Solved

Cannot run silent MSIs with Windows 8 and UAC

Posted on 2013-05-21
7
1,668 Views
Last Modified: 2013-08-07
Hi - i have created a batch file containing the following to install a package silently:

msiexec /i MyPackage.msi /qn

When I run this it stops after a second or so and there is an error in the event log telling me I do not have permission to install:-

"Product: MyPackage -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and retry this installation."

even though I am domain admin and in the loal admin group on the pc.

I have noticed that if I change the msi swich to /passive it works fine. It also works fine - with no prompts, if I run the MSI manually.
It's only the silent switch that fails.

If I completely disable UAC via the registry HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System - EnableUA = 0
It works fine but I need to have UAC on for the Metro apps to work.

I have played around with UAC settings in Group Policy and just cannot get it working.
I have also taken our Windows 7 Group Policy settings for UAC and applied them to the W8 pc and still it's not working.

I have Googled this to death and cannot find any information pointing me to a viable solution.

I have tried multiple different MSIs and get the same problem with all of them.

Please help....

Thanks
0
Comment
Question by:naifyboy123
7 Comments
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
I am not certain there is a problem. I have Windows 8 Pro and *every* install of *every* kind will cause UAC to pop up. I do not disable UAC and do not recommend disabling UAC.

So I think you have to install within the given limits of UAC.  

... Thinkpads_User
0
 

Author Comment

by:naifyboy123
Comment Utility
@thinkpads_user - thanks

There must be ways round this otherwise how can you use an OS in the Enterprise with which you cannot push out silent installations
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 167 total points
Comment Utility
Start the Active Directory Users and Computers snap-in. To do this, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
        In the console tree, right-click your domain, and then click Properties.
        Click the Group Policy tab, select the policy that you want, and then click Edit.
        Under Computer Configuration, expand Software Settings.
        Right-click Software installation, point to New, and then click Package.

        In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \file server\share\file name.msi.

        Important Do not use the Browse button to access the location. Make sure that you use the UNC path of the shared installer package.
        Click Open.
        Click Assigned, and then click OK. The package is listed in the right-pane of the Group Policy window.
        Close the Group Policy snap-in, click OK, and then close the Active Directory Users and Computers snap-in.
        When the client computer starts, the managed software package is automatically installed.

http://serverfault.com/questions/419931/how-to-silently-install-any-software-across-all-my-office-computers
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 167 total points
Comment Utility
Windows 8 has no problems installing MSIs silently via GPO software deployment. What you are doing is invoking the installation manually, which will make the installation run as user and not as the system as it would do with automated software deployment. So if you run it manually you are relying on elevation to function correctly. If it does not and elevation is not triggered by UAC and this is what we seem to have here, the package is not compatible to UAC and has to be elevated manually by right clicking the batch and selecting "run as administrator".

This is not Windows 8's fault.
0
 
LVL 16

Assisted Solution

by:Mike T
Mike T earned 166 total points
Comment Utility
Hi,

The two experts above are right and have shown how to deploy an MSI via AD and also then explained.

To reiterate: to deploy any MSI silently it needs /qn and then run as system. AD, Altiris and SCCM all do this. Local system is higher security context than local admin. One way to simulate it is to use the task scheduler. Personally I find it easier to create a testdeploy OU and assign the MSI there. You then can re-use the OU (unlike using the scheduler).

info: http://msdn.microsoft.com/en-us/library/windows/desktop/ms677973(v=vs.85).aspx
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
> To reiterate: to deploy any MSI silently it needs /qn and then run as system
No, not as system. But elevated.
0
 
LVL 16

Expert Comment

by:Mike T
Comment Utility
I stand corrected :).

Also
"The actual name of the account is NT AUTHORITY\System.

The Local System account does not have any rights to access the network. When network access is necessary, Local System uses the account Domain\computername$. "
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Using the Hyper-V Manager requires administrator rights. This guide shows how to add shortcuts and Start Screen tiles for normal users to quickly connect to local virtual machines rather than using the recommended Remote Desktop connection.
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now