8 Replies Latest reply on Jan 20, 2012 3:00 PM by DanDinolfo

    Deploying Software That Doesn't Like The Service Account - But Needs Administrator

    Apprentice

      I'm trying to install Teamcenter via LANDesk.  It worked great last time I did the install (all of the end users were XP systems).  I've been trying it on Windows 7, and it works fine manually, but the TC install crashes if I run it as the Service account.  Our end users don't have Admin rights, so I can't do an install as them.  I've been trying to play around as doing a LANDesk install that checks to see if it's being run by the service account on Windows 7, and if it is, it uses the startasuser.exe to run an AutoHotKey script (running the script as the logged in user) which does a runas of the initial script as an account with Admin rights.

       

      ProgramUser
      install.vbssystem
      RunAsTech.exeCurrent LoggedInUser
      install.vbsTech

       

      The problem I'm getting is that my install gets run as our Tech account, but it's not being elevated to an Administrator.  So now I'm kind of screwed.  I've got a request to install TC on ~100 Windows 7 computers, and I really don't want to have to do a manual install.  Ideas?

       

      (Running 9.0.2)

        • 1. Re: Deploying Software That Doesn't Like The Service Account - But Needs Administrator
          Apprentice

          Is the password the same for the local Admin account on these 100 Windows 7 machines?

          1 of 1 people found this helpful
          • 2. Re: Deploying Software That Doesn't Like The Service Account - But Needs Administrator
            Apprentice

            It's so insanely simple, it just might work.  Time to compress the 6 GB install.  Grrr, stupid 6 GB Install.

            • 3. Re: Deploying Software That Doesn't Like The Service Account - But Needs Administrator
              Apprentice

              Actually the problem that you're having drove me insane and i couldn't find anything that worked after exploring batch files, vbs scripts and programs that are supposed to elevate privileges.

              So here's how i did it  (you have to time this right) . Hopefully someone else reading this can give us insight on how to do it better then my method.

               

              1. You'll have to script the method described here : http://support.microsoft.com/kb/310584 then reboot.

              2. Then push the package that requires local admin rights (choosing "current user account" in your package properties) and then reboot.

               

              Like i said, you have to time it right. I did it a midnight and got 100% success because i also use vPro WOL.

               

              If anyone has a better method, i'm also interested to know.

              • 4. Re: Deploying Software That Doesn't Like The Service Account - But Needs Administrator
                Apprentice

                Heh, I was thinking about the autologin thing.  More so for the next time I have to upgrade this software.  Teamcenter is a real work of art.  Whoever designed their installer should be shot.  I'm pretty close to just using PSEXEC or some other script to push it out.  Maybe I'll use LANDesk to stage the 6 GB install package on all of the computers before hand and then use PSEXEC to start the installs.

                • 5. Re: Deploying Software That Doesn't Like The Service Account - But Needs Administrator
                  zman Master

                  Hmm seems overly complicated. first really make sure it is LANDesk or the System Account - follow this http://community.landesk.com/support/docs/DOC-1645

                   

                  If it works then something with LANDesk. If you do however have to install as an elevated user then:

                  1. I would use Autoit and simply use the runas function. Much easier make sure you use #requireadmin for windows 7. Basically one/two lines will do this.
                  2. In 8.x if you used run from source and had preferred servers defined, it would install the app using the credentials used for preferred server. If this account had local admin privileges you would be ok.
                  • 6. Re: Deploying Software That Doesn't Like The Service Account - But Needs Administrator
                    Apprentice

                    It's the System account that is the problem.  The Teamcenter install crashes a few minutes in.  I looked at the install logs and while the error is very cryptic, some googlefu indicated the problem had to do with an attempt to access the CU registry hive.  I'm assuming this didn't work because of the System account.

                     

                    As far as the AutoIT, I've tried 4 or 5 different tools to do a runas, and every single one barfs at you under Windows 7 if you run them from the system account.  That's why I am using the "Startasuser.exe" to call my script that does a runas.  I changed things over to use the local administrator account, and it appears to be working.  We'll see.

                    • 7. Re: Deploying Software That Doesn't Like The Service Account - But Needs Administrator
                      zman Master

                      Why not run the script as logged in user using the distribution package settings and have the script elevate rights with runas? Also consider voting on this ER http://community.landesk.com/support/ideas/2018

                      • 8. Re: Deploying Software That Doesn't Like The Service Account - But Needs Administrator
                        Apprentice

                        I thought about doing that.  I might still.  Part of the issue is that it works perfect on XP as the system account.  I also need an install that can be done manually.  I really don't want two or three installs, especially because of the massive size of the install (5.73GB and over 9,000 files).  So instead I have a single install that uses a VBScript to do the magic.  If I push it to XP or the install is a manual Windows 7 install, it just works.  I could make it run as the logged in user, have the script check for admin rights, and then have it do a runas.  The trick is, I would have to change how I elevate my scripts/installs.  I currently have a modified 7zip SFX system.  The 7zip SFX is what prompts for UAC elevation.  If I left my SFX unchanged, I imagine it would fail since it prompts before it runs the script.  I would instead have to use a plain SFX that doesn't prompt for admin, and have my runas do the prompting, but then I would have to either do a runas for all installs, even manual installs, or I would have to have two procedures in my script, one to do a runas, and the other to elevate itself by recalling the script.  Either way, I feel it's just about as complicated as what I'm doing now.

                         

                        The only thing I really wish I could fix about what I have working now is to loose the requirement that a user be logged in to the system when I run my install.  That's really going to hork me.  Maybe I can use a LANDesk script to run some kind of a command from my console that will open enough of a session on the remote computer that the "startasuser.exe" will be able to latch on to it.  It seems to like explorer.exe from comments I've read.  Maybe I could do some kind of a psexec command to start an instance of explorer remotely.  Hmmm.