We have a need to programmatically (powershell) install a vendor signed MSI from within a process running as a user that's part of local administrators group. We used the typical msiexec with /qn option but it always fails with below error.
==
Installation success or error status: 1625.
Info 1625.This installation is forbidden by system policy. Contact your system administrator.
==
The OS is windows server 2008 R2 SP1 and the machine is not part of any domain, just a local workgroup. The powershell process is launched from a windows service configured to logon as the user that's a member of local administrators group.
After playing with lot of security policy settings, I found the solution by marking the policy "User Account Control: Run all administrators in Admin Approval Mode" as disabled. My question is to know if this is the best/recommended way? Or is there a better (more secure) way to achieve what I want.
Any input is highly appreciated.
Thanks Rags
Thanks Rags This posting is provided as is and confers to no rights.