I am running InstallShield 2013 installers remotely on Windows Server 2012 R2 machines and they all work great and MSI log files are generated if the user name that I am using remotely is also logged in on the remote machines. If the user name that I am using remotely is not logged in on the remote machines then the installs do not run and they do not generate MSI log files. The user is administrator. This is not a problem running InstallShield 2012 installers on Windows Server 2012 Standard using the same user that is also administrator on those machines. Any ideas?
Remote Install on Windows Server 2012 R2
Posted 18 September 2014 - 21:49
Posted 18 September 2014 - 21:53
Do you need to elevate to install these installers? If you are not logged in at the time, do you provide username and password information to whatever is executing these installers? Can you describe the mechanism by which you are launching the installer both when you are logged in and when you are not?
Posted 19 September 2014 - 14:35
The installers require administrator privilege to run. The logged on account does have administrator privilege. The logged on account is a domain account. The same domain acount is used for the local and remote machines. The credentials are known to the remote machine via WSH Remoting:
1. Enable WSH Remoting (http://msdn.microsof...t(v=VS.85).aspx ) by adding 'Remote' of type REG_SZ with value 1 to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings.
2. Set 'Component Services\Computers\My Computer\DCOM config\WSHRemote' identity to 'This user' with the user account information.
3. Add WScript.exe and CScript.exe to Firewall 'Exceptions' with scope to 'My network (subnet)' only.
We run a VBScript that accepts the remote machine name and the silent install command as input and runs the silent instal command on the remote machine.
We tried adding HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated (set to 1), HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated (set to 1), and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\LocalAccountTokenFilterPolicy (set to 1) but none of those made a difference.
For now, we are leaving the remote machines logged on and locked with the domain user acount that we need.
We do not have this problem on Windows Server 2012 Standard remote machines. We only have this problem on Windows Server 2012 R2 machines. The local machine is Windows Server 2008 R2.