Hello:
We are piloting Windows 10 for VDI (Horizon 7) with AppVol Writable Volumes. We are specifically testing UIA (user installed apps). I understand that a user must have local administrator rights to install the applications. So, we have granted this and the user is able to do a "run as different user" to enter in credentials of an active directory account that has local administrator rights, and the application will install and work.
How do users REMOVE applications from their writable volume? When a user attempts to remove an app, they get the error "You do not have sufficient access to uninstall... Please contact your system administrator". I have tried turning on UAC for the pool but it never prompts the user to enter in the credentials to give them access to do this. What is best practice on handling the user installed apps with writable volumes?
I appreciate any and all feedback. I have read the docs and do not see anything in there specifically on how to USE writable volumes in regards to apps and HOW to grant the users the permissions to do so.
Thank you.
This sounds like more of a Windows issue and not App Volumes.
Assume that you are not using writable volumes, how would you uninstall an application that was installed with "run as different user"? If we know the answer, we may try out the same with writable volumes.
Hi,
To use writable volumes in combination with user-installed applications, end users must have local administrator privileges on target computers to install applications.
Please check the AppVolumes User guide, Page 13 under "User Accounts and Credentials"
http://pubs.vmware.com/appvolumes-211/topic/com.vmware.ICbase/PDF/App-Volumes-User-Guide.pdf
And make sure to use version 2.12. 2.11 has an issue with the start menu for as far as I know..
Thanks for the replies. Yes we know that the user must have local administrator rights, and we have that in place and it works. However we do not let the user that logs in, to run with administrator rights directly. They must authenticate or "run as different user" with a separate admin account, which does have local administrator rights and that works fine when INSTALLING applications.
However, when doing any sort of operation in Windows that requires administrator elevation (i.e. going to Programs and Features, and trying to UNINSTALL an application), Windows is not prompting for their administrator account. It's erroring right away with the error "You do not have sufficient access to uninstall... Please contact your system administrator".
Is this a supported method to use "run as administrator" or "run as different user" with AppVol? And if so, how do we get it to prompt the user?
This sounds like more of a Windows issue and not App Volumes.
Assume that you are not using writable volumes, how would you uninstall an application that was installed with "run as different user"? If we know the answer, we may try out the same with writable volumes.
Thank you for the reply. Yes, it could be a Windows issue, however I would think that since App Volumes is advertised to handle "user installed apps", that there would be some documentation on how to set up the VM to work WITH App Volumes to accomplish this. Just like any setup documentation for any product. That's mainly where we are at. I have to assume that most organizations are not allowing their users to log in as local administrators and run under that context. If we discover how to do this, I will post it back. Thank you.
We've found that the VMware Optimization Tool by default will disable 3 settings under "Disable UAC". When we reversed the changes from the Optimization tool, we were able to get the prompt restored and we should be good now. Thanks for the help.
Great finding. Thanks for updating the thread with your findings.
