Use PSAppDeployToolkit without local administrator

Hi
I would like to discuss the possibility of using this great toolkit without being a local administrator. As a MSP, we have some customers who do not want their users to be local administrators, and the toolkit does not play nice with them. Some of the code in our deployment scripts need to run in user context, and don’t require local administrator.

I do know that many of the functions in the toolkit require local administrator to work. Maybe there could simply be a reduced set of functions available if Deploy-Application.exe runs without elevation?

We use this toolkit for nearly every application deployment in sccm, så it would rock to not need local administrator for everything.

-Kevin

2 Likes

Kevin,

This is because Deploy-Application.exe calls “powershell.exe -ExecutionPolicy Bypass” !
This is a good suggestion. :slight_smile:

If this guy is right, there should be no need to be local administrator for -ExecutionPolicy Bypass to work. See section 9.

See AppDeployToolkitConfig.xml in SCRIPTROOT\AppDeployToolkit

There is a setting called “Toolkit_RequireAdmin” which you could try and set to False. Haven’t tried it out, but seems to me it could be a possible workaround to your problem.

Edit: This guys seem to have tried it out: http://psappdeploytoolkit.com/forums/topic/user-based-install/#post-953

1 Like

OLD but worth mentioning -

Yeah if you change

<Toolkit_RequireAdmin>False</Toolkit_RequireAdmin>
it works fine. Just double click Deploy-Applicatication.exe and it runs in logged in user’s context without admin prompt. Also, this is good to use when deploying app in PSADT via SCCM.

Raghu

Hey @RaghuKeenLearner,

Is this something you use frequently? Latest v3.8.2 will definitely break this functionality - but was under the impression virtually no one did. I saw this a little too late :confused:

cc @luki1412

If you’re talking about the changed directory due to a possibility of the exploit. The path can be changed for toolkits running under user to a user accessible directory through the config file.

Apparently yes the functionality no longer work in 3.8.4