Configure User Installed Applications
- There are three modes in which the User Installed Applications functionality can run (configured on the Settings tab):
Allow any setup to run - Any application may be installed by the user if the user has local administrator rights.
Deny - Any application may be installed by the user, except applications that comply with a set Deny rule. Note that by using Access Control and Workspace Control it is possible to set a global Deny rule in combination with a specific Allow rule (e.g. Deny all software installations by a specific Publisher, but allow this for a specific Group). All Deny rules are checked for a possible match, if a match is found then all Allow rules are checked for possible exception. If no match is found, the user is notified that this setup is not allowed.
Allow - No applications may be installed, except applications that comply with a set Allow rule. Note that by using Access Control and Workspace Control it is possible to set a global Allow rule in combination with a specific Deny rule (e.g. Allow all software installations by a specific Publisher, but deny this for a specific Group). All Allow rules are checked for a possible match, if a match is found then all Deny rules are checked for possible exception. If a match is found to a Deny rule, the user is notified that this setup is not allowed.
In case Administrative Roles are used (at Administration > Administrative Roles), making changes to the setting Software installations is only permitted by Administrative Roles that have Modify access to the Security > Applications > User Installed Applications > Settings tab (on the Settings tab of the Administrative Role).
-
User Installed Application Rules (i.e. Allow and Deny rules) can be based on:
-
Publisher in signature
-
Product name in file properties (only in combination with Publisher)
-
Product version in file properties (only in combination with Publisher)
-
Checksum of file (only if no other criteria are selected)
-
-
These values can be entered manually or by browsing to a specific installation file. Note that wildcards are allowed.
-
To give a user temporary local administrator rights when installing specified applications, the Software installations mode Allow and Run installation using Dynamic Privileges may be selected. See Dynamic Privileges.
User Installed Applications must always be restricted to specific computers in a Workspace Container or in a Zone. Although you can combine several Workspace Containers and/or Zones, the minimum requirement is one Workspace Container or one Zone.
-
Specify the Workspace Container(s) on the Workspace Control tab.
-
Specify the Zone(s) on the Access Control tab under Location.
-
Optionally, you can restrict the right to install User Installed Applications on the specified computers to specific OUs, groups, users, administrative roles and Identity Director Services. You can specify this on the Access Control tab under Identity.
-
Optionally, you can restrict access for a specific time period by specifying a Start and/or End date and time on the Access Control tab under Date and Time.
The Log tab shows who installed or removed what unmanaged applications on which computers.
-
You can sort columns by clicking on the column headers. Columns can be moved and resized by dragging and dropping the column headers. In the Options menu, the option Reset all column properties to defaults can be used to restore the columns to their original position and size.
-
To filter the view by computer name, select the computer from the Computer drop-down list.
-
In the filtered view, click for a list of User Installed Applications on the selected computer.
Users who are allowed to install User Installed Applications on a computer can choose to install any application they like. However, what they install can be monitored (at Security > Applications > User Installed Applications on the Log tab).
-
User Installed Applications do not become available in the Managed Applications node of the Management Console.
-
A user can only install unmanaged software if he has the appropriate local privileges to install new software.
-
By design, User Installed Applications cannot be installed on Terminal Servers, even if the user session on the Terminal Server complies with all the criteria set for User Installed Applications.