The LANDesk health check script will probably meet your need. It will run as the computer SYSTEM context during startup.
or, assign the advance agent MSI to the GPO (I don't recommend this option).
1 of 1 people found this helpful
From your post I gather that you are migrating your distribution packages from GPO to Landesk and that some of the packages require editing user profile data?
Both Landesk and GPO installs should both be using the SYSTEM account so I guess where I'm confused is, if you are using MSI then it should be installing the same. Any variables / data changes to APPDATA, USERPROFILE, or HKCU should still be done by the MSI and the ALLUSERS=1 flag.
I guess what I'm trying to understand is have you come up against an issue that your MSI's are no longer working and are just looking for a workaround of temporarily elevating user admin rights? I have personally never attempted this type of workaround as it shouldn't be necessary.
Let us know and hopefully can help sort the issue instead of forcing a workaround.
Thanks for answer,
I’m looking for a workaround of temporarily elevating user admin rights.
Our .msi are not real msi. Its “package” made by Windows Installer Wrapper Wizard for execute network script (.cmd).
Here an example of a .cmd :
- Install Setup from \\network …
- Remove link in alluser startup menu and desktop
- Create custom link in logged %username% startup menu
- Import .reg in HKCU for auto configure application parameters
- Copy files from network to %appdata% for auto configure applications parameters
- Make xcals on %programfiles%\application to grant to %username% full access on application directory
- Etc …
Theses actions cant be executed by a limited user.
I’m looking for launch .msi with admin rights but in the logged user environnement.
I’m actually testing Psexec, Cpau, Xrunas, etc …but looking for the best “easy” solution.