Software Restriction Policy
The first step is to use the Software Restriction Policy
in your domain to allow MSIs to run, provided they are signed with the dezrez software publishing certificate. Also change the Windows Installer setting to allow approved MSIs to be run in elevated mode.
Path Rule: Disallow *.MSI
Certificate Rule: Dezrez Services Ltd. Certificate – Unrestricted.
NOTE: If you do not want this setting to apply to local administrators, select “Software Restriction Policy” in the tree view, and select the “Enforcement” option. Change the setting “Apply software restriction policies to the following users” to “All users except local administrators”.