/build/static/layout/Breadcrumb_cap_w.png

Admin rights needed for a hardware install?

Hi All,
Can anyone pls advise me:
I have created a script that is used to install a card for a telephone system. What happens is that the drivers is installed with the package but when the user logs on, PnP launches and you need admin rights to install the hardware (although the card is already picked up in device manager). I have managed to get our support guys to go and do this manually, as it is a once off thing.

Now.....
If the card hangs, there is a utility that is run to re-initialize the card. U need admin rights to do this. This is a big no-no here. Is there a way I can bypass this.

Wise Package Studio 5.0
Windows XP SP2 machines
Deployment , via SMS 2003 or RIS (I can use either as it is a seperate build).

Any advice
Pls help

0 Comments   [ + ] Show comments

Answers (4)

Posted by: VikingLoki 19 years ago
Second Degree Brown Belt
0
Turn on security auditing for all security access failures (i.e. access denied). Perform the desired action, then check the Security Event Log. That will tell you exactly what action is being denied access. From there you can create a local security policy to permit the resetting of the card, at a granular level, for regular users. You may need to go through this process several times until you are sucessful if there are multiple items that will be denied access in this process.

To prepare you, though, since you are dealing with hardware you will probably have a more difficult time as opposed to simple file/registry security blocks. You may find that it attempts to do things prohibited in a global policy.
Posted by: ST170SP1 19 years ago
Senior Yellow Belt
0
Have you tried advertising the utility via SMS so that the end user selects it as if they were installing an application? If the job is set to run as SYSTEM it should be able to re-initialize the hardware.

You could also create a sufficiently privileged service that look for the existence of a ‘trigger file’ within an area of the disk that the user can write to. Once is ‘sees’ the file it runs the utility.

That’s all I can think of other that identifying the minimal account level i.e. POWERUSERS and perform a RUNAS or SU action that spawns off and runs the utility. However you would have to secure the Password and userID within the wrapper somehow (and be able to maintain it) – could be run from a network resource to overcome the maintenance issues although secutity issues still remain.

Good Luck,

JamesT
Posted by: Francoisracine 19 years ago
Third Degree Blue Belt
0
Usually, what I do is plug the PNP device and when the OS is asking for admin rights, I cancel the installation. Then I send the SMS package and the setup will completely install the device because SMS has full admin rights.
Posted by: MSIMaker 19 years ago
2nd Degree Black Belt
0
If you want to repackage it then try using the PNP Driver Installation Template listed in a sticky at the top of the forum. This template installs it to the machine and doesn't need user rights at all.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ