Allow users to run specific Win 32 installation files and update .exes without admin privileges

AdamPollardPowell-0167 30 Reputation points
2023-10-12T14:37:33.59+00:00

We use InTune for about 50 users, some work in the office and others from home some of the time.

They need to use a Win32 app that is updated every couple of months.

If it was a one-off, I'd create an InTune app from it but its a pain to do every 2 months.

I understand there is a way to allow standard users to do this by trusting the certificate of the publisher. Any suggestions how to do this? I'm a general IT/Network guy not a software developer. Believe me, I've asked the app developer to use a more modern approach. Remote support with QuickAssist doesn't work as I can't enter admin credentials for the UAC. We are a charity so little money for Teamviewer or the like.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,466 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 9,271 Reputation points MVP
    2023-10-12T15:43:35.2166667+00:00

  2. Crystal-MSFT 44,406 Reputation points Microsoft Vendor
    2023-10-13T01:58:54.5933333+00:00

    @AdamPollardPowell-0167, Thanks for posting in Q&A. From your description, I know you want to update win32 app. Based as I know, to bulk update win32 app, you can consider win32 supersedence. When you supersede an application, you can specify which app will be updated or replaced. To update an app, disable the uninstall previous version option. To replace an app, enable the uninstall previous version option. Here is a link with more details:

    https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-add#step-6-supersedence

    If you just want to update some device, not too many and want user to update themselves, you can consider EPM which mentioned by Rahul. Microsoft Intune Endpoint Privilege Management (EPM) allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges.

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.