Using GPO to deploy msi that will not install as local admin on win7?

So we have deployed many msi's fine on our lan using GPO.

Issue i have with this msi is that it won't install as local admin.  I have to use the domain admin account.

The 3rd party co has provided a script/batch file to run it with msexec -i switch.  Seems pointless.  Also the msi seems to copy and register 3x ocx files.

Could there be a way to sort?

Thanks
LVL 1
CHI-LTDAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CHI-LTDAuthor Commented:
could the msi have a setting in it to say run ad domain admin only?  could i use orca to edit the msi and change this to anyone?
0
McKnifeCommented:
I can hardly believe that, because why should anyone check for domain admin group membership? Pointless.

Please quote your error message. I am pretty sure that your domain admin is named "administrator" - that could be the reason. If "administrator", then UAC is off for that user and installations that may fail due to UAC incompatibility install alright while on the same computer with a different admin they fail - I bet that's it.

So you should be able to install it elevated: rightclick cmd.exe and select "run as administrator" -> an elevated command prompt will appear. No type in the path to your MSI and it will install elevated.
0
CHI-LTDAuthor Commented:
UAC is off.

I have a different msi from a large company which installs fine manually as the domain user account, not not permissions issue.  

Sure it works elevated, but i want to be able to run it under user profile.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

CHI-LTDAuthor Commented:
so i can add it to GPO
0
McKnifeCommented:
"adding to GPO" means publishing it to users? Because when you deploy an MSI to computer objects, no user intervention is required. Only when assigned to user objects. And even then, the user account would not be used to install, but only to trigger the windows installer service that uses a different account (the system account). Please feedback on that.
0
CHI-LTDAuthor Commented:
okay will give it a go on GPO.

And update.
0
CHI-LTDAuthor Commented:
well gpresult and modelling wizard show its applying ok, but i don't see it in progs on PC nor do i see any errors on the client machine.
0
CHI-LTDAuthor Commented:
there is also a batch file which runs msexec -i....
0
McKnifeCommented:
use rsop.msc at the client. If it displays the package as assigned to the computer (important, don't assign to users), it will install on the next reboot. If it does not, check the application event log at the client (search for msi).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CHI-LTDAuthor Commented:
assigned fine.
system log shows its failed.
0
McKnifeCommented:
Why did it, what's the complete error?
0
CHI-LTDAuthor Commented:
the isntall of application 'app name.msi' from policy 'appname' failed.  The reason was: %%1612
0
McKnifeCommented:
That means, the path to the package is unavailable to the system account.
1 Could it be the path you used is not in the notation \\server\share\xxx.msi but rather on a network drive like x:\xxx.msi?
2 Could it be that you gave no access rights on that package? does the group authenticated users/everyone/domain computers have read access (at least one of them) to that share and file?
0
CHI-LTDAuthor Commented:
nope, using UNC path.
i added our global group and can install the the msi from here manually using admin account.
0
McKnifeCommented:
manually using the admin account is something different. But we can simulate what happens... please download psexec. Then start cmd on the problem machine like this:
psexec -s -i cmd
in that new cmd, type in the UNC path of that package to see what happens.
0
CHI-LTDAuthor Commented:
type: psexec -s -i cmd?
0
CHI-LTDAuthor Commented:
if so, this fails to install service.
0
McKnifeCommented:
The syntax is correct but it needs to be executed on an elevated command prompt.
0
CHI-LTDAuthor Commented:
opens in new cmd window
type unc and cannot access it e.g. \\server1\
0
McKnifeCommented:
Please clarify... what did you type in and what was the message?
If the message is showing it cannot access the msi, then clearly, your Access permissions to the share or file are wrong. Add authenticated users with read permissions.
0
CHI-LTDAuthor Commented:
psexec -s -i cmd
in new cmd: \\server1\activex\
0
McKnifeCommented:
...and now the error message.
0
CHI-LTDAuthor Commented:
sure.  but just typing the unc path isnt going to work is it?
0
McKnifeCommented:
Please quote the complete error message first.
0
CHI-LTDAuthor Commented:
'\\server1\' is not recognised as an internal or external command, operable program or batch file
0
McKnifeCommented:
Ok, your command was only \\server1\activex\???
You need to input the whole path of the msi.
\\server1\activex\yourMSI.msi
0
CHI-LTDAuthor Commented:
hmm, access denied.
0
CHI-LTDAuthor Commented:
and that is using my account, a domain admin....
0
CHI-LTDAuthor Commented:
added authenticated users to share and NTFS side and can run/access it.  will see what happens...
0
McKnifeCommented:
This was expected. the psexec test uses the -s switch. That means, it is no longer executed as "you", the domain admin, but as the computeraccount (problemcomputer$).
0
CHI-LTDAuthor Commented:
okay do you think it will install now?
0
McKnifeCommented:
I don't see why not.
0
CHI-LTDAuthor Commented:
its there, well done!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.