Environment:
- ClickOnce Winforms Application with a signing certificate (Symantec Class 3 SHA256 Code Signing CA)
- Client computers are running windows 7 and users are under a group policy that disallows local admin access
- There is a "Certificate Policy" applied to that group for our code certificate, which should allow any application with that cert to run with local admin privs
- The group policy cannot be changed for security reasons
- Up to 6 developers work on and publish this project
- Visual Studio 2013
Symptoms:
When I publish the app from my system, it is able to auto-update and runs as expected.
When any other developer publishes, it auto-updates and the application fails to start. The dump contains the following error:
This program is blocked by group policy. For more information, contact your system administrator
If I re-publish from my machine, it will update and run as expected.
Signing:
The following steps are how we are applying the cert to the application:
- Project Properties
- Signing Tab
- Select From File Button
- Select the cert that is included in the project
- Enter the cert password
Questions:
Why are we only able to update the ClickOnce application from one developer's computer and not the others, when the certificate is applied the same way?
Aside from disabling group policy, how can we successfully publish this application from multiple computers without encountering the same problem?