I'm running into trouble when I try to run an EXE installation as a dynamic administrator, but don't get the same problems when I'm trying to do a MSI or MSP based installation. I know that there are tools to convert an EXE to a MSI based installation but sometimes the conversion is more work than it is worth when a simple EXE /s does exactly what I want, or the EXE extracts an MSI which I then doesn't install correctly.

Anyway, in my environment I use the GPO Allow only Specified Windows Programs to and have a whitelist of EXE files that are allowed to run. I can successfully install the application when my users are in administrative policy mode, but when they are in the general policy I get error codes without installation. I was under the impression that dynamic administrator, and secure system user for that matter, would allow the EXE or MSI to execute with elevated rights no matter what the user's local active rights level is set as. Is this the case or am I misinformed?

I'm getting frustrated with the deployment bundles that I'm creating in that I'm setting them up perfectly for what I want them to do, but as soon as I test them under my general policy I run into all kinds of problems. Thanks for any clarification!