none
SCCM 2012 R2 User based application deployment

    Question

  • Hi All,

    I have SCCM 2012 SP1 in production, deployed an application to a AD security group (user based deployment).
    When I deploy this as  Required every thing works fine When I deploy this as Available, when user gets to Application Catalogue and click on install, user getting below permissions issue.

    Application Installation not started

    You have limited permission to request and install applications on this computer. This can occur with one of the following conditions:

    1. You do not have administrative permissions for this computer.
    2. You are working on a Remote Desktop Connection session and you are not the default user for that Remote Desktop Connection computer.
    3. You are running Internet Explorer by using a different account from the account that you used to log in.
    4. You are logged on to this computer but you are not a primary user for this computer.

    User does not have local admin permissions on his system, however SCCM Client settings - Computer Agent - Install Permissions set to All Users.

    User should have any windows permissions to install the software from SCCM Application Catalogue?

    Monday, July 21, 2014 2:33 AM

Answers

  • In the deployment, did you set the install for "As User" or "As System"? If "As User", then the user must have permissions to run the command-line provided in the chosen deployment type as this effectively simulates the user installation the application manually. The "Install Permissions" set to "All Users" does not and cannot override this and does not grant non-admins the ability to perform admin actions. It's simply a gate in ConfigMgr to control ConfigMgr's initiation of the command-line.

    Jason | http://blog.configmgrftw.com

    Monday, July 21, 2014 2:00 PM

All replies

  • Hello !

    No you shouldn't need admin permissions.

    However, you have to verify your UAC (User Account Control) settings.

    Please see this option: User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode.

    You can refer to this page: http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx

    After setting it to "Elevate without prompting" you must be able to successfully deploy applications provided by the Application Catalog.

    Hope this helps.


    Note: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights. Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions.

    Monday, July 21, 2014 7:28 AM
  • In the deployment, did you set the install for "As User" or "As System"? If "As User", then the user must have permissions to run the command-line provided in the chosen deployment type as this effectively simulates the user installation the application manually. The "Install Permissions" set to "All Users" does not and cannot override this and does not grant non-admins the ability to perform admin actions. It's simply a gate in ConfigMgr to control ConfigMgr's initiation of the command-line.

    Jason | http://blog.configmgrftw.com

    Monday, July 21, 2014 2:00 PM
  • Hi Guys, I really hope I can get an answer on this weird behavior I have on my ConfigMgr 2012 R2 SP1 CU2. 

    My environment is all set up to push software to SYSTEM, all good. Then my manager decide to change the focus to USERS (Which I prefer), but since we have more than 400 applications, I feel the pain already in having to change the installation Behavior for every application from SYSTEM to USER or (For System if resource is device, otherwise install for user) Option, as well as chaging all applications to be pushed to User collections instead of device ones, along with other major changes. 

    Later on when everything was changed from SYSTEM to USER, I then try to push a software available on Application catalog, user doesnt have permission because of lack of privilege, they are not local admin. 

    Then the magic happens. 


    One day I tested pushing a software to a USER COLLECTION where it contains only the user object inside (no computer). I changed the application behavior back from USER to SYSTEM. I already expected the software push to fail Or do nothing because there was no Computer device on the USER Collection (obviously), but when I push it, it installs normally

    Have you seen this before? That doesnt just make any sense for me. 

    How Can an application set up as SYSTEM, pushed to a USER collection with only an User object as a member? No Computer has been mentioned to this. 

    Hope you guys can decipher this issue

    Thank you in advance. 

    Eden Oliveira

    Monday, August 29, 2016 3:50 PM
  • First, tacking onto a 2 year old post is not a good idea because no one will see it and it has nothing to do with the OP either.

    Next for your issue, installing as User literally means installing the software as the user and thus using their permissions. It also means that the installer and application needs to be designed to allow a per-user install -- this is not something most installers or the applications are designed for. Thus, your results are perfectly expected.

    As system means running it as the local system account on the system and using a per-system install. This is roughly equivalent to installing the software as a local admin and thus totally normal.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, August 30, 2016 12:46 AM