Post Reply
apsSanj
Posts: 5
Joined: Tue Jul 30, 2024 6:23 am

Prevent CertUtil.exe permission prompt when install .msi with Microsoft Intune

We are creating the .msi file with advanced installer and the installer file is supposed to install on user machines via Microsoft Intune, where there should be no user interactions to the installation process.
We have a custom action to add the certificate to the trusted publishers list. This is the related line of the xml of the .aip

Code: Select all

   <ROW Action="LaunchFile" Type="2" Source="viewer.exe" Target="/EnforcedRunAsAdmin /RunAsAdmin &quot;[SystemFolder]certutil.exe&quot; -addstore TrustedPublisher [AI_CODE_SIGN_CERT.CER]" Options="1"/>
When we are installing the msi via Intune, it prompts for user access control.
Do you want to allow this app to make changes to your device? CertUtil.exe
prompt appears.

How to prevent this from prompting via Advanced Installer?

Thank you.
Catalin
Posts: 7513
Joined: Wed Jun 13, 2018 7:49 am

Re: Prevent CertUtil.exe permission prompt when install .msi with Microsoft Intune

Hello,

Indeed, the "Run as administrator" option will prompt the user to accept the UAC, this is the default behavior.

As a workaround, I would suggest changing the custom action type to, for example, a PowerShell script.

Then, this PowerShell script should be executed during the "Deferred" stage with the "Run under the LocalSystem account with full privileges (no impersonation)" option enabled to ensure admin rights.

Hope this helps!

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
Post Reply

Return to “Common Problems”