We're needing to push installs of MS Elephant Droppings - oops! - I mean Office 2007 -- Richard
Ben Scott <[email protected]> wrote on 04/02/2009 09:00:16 AM: > On Thu, Apr 2, 2009 at 8:56 AM, <[email protected]> wrote: > > Note that this would not be an actual person using the desktop systems but > > rather would be a "user" scripted in an install procedure. This user would > > then be disabled once the installs are completed. > > Does the software have to be installed as a particular user for some > reason? If so, what's the reason? > > I'll second Carl Houseman's suggestion of using a computer start-up > script for this. The start-up script runs under the privileges of the > machine account[1]. The machine account has full system privileges to > the local computer, and is also a domain account, so it can access > network resources if granted permission. > > We've got some applications which can't be installed via MSI -- only > via an EXE installer. But the installer has command-line switches for > an unattended install. So we make a batch file which calls the > installer, and add that batch file as a start-up script in a GPO. We > restrict the "Apply Group Policy" permission on that GPO to a security > group, and then put machine accounts in the group. The actual > installer is kept on a network share that's granted read permission > for everyone, so machine accounts can read it. > > [1] Every domain member gets a machine account, which is basically > just a user account. For domain FOO and computer BAR, the account > would be "FOO\BAR$". > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
