User Account Control
IT departments often configure user’s accounts as ‘standard’ (non-administrator) for security reasons. This prevents users from installing software into C:\Program Files among other things.
We release improvements to our application every 2 weeks. To reduce the manual intervention required by users/IT, we designed the app to not need administrator privileges to install.
A user’s IT can customize their computer configuration with Group Policy in various ways that can block our app from installing. If Group Policy is blocking our installer, their IT will need to allow our installers.
The Windows operating system has security feature called User Account Control (UAC).
This limits applications running as non-administrator users to accessing certain file paths. To comply, we only save files in the current user’s directory such as C:\Users\userName\AppData\Local.
This means the account the installer runs under is where our executable is stored. Each user will have to install PlanGrid into their account to use it.
UAC also manages what happens when you run a process as administrator. If the user is logged in to a ‘standard’ account, UAC will display a prompt that allows them to switch to an administrator account. When this happens, the installer is no longer executing as the logged-in user it is running as the administrator. This means that all the user file paths & etc are pointing to the administrator account and not the logged-in user. The installed files will be placed in the administrator’s account and won’t be accessible to the logged-in user.