Hi all,
I would like to know if it is possible to know if the installation is done through the active directory. I know that when we run from active directory we are actually running from the domain controller not the local system. I want to run a CA only if we running from Active directory....
Thank you all......
This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.
Active Directory deployment
Started by
InstallDev
, Nov 25 2004 03:32
3 replies to this topic
Zweitze
-
- Full Members
- 522 posts
Posted 25 November 2004 - 09:53
I believe it's different:
When your package is assigned (when the GPO is applied, the user gets all shortcuts etc.), then the Advertize sequence is executed by the DC. When the user invokes the software, the "install on demand" kicks in and finishes the install of the required feature.
If your package is published (after the GPO is applied, the package is listed in the ARP of the system, at "install from the network"), then the package becomes a managed package. If the user installs it, the property "Priviliged" is always true.
You can test for the condition (Priviliged AND NOT AdminUser), but you'd have false positives and negatives as well.
Another option is testing for SourceDir in a CA, if you cannot get R/O accerss then I would say that the software is installed by a GPO. Make sure that the CA is run with the credentials of the installing user (impersonation on). Even this may solution has loopholes, eg. the user may actually have access rights to the source. Note it's also possible to execute an installation on a remote computer using WMI, and the SourceDir test probably can't be accessed at that moment either.
When your package is assigned (when the GPO is applied, the user gets all shortcuts etc.), then the Advertize sequence is executed by the DC. When the user invokes the software, the "install on demand" kicks in and finishes the install of the required feature.
If your package is published (after the GPO is applied, the package is listed in the ARP of the system, at "install from the network"), then the package becomes a managed package. If the user installs it, the property "Priviliged" is always true.
You can test for the condition (Priviliged AND NOT AdminUser), but you'd have false positives and negatives as well.
Another option is testing for SourceDir in a CA, if you cannot get R/O accerss then I would say that the software is installed by a GPO. Make sure that the CA is run with the credentials of the installing user (impersonation on). Even this may solution has loopholes, eg. the user may actually have access rights to the source. Note it's also possible to execute an installation on a remote computer using WMI, and the SourceDir test probably can't be accessed at that moment either.
InstallDev
-
- Full Members
- 43 posts
Posted 25 November 2004 - 15:40
Hi,
Currently we are only supporting assigning to computer through active directory. I don't think I can check for any user's right on this type of deployment since no user is actually installing them. It is done before any user is logged in.
Thank you
Currently we are only supporting assigning to computer through active directory. I don't think I can check for any user's right on this type of deployment since no user is actually installing them. It is done before any user is logged in.
Thank you
Zweitze
-
- Full Members
- 522 posts
Posted 26 November 2004 - 10:22
In that case, try adding your CA to the AdvtExecuteSequence table. Remember that the installation is executed by the DC, so the CA is run on the DC. Note the docs state that "custom actions cannot be used in this table.", I think this is the reason for that statement. To test if the CA is actually used, try creating eventlog records (or write to a log file, something like that).
If your CA is executed, you know that either the policy is being applied, or someone advertised the MSI with Msiexec /jm. If that's important, your CA should do additional tests (eg. test if the computer is a DC).
If your CA is executed, you know that either the policy is being applied, or someone advertised the MSI with Msiexec /jm. If that's important, your CA should do additional tests (eg. test if the computer is a DC).