SP3 for App-V 5.0 introduced a new feature called RequirePublishAsAdmin which allows Administrators to restrict non-admins publishing packages to themselves if they are already added to the machine. For a full run down of this feature read here, it was on this post a commenter brought up the question of whether or not this feature would work with SCCM delivery (Thanks IV!), assuming it would work I thought I would test just to confirm however what I found is the commenters concerns were indeed justified….
Once RequirePublishAsAdmin is enabled and a non-admin user tries to take delivery of a user targeted App-V application the delivery fails and the following error occurs:
The cause of this error is exactly as suspected by the commenter on my previous post, the PowerShell process running the publish command runs as th user and therefore is automatically blocked from running.
If we dig into the AppEnforce.log we find evidence of this:
Above you can see the first App-V command which is the Add operation runs with a PID 2916 and completes successfully with a return code of 0.
However the second command which is the Publish operation runs with a PID of 1572 and fails with a return code of 1.
A quick ProcMon shows us that as suspected PID 2916 (Add) runs as system and PID 1572 (Publish) runs as the user and therefore fails.
In summary the RequirePublishAsAdmin feature is not fully compatible with SCCM 2012 user targeted deliveries. I have tested the same scenario with App-V Server with no issues.