How can I use Group Policy to disable the Windows Installer rollback functionality?
November 3, 2003
A. Depending on the actions performed by the Windows Installer file, the space required to store temporary rollback information about the installation, as described in the FAQ "What's the Windows Installer rollback functionality?", might be very large. If the installation is interrupted, these temporary files remain on the system, and a user could access them to gain information about your computer. Keep in mind that if you apply a Group Policy Object (GPO) to disable the rollback functionality and an installation fails, your computer could be left in a compromised state.
To use Group Policy to prevent Windows Installer from creating the rollback information, perform the following steps:
Open the relevant GPO. For example, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the organizational unit (OU) or domain, select Properties, select the Group Policy tab, select the GPO, then click Edit.
Expand Computer Configuration, Administrative Templates, Windows Components, Windows Installer.
Double-click "Prohibit rollback."
Select Enabled.
Click here to view imageClick OK.
You can also configure this setting on a per-use basis by navigating to User Configuration, Administrative Templates, Windows Components, Windows Installer in Step 2 above. When you enable the setting in either area, it overrides any "Disabled" setting.
About the Author
You May Also Like