RE: [ActiveDir] Group Policy Software Installs

[Darren Mar-Elia]

Title: Message

Rick- IE is an ugly piece of %*$(#% to try and make into an unattended install, as you've discovered. The last time I worked with this, for IE5, we had to tear apart the install to get it to run unattended. What you're probably experiencing is that IE install puts some tasks into the RunOnce key in the registry to autorun at next logon. Its not clear why admin would be required for this, but then I gave up trying to figure out the logic behind the IE setup a long time ago. One option might be to run whatever is called in RunOnce interactively with a non-privileged account, while you're running Regmon and FileMon from www.sysinternals.com and see where you get access denied messages. Then you can use Group Policy to modify reg or file system perms interactively. Its tedious and painful and very ugly.   You might also want to check and see if the install works with the user in the local Power Users group. If so, then a "better" solution may be to just write a startup script or use Restricted Groups policy to add the users temporarily to the local group that works and then use policy after the deployment to remove them.   Darren     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Reynolds Sent: Thursday, October 09, 2003 10:23 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Group Policy Software Installs I have a job to install ie6, it installs as part of a group policy, but after it installs and forces a reboot, it tells the user upon login that there was an install that was not completed, and they have to login with an account that has admin rights to the machine to complete the setup....   Is there anyway around this other than giving the users admin rights to the machine. We have to roll this out to 200 machines by next friday.   Rick Reynolds