denelon
commented
1 year ago There are a few different moving parts related to elevated context for configurations with resources or packages requiring elevation. We're working to improve the flow, so a single elevation is sufficient for the entire configuration.
There will still likely be exceptions in some cases for installers with interesting flows that don't honor an initial elevation and launch user-based processes to trigger an install that still requires a subsequent elevation.
I'm not sure if this is truly a "Dev Home" specific problem, or a WinGet specific problem as WinGet is acting as the LCM (Local Configuration Manager) for Dev Home.
We're looking at ways the configuration file itself can provide the appropriate hints for which resources need elevation and which ones don't. Generally speaking, it's a bad idea to have credentials in a configuration file from a security standpoint.
cseitz-brio
Suggested new feature or improvement
Allow a configuration file to designate the elevated credentials to be used for installing applications that require the user to allow the app to make changes to the device. These credentials would be the same credentials specified when you select "Set up as admin" for the configuration file machine setup.
Scenario
If a user is not an administrator on a device, running a configuration file on Dev Home still requires the administrator to re-enter credentials for applications that make changes to the device. This feature would allow the configuration file to run without having to monitor the installations the whole time.
Additional details
No response