MSI Packaging For Locked Down Desktops 

If you have taken the appropriate steps along the way then your packages should function correctly in a locked down environment. However if you have not tested your packages in the user context then there is a distinct possibility that you will encounter application errors due to file and registry permissions being too restrictive. preventing the application from performing as expected. Other areas where security implications need to be considered are the use of public properties. where information contained in such properties may be written to log files and the contents of such properties becoming visible. passwords being one example. Ensuring that only approved installations and patches are applied in sensitive environments is also an option that should be explored.

How do we achieve it?

To ensure that a package performs correctly in a secure environment it will be necessary to determine which files and registry keys need their permissions altered. Only the required areas should have permissions relaxed. so as to maintain as high a level of security as possible. Don't use public properties to hold any confidential or sensitive data as the contents of these properties can be read. Using digital signing within your packages will ensure that the package is valid for your environment.