Hi everyone, I am running into a problem with MSI Repair, ConfigMgr 2012 R2 and AppLocker.
I know that this post is being around and marked as resolved but I am facing the same exact problem and I do not think that the answer is the best one or at least I am looking for further inputs.
The link I provide clearly explain my problem but I'll explain it here also:
We are migrating from ConfigMgr 2007 to 2012 R2. We have some software that after being installed (MIS) are repairing themselves to add settings and configurations to the user profile when launched.
The environment I am testing this is configured as the following:
- 2 computers in the same OU and members of the same AD Groups.
- Both computers are logged in using the same user.
- Both computers have being prepared using OSD wit about the same Task Sequence but one from ConfigMgr 2007 SP2 R3 and the other one using ConfigMgr 2012 R2 CU1.
- I then attempt to open a single application called CDBurnerXP on both computers and following are the results.
Computer 1: OSD from ConfigMgr 2007
Result form computer 2: OSD from ConfigMgr 2012 R2:
File C:\Windows\ccmcache\d\Files\cdbxp_setup_4.3.8.2631.msi was rejected by digital signature policy.
When I test the policies from AppLocker applied for this MSI I get:
Like I said, both computers are in the same OU's and logged as the same user.
I do not have any other Software Restriction Policies other than AppLocker.
When I add Authenticated Users NTFS Read, the software is able to repair itself.
Anyone know why this is doing this when the files are in ccmcache and not in SysWow64\CCM\Cache?
The MSI Digital signature is valid.
Thanks for the help!
Mathieu