Hello!

I am having issues with how NetInstall handles security during installations. My users are just that, users, not admins or power users.

Many of the installations fail because they spin off processes that run under the local user context, not the NI service accounts, even though I check each line in the script (and the overall package properties) to use the service accounts during the installation. Even if I use the runas script option some processes manage to run under the local user account.

My workaround is to create a VBScript to run the silent setups and compile it in PrimalScript to an EXE with an embeded local admin (usually I use the NI Service or SIS account). Then it works file if I call my compiled EXE - the same processes stay running under the NI Service accounts.

The worst offenders are InstallShield based setups.

And thoughts/pointer/clues?

Running NetInstall 5.8, NI Service accounts are in the local administrators group.

Pax,
Richard

Hi,
is is very common, that users have no admins rights. this is one reason why it is important to have a client management tool, such as Netinstall - software can still be installed, but using only a service account - which as you have already stated, must have local administrator rights - on all NI clients.

Please check the rights for the NI Service - give the account domain admin rights, and try to install a project again.

How are you checking if this is a user rights problem? Can you send/post a logfile, so that we can see what is happening? NI writes very good logs - please set debug mode though.

Dont bother with the VB Script etc. I am quite certain, that we will be able to find the problem.


Greetings

The problem is definitely with how NetInstall itself handles the security (or at least my configuration of it). The NetInstall service is in a domain group that is in the administrators group of all laptops and desktops. This happens on 3 different test systems.

For example I have an application that installs using a silent setup.

If I do an execute (or even runas) in NetInstall script I see the initial setup running under the NetInstall service but then if the setup application spins off another setup process that one runs under the user credentials. The big offenders seem to be InstallShield apps

Even if I have that script line checked to use the local NI Service for installation. Even if I check the properties for the project to use the service for installations.

The wrapper I wrote (and my old SMS server) keeps them under the installation servce credentials.

I tried running the agent through the login script to use the NetInstall service credentials and the apps installed fine manually - except they would not autoinstall.

Hi,

could you possibly send me the logs of the failed installation- debug=0 please.

Also what application are you trying to install?

cheers

http://forum.enteo.com/showthread.php?t=3065

Check out this thread with your issues regarding Installshield and calling processes.

I could be wrong but it sounds entirely like whatever your fighting is using dcom to launch items which will spawn as the interactive user regardless of what tricks you use.

http://forum.enteo.com/showthread.php?t=3065

Check out this thread with your issues regarding Installshield and calling processes.

I could be wrong but it sounds entirely like whatever your fighting is using dcom to launch items which will spawn as the interactive user regardless of what tricks you use.
Yep - this is what I am looking for. Thanks!

The thread says that you'all were going to make a knowledgebase article to addess this. Has this been done?