I am writing an installer where users do not have local admin rights. Inside this installer package I will be installing drivers and tools.
My question is, through code signing (windows only) is it possible to sign an installer such that it does not require local admin rights to be installed.
I.E. if the certificate is added to the machine by a local admin and the installer is signed by said certificate, does it still need local admin rights to install or is there a way to rise the privilege of an exe by signing.
I am asking because I want to be able to install drivers but not need each user to have local admin rights.
Not the way you are describing it. Administrators can use group policy objects to deploy MSIs or they can use a tool such as Microsoft Systems Center Configuration Manager (SCCM) to deploy an application to thousands of machines. The later is done typically by running the installer elevated as SYSTEM.
A administrator won't typically go around and install a certificate machine by machine. These would typically be applied via group policy.