Windows – Chocolatey as non-admin user

I´m starting to use Chocolatey in the network of my hotel for software installs. I have a domain set on Win 2008 and all my users are not admins.

So, lets say I have a user JOE that is not an admin on the domain (neither on the machine) and a user PETER that is admin on both, and that I'm logged in as JOE. When I open a prompt (or powershell) as admin, windows UAC asks for a admin username/password. So I fill it with PETER's credentials. Then I can install Chocolatey (in C:\ProgramData\Chocolatey) and install packages on C:\ProgramData\Chocolatey\libs. And that is fine.

If the app is a install for all users (such as Sublime Text 3, installed at C:\Program Users folder), everything goes OK. But when I run a "single user" install (such as Wunderlist, which is installed at C:\Users\USERNAME\AppData\...) it get's installed at PETER's AppData and not JOE's AppData.

If I run the installer manually, it asks me for PETER's credentials, but the app gets installed in JOE's user path.

Can I get the same behavior with Chocolatey? Am I doing something wrong or can I workaround this some way?

Best Answer

I've discovered how to do it for both administrative and non-administrative users. In the Chocolatey non-administrative section of the docs, it says that to install Chocolatey as non-admin, first we have to define a ChocolateyInstall environment variable pointing to a location where Chocolatey should be installed and all users have access (I've used C:\Users\Public\Chocolatey folder). That variable can be set at machine or user level. If we define it at machine level, the same Chocolatey installation can be used for both admin and non-admin packages installs. After setting the variable, we should procede to Chocolatey install, which can be done either as admin or non-admin user.

Then, to install any package there are two ways to do it: if it that requires admin access, we can open a an admin PowerShell (or command prompt) and call choco install <package> with it. Then the app will be installed as the admin user (PETER in my question). If it doesn't require admin access, then we can open a non-admin PowerShell (or command prompt) and call choco install <package> with it. The app gets installed to the current user (JOE in my question).

I've not tested it, but I believe that another option is to set a machine level ChocolateyInstall variable pointing to one location and a user level ChocolateyInstall variable pointing to another location. Then if we install Chocolatey as admin, we would get a "master" Chocolatey install, that can be used to install the majority of the packages (which require admin access according to the documentation). If we install it again as the common user, we would get a "user" Chocolatey install, that can be used to install some specific packages (as Wunderlist). That way, that package can get installed to any number of users, without interfering with the "admin" Chocolatey install.

The drawback is that having 2 Chocolatey installs, the packages will have to be managed at both admin and user level, so upgrades will have to be done at both "master" and "user" level.

In my case, as I have only one user per machine and my users don't install any apps, I've chosen the first option.

Hope it helps someone looking for this.

Best Answer

Related Solutions

Windows – change the user that is the default choice in UAC

Related Question