• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 431
  • Last Modified:

Is there a way to allow citrix users to execute a specific installation but block all others?

A recent update to our CRM application (Sage Saleslogix) requires users to run an "enhancement" executable, which unpacks an .msi and installs a MS Outlook Add-in and a shortcut in the startup folder, that turns on some desktop integration program.

We can easily deploy the .msi using group policy to most of our users, EXCEPT those running in a citrix published desktop environment.

For some unknown reason, the developers configured the .msi to install for one user, rather than ALL USERS.  This is a problem for our citrix users because once it is installed by the Admin on the citrix servers it is not made available to all clients.  Since we have a strict security pollicy, users are unable to execute the program in their citrix desktop environment.  

We have tried several things including modifying the msi to no avail.  We even attempted to deploy in citrix using group policy but that failed because the program is already installed on the server.

Is there a way to allow users to excecute this installation but block all others?

Sage has promised to modify the installation but that will take a few months.  Unfortunately, we can't wait due to several business and technical factors.

Thanks in advance.
0
LenCepeda
Asked:
LenCepeda
  • 2
1 Solution
 
Robin CMSenior Security and Infrastructure EngineerCommented:
Presumably setting ALLUSERS=1 on the msiexec command line when you do the admin install doesn't work?
0
 
Robin CMSenior Security and Infrastructure EngineerCommented:
You might also try editing the .msi PROPERTY table using Orca (http://support.microsoft.com/kb/255905/EN-US/) and change/add the ALLUSERS entry to 1.
0
 
LenCepedaAuthor Commented:
Thanks for the quick response. Orca seems promising but I receive the following message when running the modified msi:  

Error 2356.  Could not locate cabinet in stream:  Data1.cab.

Unfortunately, msiexec command did not install to allusers.  
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now