linked to
the OU or domain where the Vista computers are located, then edit it.

2. In the Group Policy Editor window, browse to Computer Configuration >
Windows Settings > Security Settings > Local Policies > Security Options.

3. Scroll down and double-click "User Account Control: Run all
administrators in Admin Approval Mode" In Properties dialog box, click
Disabled, and then click OK.

4. Scroll down and double-click "User Account Control: Behavior of the
elevation prompt for administrators in Admin Approval Mode", select
"Elevate without prompting" and then click OK.

5. Scroll down and double-click "User Account Control: Detect application
installations and prompt for elevation", click Disabled, and then click OK.

6. Scroll down and double-click "User Account Control: Only elevate
UIAccess applications that are installed in secure locations", click
Disabled, and then click OK.

7. If possible, you may right click the .bat file and click "Run as
Administrator" to manually elevate the permission.

Afterwards, you may check if the issue will re-ocurr.

Hope the issue will be resolved soon.

David Shen
Microsoft Online Partner Support

.



Relevant Pages

  • RE: Legacy application installations
    ... requests administrator credentials or administrator approval in order to ... installations write to protected areas of the file system and registry. ... Scroll down and double-click "User Account Control: ... "Elevate without prompting" and then click OK. ...
    (microsoft.public.windows.vista.security)
  • Installing New Work Stations
    ... The machines have fresh installations of XP SP2. ... I will use this occasion to try to understand a perpetual problem that I have: Giving administrator rights to the local machine after the work station joins the domain of the Windows 2003 Server. ... Do I add "Domain Users" or "Authenticated Users" to the local machine Administrators group? ...
    (microsoft.public.windows.server.general)
  • Re: Security Privileges to uninstall devices
    ... I've done over 25 SBS server installations and ... site administrator, or logout and log in again as an administrator and ... Administrator account gets: "You do not have sufficient security privileges to install devices on th: ...
    (microsoft.public.windows.server.sbs)
  • Re: Updates werden nur als Admin installiert
    ... Administrator Installations Point oder wie? ... Die Alternative ist der WSUS. ...
    (microsoft.public.de.german.office)