Author: admin
Turn off shared components
This policy setting controls the ability to turn off shared components. If you enable this policy setting no packages on the system get the shared component functionality enabled by the msidbComponentAttributesShared attribute in the Component Table. If you disable or do not configure this policy setting by default the shared component functionality is allowed.
Save copies of transform files in a secure location on workstation
This policy setting saves copies of transform files in a secure location on the local computer. Transform files consist of instructions to modify or customize a program during installation. If you enable this policy setting the transform file is saved in a secure location on the user’s computer. If you do not configure this policy setting on Windows Server 2003 Windows Installer requires the transform file in order to repeat an installation in which the transform file was used therefore the user must be using the same computer or be connected to the original or identical media to reinstall remove or repair the installation. This policy setting is designed for enterprises to prevent unauthorized or malicious editing of transform files. If you disable this policy setting Windows Installer stores transform files in the Application Data directory in the user’s profile. If you do not configure this policy setting on Windows 2000 Professional Windows XP Professional and Windows Vista when a user reinstalls removes or repairs an installation the transform file is available even if the user is on a different computer or is not connected to the network.
Specify the order in which Windows Installer searches for installation files
This policy setting specifies the order in which Windows Installer searches for installation files. If you disable or do not configure this policy setting by default the Windows Installer searches the network first then removable media (floppy drive CD-ROM or DVD) and finally the Internet (URL). If you enable this policy setting you can change the search order by specifying the letters representing each file source in the order that you want Windows Installer to search:– “n” represents the network;– “m” represents media;– “u” represents URL or the Internet. To exclude a file source omit or delete the letter representing that source type.
Prevent Internet Explorer security prompt for Windows Installer scripts
This policy setting allows Web-based programs to install software on the computer without notifying the user. If you disable or do not configure this policy setting by default when a script hosted by an Internet browser tries to install a program on the system the system warns users and allows them to select or refuse the installation. If you enable this policy setting the warning is suppressed and allows the installation to proceed. This policy setting is designed for enterprises that use Web-based tools to distribute programs to their employees. However because this policy setting can pose a security risk it should be applied cautiously.
Specify the types of events Windows Installer records in its transaction log
Specifies the types of events that Windows Installer records in its transaction log for each installation. The log Msi. log appears in the Temp directory of the system volume. When you enable this policy setting you can specify the types of events you want Windows Installer to record. To indicate that an event type is recorded type the letter representing the event type. You can type the letters in any order and list as many or as few event types as you want. To disable logging delete all of the letters from the box. If you disable or do not configure this policy setting Windows Installer logs the default event types represented by the letters “iweap. “
Control maximum size of baseline file cache
This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0 the Windows Installer will stop populating the baseline cache for new updates. The existing cached files will remain on disk and will be deleted when the product is removed. If you set the baseline cache to 100 the Windows Installer will use available free space for the baseline file cache. If you disable or do not configure this policy setting the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size.
Enforce upgrade component rules
This policy setting causes the Windows Installer to enforce strict rules for component upgrades. If you enable this policy setting strict upgrade rules will be enforced by the Windows Installer which may cause some upgrades to fail. Upgrades can fail if they attempt to do one of the following:(1) Remove a component from a feature. This can also occur if you change the GUID of a component. The component identified by the original GUID appears to be removed and the component as identified by the new GUID appears as a new component. (2) Add a new feature to the top or middle of an existing feature tree. The new feature must be added as a new leaf feature to an existing feature tree. If you disable or do not configure this policy setting the Windows Installer will use less restrictive rules for component upgrades.
Prohibit User Installs
This policy setting allows you to configure user installs. To configure this policy setting set it to enabled and use the drop-down list to select the behavior you want. If you do not configure this policy setting or if the policy setting is enabled and “Allow User Installs” is selected the installer allows and makes use of products that are installed per user and products that are installed per computer. If the installer finds a per-user install of an application this hides a per-computer installation of that same product. If you enable this policy setting and “Hide User Installs” is selected the installer ignores per-user applications. This causes a per-computer installed application to be visible to users even if those users have a per-user install of the product registered in their user profile.
Turn off creation of System Restore checkpoints
This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users in the event of a problem to restore their computers to a previous state without losing personal data files. If you enable this policy setting the Windows Installer does not generate System Restore checkpoints when installing applications. If you disable or do not configure this policy setting by default the Windows Installer automatically creates a System Restore checkpoint each time an application is installed so that users can restore their computer to the state it was in before installing the application.
Prohibit removal of updates
This policy setting controls the ability for users or administrators to remove Windows Installer based updates. This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators. If you enable this policy setting updates cannot be removed from the computer by a user or an administrator. The Windows Installer can still remove an update that is no longer applicable to the product. If you disable or do not configure this policy setting a user can remove an update from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an administrator whether “Disable Windows Installer” and “Always install with elevated privileges” policy settings are set and whether the update was installed in a per-user managed per-user unmanaged or per-machine context. “