/build/static/layout/Breadcrumb_cap_w.png

RUNAS administrator..

Anyone know what level of authorization the application post installers have? Does KACE make them have runas admin or something or what?

I'm trying to install a VPN client which requires a trusted certificate to be installed prior to installing the app so it does not prompt the user to 'trust' the certificate during silent install. I'm using the following script in a 'application' post installer which will in theory install the certificate into the truststore prior to the application actually being installed so the driver certificate is already trusted.

My post installer is running:

start /wait certutil -addstore "TrustedPublisher" nortelvpncert.cer

However, it is failing to work . After this post install task I have the actuall install:

start /wait NortelVPNClient.msi /qb

however it is not working... Not sure if the trust store install is causing it to fail or the actual MSI as it hangs during the MSI install

0 Comments   [ + ] Show comments

Answers (8)

Posted by: airwolf 13 years ago
Red Belt
0
Everything is run under the Administrator account created during Windows setup (which is the account set for auto-login for post-install).
Posted by: dchristian 13 years ago
Red Belt
0
vtphilk,

Does the certificate get installed?

If it does than you know its a problem with the MSI.

Also are you running this all at once or is it 2 separate tasks?

One more thought... i usually install certs my certs in a .p7b format (doubt it matters but just in case)
Posted by: vtphilk 13 years ago
Orange Senior Belt
0
Basically what I did was on a test machine installed the VPN client. When it asked to you want to trust I said "Always Trust". I then went to the certmgr.msc and exported the certificate from "Trusted Publishers" for the app to DER format.

Currently I have one post install application which I uploaded the exported DER file and run the certutil command. Then after that, I run the msi.

The certificate is NOT installed so I assume the problem is with certutil. I tried running (As the logged in admin) and found it needed a elevated command prompt to successfully import. So I'm trying to figure out howto get around this need for elevated command prompt or howto elevate the prompt the kace task runs from
Posted by: dchristian 13 years ago
Red Belt
0
After playing around with this i don't think its an issue with the UAC.

I ran through one of these with a pause at the end and it said the store wasn't created.

To force creation, try calling certutil with a -f.
certutil -f -addstore "TrustedPublisher" nortelvpncert.cer
Posted by: vtphilk 13 years ago
Orange Senior Belt
0
No joy on the -f. If I run the command in a normal command prompt I get:

"Administrator permissions are needed to use the selected options."

If i run the command prompt with 'runas admin' then it works fine.
Posted by: dchristian 13 years ago
Red Belt
0
hmmm...

This is what i use to install virtual clone drive.

I do it as one post install task in the K2.

The cert, installer and bat file are all zipped up.

I call the bat file as the command text.

Here are the contents of that installer bat.
certutil -f -addstore "TrustedPublisher" cert.cer
SetupVirtualCloneDrive5450.exe /S /noreboot


i wonder if anybody has any ideas on whats different...
Posted by: vtphilk 13 years ago
Orange Senior Belt
0
I am going to try and build a .bat and run in the .bat a certutil and then the MSI run line..

then in the post install task put :

start /wait installcontivity.bat

so that hopefully it will not try running any other installs because the contivity vpn really does not like other installs running in the background..

but this start /wait thing has not really been working for me..kace seems to just run more than one anyhow..
Posted by: cserrins 13 years ago
Red Belt
0
vtphilk,

You wouldn't run a start /wait on a .bat file, that only works on .exe's

you would call a bat file

call installcontivity.bat
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ