locked
Publish and Run package without running administrative "Add" first? RRS feed

  • Question

  • Hi there Guys,

    As you know, it seems to me that to deploy app-v in a stand alone scenario, you need to run "add-appvclientpackage"(Add) cmdlet prior to publishing and launching. The "Add" cmdlet seems to require admin permissions however "Publish" and launching don't require admin permissions.

    Is it possible to launch an appv application sent to a non-admin user, in its isolated bubble without having to have called the "Add" cmdlet as administrator?

    All the best,

    Stuart


    Thursday, March 9, 2017 4:58 PM

Answers

  • Not possible as far as I know. The Add-Part populates the Package Content into the ProgramData and registers the Package in HKLM, which needs local Admin Rights. Publishing however has to happen in the User Context, so no Admin Rights are required.

    Also, if it would be possible you would allow any users to go ahead and just publish themself packages, which can be a security issue.


    Simon Dettling | msitproblog.com | @SimonDettling

    Thursday, March 9, 2017 5:16 PM
    Moderator

All replies

  • Not possible as far as I know. The Add-Part populates the Package Content into the ProgramData and registers the Package in HKLM, which needs local Admin Rights. Publishing however has to happen in the User Context, so no Admin Rights are required.

    Also, if it would be possible you would allow any users to go ahead and just publish themself packages, which can be a security issue.


    Simon Dettling | msitproblog.com | @SimonDettling

    Thursday, March 9, 2017 5:16 PM
    Moderator
  • As Simon says, not possible... the add command is the equivalent of the app installation itself.
    If you publish the application to users the user can be able to publish the app (there is an GPO which can prevent this.
    If you publish to machine (-Global), you need admin rights, but the app will be available for all users logged on.


    Roy Essers

    Thursday, March 9, 2017 10:17 PM
  • Doesn't get you away from having to run add as an admin, but you can run a publish command and supply the SID of the user you want it to publish to, to do it all in 1 shot from an admin context. That is how SCCM does it when you deploy to the user.
    Friday, March 10, 2017 9:43 PM