This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 98%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
hi,
I have an install script that needs to write to C:\program files\ as well as the registry. But on some win10, this work cannot be done, even if I log in with an administrator account. The "Behavior of the elevation prompt for administrators in Admin Approval Mode" has been disabled in User Account Control, and the UAC control has been changed to "Never notify". However, when viewed in the properties of C:\program files, the administrator still does not have full control rights, and all options are grayed out and cannot be changed. Whether I log in with a domain administrator account or a member of the local administrators group, the result is the same inaccessibility.
So,I have several questions like this:
Using a domain administrator account, or a member of the local administrator user group, still cannot write to the c:\program files folder
Answer accepted by question author
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello
Thank you for your question and reaching out.
C:\Program files folder is protected folder even for Administrator account .
You need to take Ownership to Write this folder or you can use SYSTEM account.
--If the reply is helpful, please Upvote and Accept as answer--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 16%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
There is a standard way to pass parameters to an MSI with GPO. You must pass a Microsoft Installer transform (MST) file. This can be created easily from Orca, which is included in the Windows SDK Kit. Install Orca-x86_en-us.msi from "%ProgramFiles(x86)%\Windows Kits". Then open your MSI in Orca and select option to generate "New Transform" from the menu. Navigate to the Property table and edit/create the properties and set to values that you would otherwise from the command line. [You can do a lot more from Orca with any customization (i.e. specify Feature sets to install, recondition CAs, etc.), but it's best to start with the Property table.] When you're done with all your changes, select "Generate Transform..." from the menu. Finally, add the transform to the GPO and have a great day!
In fact, this is the reason. This script is used to install the software package. The reason why the script is used instead of msi is because it needs to carry parameters. Later, it was found that it is also feasible to carry parameters and install silently. But encountered a new problem, how does the AD administrator deploy silent installation and carry parameters? GPO policies can specify .msi packages, but there is no option to carry parameters. Scripts such as startup and logon can specify scripts, but how to upgrade to administrator privileges? Is it possible without elevating privileges? I did not configure successfully, please solve, thank you.
windows server is 2022,user is win10.
