Avanessian
asked on
Enabling MSI to be installed with admin rights
We have an MSI package (Netscaler SSLVPN Client) that needs to get pushed out to bunch of remote users that are part of the "users" group. Can we use ORCA or another way to pre-package this install so it uses local admin rights to install (without us giving them the pwd)? What are good ways outside of Altiris or SMS...we use Altiris but not for this community of people.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The machines in question are not part of our AD domain, so NO GP.
any other ideas?
any other ideas?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Being a workgroup makes life trickier. The settings in group policy (which you don't have) which allow msiexec to install with elevated privileges create the following reg values-
HKEY_CURRENT_USER\SOFTWARE \Policies\ Microsoft\ Windows\In staller\Al waysInstal lElevated (REG_DWORD = 1)
HKEY_LOCAL_MACHINE\SOFTWAR E\Policies \Microsoft \Windows\I nstaller\A lwaysInsta llElevated (REG_DWORD = 1)
This will allow msiexec to run under the SYSTEM context rather than the current user. If you can get these keys on the machines they should then be able to install with elevated privileges.
The below VBScript will write the keys to the local machine ('.'), but you can edit this to write to registry remotely via WMI (with the required connectivity/permissions), by changing 'strComputer'.
Or you could use psexec to remotely execute the script and the installation. This is a neat free utility which allows you to execute apps etc. on remote machines/groups of machines (you can create a text file with the list of machine names and then get psexec to run the command on all of them).
For info on psexec : http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Let us know if anyof this helps...
HKEY_CURRENT_USER\SOFTWARE
HKEY_LOCAL_MACHINE\SOFTWAR
This will allow msiexec to run under the SYSTEM context rather than the current user. If you can get these keys on the machines they should then be able to install with elevated privileges.
The below VBScript will write the keys to the local machine ('.'), but you can edit this to write to registry remotely via WMI (with the required connectivity/permissions),
Or you could use psexec to remotely execute the script and the installation. This is a neat free utility which allows you to execute apps etc. on remote machines/groups of machines (you can create a text file with the list of machine names and then get psexec to run the command on all of them).
For info on psexec : http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Let us know if anyof this helps...
const HKLM = &H80000002
Const HKCU = &H80000001
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
oReg.SetDWordValue HKLM, "SOFTWARE\Policies\Microsoft\Windows\Installer", "AlwaysInstallElevated", 1
oReg.SetDWordValue HKCU, "SOFTWARE\Policies\Microsoft\Windows\Installer", "AlwaysInstallElevated", 1
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
System Startup scripts run in the context of SYSTEM, and packages assigned with GPOs are installed with elevated privileges.