allowing users to run installer packages from a specific network folder

Question

We have a network folder location that contains some applications used by a mixture of non-privileged users . Some of these install source files have .MSI while some have .EXE. When my users run it, they get filtered into the catch all app group instead of the app definition I created. I just used \\networkshare\folder1\* with no publishers, drive is network and App requires elevation (UAC). I know this is not very secure but that is the only way I know that would allow my users to run the install themselves without asking help from our deskside support.

This application group by the way sits above the priority list before the catch all and is also using rule filter for those specific users only.

My problem is that it does not get triggered from that definition. Has somebody got any similar definition in place that I can follow that works?

Jens Hansen · Answer

It is difficult to say without actually seeing your policy design.

But if your statement is true about the placement just above the catch all “(Default) Any Application”, and you used \\networkshare\folder1\* with no publishers, drive is network and App requires elevation (UAC) Then “(Default) Any UAC” and “(Default) Any signed UAC” will get higher priority and you would never hit your network shares.

You would have to place your rule above those “catch all” UAC once.
Anywhere above the green arrow.