Changed values of HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing to the value specified in below article, and deployment worked fine.
The following information can give more details about ALM deployment:
- As part of ALM client deployment and execution, ALM will check digital signature of the downloaded files.
Actually it is two step procedure:
1. Verify digital signature of the file using standard Windows API function
2. Checking if the certificate is no revoked also using standard Windows API function.
Hence, ALM user should be allowed to perform both these actions.
Looking on the information from the article: the value of the key Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing contains the flag:
#define WTPF_ALLOWONLYPERTRUST 0x00040000 // allow only items in personal trust database
Customer should check if required certificates exists in that database for the non-admin user. If don't exits, customer can add it or change the value of the flag. Customer's IT/Security personal should check the issue.