Local SYSTEM account, analyzing security settings
Posted on 2004-09-11
I use a W2K server with a group policy, that makes some W2K Prof machines auto-install an msi file.
The W2K prof machine starts up and shows that it starts installing the msi file, but only for a second. The package was not installed.
In the event log you can see an error that says that the source for the package cannot be found. Microsoft describes this case in Q278472. Installing the package by hand works well (being Administrator). The package is located on a network share, on the DC. I have tested several ways when putting the package into group policy, like "\\servername\..." or "\\192.168.1.6\..." etc, but nothing works. I have checked the security credentials for the share, for the subfolder and all in-between folders. "SYSTEM" is there and has always full access. I also included the machine's local account (in security settings, I can browse for objects and selected the computer symbol of the W2K Prof PC), also with full access.
Now I want to test if the local SYSTEM account of the W2K Prof machine has really access to the target folder. But how ?
I know two years ago I managed to open a CMD window by using the task planner (and just saying "start cmd.exe in one minute"), but there must have been an additionyl trick.
Any idea anyone ?
Or, can I change a service on the local machine to run the installation under another account ?
There may be some reason for SYSTEM not being able to have access (english W2K server after initial german W2K server installation, several W2K Prof machines were built with a partition image and then NewSID was used, ...)