I'm managing an environment where Group Policy Objects (GPOs) restrict normal users from installing software without admin credentials. Users can download various executables but must provide admin access for installations. We've noticed that Microsoft Store installations can be inconsistent regarding when admin credentials are required. Typically, we only need access to a few apps like Notepad, Snipping Tool, or Calculator if they aren't already on the user's workstation. Has anyone faced a similar situation? Is there a specific GPO configuration we can implement to ensure that the User Account Control (UAC) prompt always appears?
2 Answers
The best approach could be using AppLocker or something similar. When it comes to installing apps, the Microsoft Store and tools like Winget allow installations that often run in user context, which means they don't always prompt for admin access. If you set up a private store for your environment, it can help limit what regular users can install, so they can't just grab anything like games or unwanted software.
You might consider including necessary apps in your standard image and completely blocking the Microsoft Store. That way, you can control what gets installed. However, I understand the hesitation about banning the Store because some useful apps might only be available there, especially those published by Microsoft. Plus, you're right to think about updates; apps from the Store usually require it to update properly.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures