Learn how you can use Application Manager in your MDM environment to manage a myriad of settings for commonly used applications such as Firefox and Java!
take a look. Here we go. Notepad ++ installed. This should install absolutely anything now. If you do winget show again, we want to pick a different thing. We now blanketed the ability for them to install anything they want. I don’t even know what half these things are.
Spotify, I know Spotify, but if I wanted to do a winget install Spotify, all right. This will do that. No questions asked. By the time it’s over, we should have Spotify. Let’s just go ahead and take a look. Installer hash verification fail. Yeah, let’s go ahead and say yes to that and see if we get Spotify. There we go. If you wanted to be more specific about what these things are instead of the blanket that I have given you here, let me turn off the rules and show you the trick on how to be more specific. Let me go ahead and take these two rules. I’m just going to unlink the GPO here and uncheck Link Enabled. Then we’re going to go back to the way we were with that gpupdate. I’ve removed the rules. Now we’re back to just group policy and Windows by itself. Shouldn’t be able to install any application.
Now even though I have just done that, there actually are going to be some applications that will let you install as a non-admin. For instance, Zoom works. I just tested that. That works. You can install Zoom not being an admin, but most things are going to require an admin. You want to be specific. We know that this is the folder where things happen. If we were to do a winget – let’s do one more, let’s do show one more time. Let’s find another package that we haven’t used yet. Let’s do wire shark. Winget install wireshark. Now what’s going to happen here with wireshark is that it will download which is great. It will try to run as a local admin and then it’s going to bomb out because we’re not a local admin and if you don’t have PolicyPak, then you can’t do this magic.
We’ll go ahead and just wait for a quick second here and then we can use it to our advantage. Here’s the UAC prompt where again, we know that it’s published by the wireshark guys and we actually know what the name is, what the actual executable is. We can be very specific. We can do is take the file that got downloaded here and I’m going to copy it over to my management station or you could create the rule right from here if that’s what you wanted to do too. I’m just going to net use, star over two, dc, share, dc2016 share, dc2016 share. I’m going to copy that over to my management station basically. Now that I have it over here on my management station, I actually have everything I need to do. I could do PPLPM Let Wireshark install via PolicyPak and WINGET.
All right. I’ll go ahead and click Edit here. Then I’ll dive down under User side, PolicyPak. Go to Least Privilege Manager and I can make a combo rule just like I’ve done in a million other videos. I can make a New Executable Policy because we saw it as a .exe. I’ll use a combo rule and I’m just going to point over to that file. I’m going to go to the Signature and the File Info for that file. I’m going to Select a reference file and pick in my share. I have Wireshark that I just got. Bang. You can see it’s signed by the Wireshark guys and the File Info Condition I can say higher than – higher or equals that version number which it will be, and then I’m off to races. I can run that application installer with elevated privileges and I am done. Let’s go ahead and try this out again. Now I’ve got a rule in PolicyPak land that should let this kick off and winget is doing the kicking off part. Let’s go ahead and see that it runs after this.
Now the gpupdate is done. Let me go ahead and rerun that command winget install wireshark. It’s going to try to redownload it and re-kick it off. This time PolicyPak is on the case and we’ve now overcome that UAC prompt. No UAC prompt with winget. There we go. It’s all the way installed. The standard user can now run Wireshark and then they’re off to the races. That’s basically it. If you want to see how we do uninstalls by the way, PolicyPak has a little sidecar utility. Look up the video on the helper tools. The helper tools will enable you to use control panel applet idea where you can uninstall things and you can limit what they can uninstall through PolicyPak Least Privilege Manager.
The other way that you can do what I’m showing you here is through PolicyPak Scripts Manager. For instance, if I wanted to use PolicyPak’s Scripts Manager to – let’s pick another application real fast. Pick another application we don’t have. We’ll go back to winget show. Let’s pick one more application. Let’s pick Ghostwriter. I don’t even know what that is. Let’s go ahead and say Ghostwriter. We can do is we can create a Scripts manager item, add a new policy here and all we got to do is do a PowerShell Script with elevated rights. That’s going to be winget install ghostwriter. I think that’s what that was. Let’s take a look one more time. Ghostwriter, yeah. I don’t know what that is. We’re going to find out together, winget install ghostwriter. That’s it. We’re going to run Once in PolicyPak land and we’ll call this install ghostwriter and then let’s go ahead and run gpupdate here. Give this a second to settle in.
Now that that’s done, there we go. Let’s take a look. It will take a little while. There we go. There is ghostwriter. I don’t know what ghostwriter is but maybe you do and you love it. Anyway, there’s your application. Like I said, if you want to do uninstalls and stuff, you have to check out the video called setting up the PolicyPak Least Privilege Manager Helper Tools. Hopefully, in this video you got three great ideas on how to use PolicyPak to either use the Scripts manager, the Least Privilege Manager with a particular rule or the blanket rules if you want to go bananas and let users install anything with winget and overcome UAC prompts. Hope this helps you out. Thank you very much and talk to you soon.