Domain users are able to silent-install programs.

Anonymous
2023-11-06T11:58:40+00:00

Hello,

In our domain, we have software restriction policy which works fine but i recently noticed that standard users (not local admins) are able to silent install some programs (for example WPS Office).

Is there any way to prevent them doing silent installs?

Thanks for your help,

Regards.

Windows for business | Windows Server | Directory services | Deploy group policy objects

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments No comments
{count} votes

7 answers

Sort by: Most helpful
  1. Anonymous
    2024-01-24T13:32:41+00:00

    Hi,
    I have the same problem. this idiot software installs without any admin rights, standart domain users can install this. and also not listed on programs and features panel for uninstallation while you opened a session with local admin user or a user who has admin rights. the only way to remove it adding the current domain user to local administrators group.
    if you can install a software without any admin rights, this is one of the big windows bugs i think. and this is not acceptable too...

    best regards...

    10 people found this answer helpful.
    0 comments No comments
  2. Anonymous
    2023-11-07T03:19:33+00:00

    Hello Onur Akcay,

    Thank you for posting in Microsoft Community forum.

    How did the users perform the silent install programs? Run the app install package via CMD or run the app install package via clicking the program?

    You can try to block AD domain users to run specific applications.

    1.Navigate to User Configuration > Policies > Administrative Templates > System

    2.Double click on "Don’t run specific windows applications"

    3.Click enable

    4.Click the SHOW button

    5.Type in the file name you want to block.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments No comments
  3. Anonymous
    2023-11-07T05:51:16+00:00

    Hello,

    They can run program via clicking on it. I can just block the applications if i know the name but what i actually want to do is blocking this installation type because i can never know every application name.

    Is there any way to do so?

    Regards.

    0 comments No comments
  4. Anonymous
    2023-11-07T06:03:17+00:00

    Hello Onur Akcay,

    Thank you for your reply.

    Software restriction policy should be OK to you.

    Here is a similar thread for your reference.

    active directory - Stop Domain Users from Installing Software - Server Fault

    If software restriction policy does not work, you can try Applocker.

    What Is AppLocker? | Microsoft Learn

    What Is AppLocker - Windows Security | Microsoft Learn

    AppLocker - Windows Security | Microsoft Learn

    Note: Please test in lab first before you deploy it in production environment.

    Best Regards,
    Daisy Zhou

    0 comments No comments
  5. Anonymous
    2023-11-07T06:26:03+00:00

    Hello,

    Our Software Restriction Policy works fine,

    For example if i try to install a program, i would need admin rights to install it,

    But if i try to install a silent-install program (in this case its "WPS Office"), i can just install it as a standard user.

    As far as i know with AppLocker i will need program name aswell,

    Regards,

    0 comments No comments