We use LDMS 9.0 SP3, we try to find an easy and fast solution to migrate our 1000+ GPO (user-based) package script to Landesk.
Our GPO are .msi who are execute a .cmd script on network with custom actions parameters
We can migrate .msi in Landesk but there is a problem with admin rights :
In case of GPO, at execution of .msi at the opening session of the user, there is no admin rights problem because there is an auto elevation of the user to admin right. So, the script can execute setup, modify file of system, change ACL on directory, delete icon in alluser directory, etc …
In case of .msi transferred to Landesk, there is two choice to execute .msi : Execute with Landesk Admin account, or User logged in :
If we choose User logged in, script fail to execute setup, change ACL, access to alluserdirectory, etc …
If we choose Landesk Admin account, variable %USERNAME%, %USERPROFILE%, %APPDATA%, network share, etc … are wrong.
Rewrite every script to separate the part to execute by admin account, and part to execute by logged user is real time killer. (remind 1000+ script of ten years history and probability to make script errors).
I’m looking for an easy solution to promote temporary admin, user who are executing the .msi transferred to Landesk like MakeMeAdmin (http://blogs.msdn.com/b/aaron_margosis/archive/2004/07/24/193721.aspx) but I loose silent install … and user need to know admin local password.
Other way is to force %USERNAME%, %USERPROFILE , etc … when executing package by Landesk Admin Account by how easy automatising this?
Do you have and idea? Thanks.