Solved

Cannot run silent MSIs with Windows 8 and UAC

Posted on 2013-05-21
7
1,815 Views
Last Modified: 2013-08-07
Hi - i have created a batch file containing the following to install a package silently:

msiexec /i MyPackage.msi /qn

When I run this it stops after a second or so and there is an error in the event log telling me I do not have permission to install:-

"Product: MyPackage -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and retry this installation."

even though I am domain admin and in the loal admin group on the pc.

I have noticed that if I change the msi swich to /passive it works fine. It also works fine - with no prompts, if I run the MSI manually.
It's only the silent switch that fails.

If I completely disable UAC via the registry HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System - EnableUA = 0
It works fine but I need to have UAC on for the Metro apps to work.

I have played around with UAC settings in Group Policy and just cannot get it working.
I have also taken our Windows 7 Group Policy settings for UAC and applied them to the W8 pc and still it's not working.

I have Googled this to death and cannot find any information pointing me to a viable solution.

I have tried multiple different MSIs and get the same problem with all of them.

Please help....

Thanks
0
Comment
Question by:naifyboy123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 95

Expert Comment

by:John Hurst
ID: 39186293
I am not certain there is a problem. I have Windows 8 Pro and *every* install of *every* kind will cause UAC to pop up. I do not disable UAC and do not recommend disabling UAC.

So I think you have to install within the given limits of UAC.  

... Thinkpads_User
0
 

Author Comment

by:naifyboy123
ID: 39186295
@thinkpads_user - thanks

There must be ways round this otherwise how can you use an OS in the Enterprise with which you cannot push out silent installations
0
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 167 total points
ID: 39186541
Start the Active Directory Users and Computers snap-in. To do this, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
        In the console tree, right-click your domain, and then click Properties.
        Click the Group Policy tab, select the policy that you want, and then click Edit.
        Under Computer Configuration, expand Software Settings.
        Right-click Software installation, point to New, and then click Package.

        In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \file server\share\file name.msi.

        Important Do not use the Browse button to access the location. Make sure that you use the UNC path of the shared installer package.
        Click Open.
        Click Assigned, and then click OK. The package is listed in the right-pane of the Group Policy window.
        Close the Group Policy snap-in, click OK, and then close the Active Directory Users and Computers snap-in.
        When the client computer starts, the managed software package is automatically installed.

http://serverfault.com/questions/419931/how-to-silently-install-any-software-across-all-my-office-computers
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 167 total points
ID: 39186749
Windows 8 has no problems installing MSIs silently via GPO software deployment. What you are doing is invoking the installation manually, which will make the installation run as user and not as the system as it would do with automated software deployment. So if you run it manually you are relying on elevation to function correctly. If it does not and elevation is not triggered by UAC and this is what we seem to have here, the package is not compatible to UAC and has to be elevated manually by right clicking the batch and selecting "run as administrator".

This is not Windows 8's fault.
0
 
LVL 18

Assisted Solution

by:Mike T
Mike T earned 166 total points
ID: 39188532
Hi,

The two experts above are right and have shown how to deploy an MSI via AD and also then explained.

To reiterate: to deploy any MSI silently it needs /qn and then run as system. AD, Altiris and SCCM all do this. Local system is higher security context than local admin. One way to simulate it is to use the task scheduler. Personally I find it easier to create a testdeploy OU and assign the MSI there. You then can re-use the OU (unlike using the scheduler).

info: http://msdn.microsoft.com/en-us/library/windows/desktop/ms677973(v=vs.85).aspx
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39188908
> To reiterate: to deploy any MSI silently it needs /qn and then run as system
No, not as system. But elevated.
0
 
LVL 18

Expert Comment

by:Mike T
ID: 39188920
I stand corrected :).

Also
"The actual name of the account is NT AUTHORITY\System.

The Local System account does not have any rights to access the network. When network access is necessary, Local System uses the account Domain\computername$. "
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No matter the version of Windows you are using, you may have some problems with Windows Search running too slow or possibly not running at all. Before jumping into how you can solve this issue, just know there are many other viable alternative deskt…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question