Apply MSP at logon - Locked down computer
I'm sure by now I've over-thought/over-complica
Here is what I need: I have 500 computers that have a specific application installed, fortunately it is identical same GUID/Patch level etc. I have an MSP file that now needs to be applied to all of these systems. I also have a requirement to do this as silently as possible as the users in our organization like to pretend that their computers are magical devices that never need updating. ALL of these computers are locked down, the local user does not have local administrative rights. I also need to ensure that the MSP file runs at logon and that the program and all programs that use (the microsoft office suite for example) are not running during the apply of the MSP. I also need to ensure this ONLY runs on Windows 7 Machines
Here is what I have: I have created a VBS script that calls a BAT file. The VBS script specifically looks to make sure two things are true:
1: The patch has not already been applied (looks in the registry for this)
2: The computer is Windows 7
If both are true it calls the BAT file otherwise it terminates.
The BAT file then launches, taskills explorer.exe (our users are click happy and can launch a million applications in a blink of an eye, killing this kills the desktop and taskbar) and all necessary applications that cannot be running and displays a friendly message to the user while applying the msp, it then launches explorer.exe.
Here's the catch... the scripts above, what I currently have WORK GREAT!! as long as the user is a local admin on his/her machine otherwise; we get an error message: Product: [Product Name]' could not be installed. Error code 1625.
Error Code 1625: ERROR_INSTALL_PACKAGE_REJE
So.. I need to know how I can use the method I already have OR I need a suggestion on a better way of doing it. The sad part is I DO HAVE SCCM 2012, just stood it up. I know it inside and out... for inventory and remote control... Still learning my way around the whole package deployment thing... So, I'm open to any way of doing this and I would truly prefer not to have to use a script... if I can get away from it.
Thank you in advance
Here is what I need: I have 500 computers that have a specific application installed, fortunately it is identical same GUID/Patch level etc. I have an MSP file that now needs to be applied to all of these systems. I also have a requirement to do this as silently as possible as the users in our organization like to pretend that their computers are magical devices that never need updating. ALL of these computers are locked down, the local user does not have local administrative rights. I also need to ensure that the MSP file runs at logon and that the program and all programs that use (the microsoft office suite for example) are not running during the apply of the MSP. I also need to ensure this ONLY runs on Windows 7 Machines
Here is what I have: I have created a VBS script that calls a BAT file. The VBS script specifically looks to make sure two things are true:
1: The patch has not already been applied (looks in the registry for this)
2: The computer is Windows 7
If both are true it calls the BAT file otherwise it terminates.
The BAT file then launches, taskills explorer.exe (our users are click happy and can launch a million applications in a blink of an eye, killing this kills the desktop and taskbar) and all necessary applications that cannot be running and displays a friendly message to the user while applying the msp, it then launches explorer.exe.
Here's the catch... the scripts above, what I currently have WORK GREAT!! as long as the user is a local admin on his/her machine otherwise; we get an error message: Product: [Product Name]' could not be installed. Error code 1625.
Error Code 1625: ERROR_INSTALL_PACKAGE_REJE
So.. I need to know how I can use the method I already have OR I need a suggestion on a better way of doing it. The sad part is I DO HAVE SCCM 2012, just stood it up. I know it inside and out... for inventory and remote control... Still learning my way around the whole package deployment thing... So, I'm open to any way of doing this and I would truly prefer not to have to use a script... if I can get away from it.
Thank you in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You cannot use logon scripts here. For installations, you can take Startup scripts, those use "god mode" (=the System account) to execute your script.
For more comfort, I recommend to use the freeware LUP that integrates into WSUS and can rollout any 3rd-party .msp file. See http://localupdatepubl.sourceforge.net/