RUNAS administrator..
Anyone know what level of authorization the application post installers have? Does KACE make them have runas admin or something or what?
I'm trying to install a VPN client which requires a trusted certificate to be installed prior to installing the app so it does not prompt the user to 'trust' the certificate during silent install. I'm using the following script in a 'application' post installer which will in theory install the certificate into the truststore prior to the application actually being installed so the driver certificate is already trusted.
My post installer is running:
start /wait certutil -addstore "TrustedPublisher" nortelvpncert.cer
However, it is failing to work . After this post install task I have the actuall install:
start /wait NortelVPNClient.msi /qb
however it is not working... Not sure if the trust store install is causing it to fail or the actual MSI as it hangs during the MSI install
I'm trying to install a VPN client which requires a trusted certificate to be installed prior to installing the app so it does not prompt the user to 'trust' the certificate during silent install. I'm using the following script in a 'application' post installer which will in theory install the certificate into the truststore prior to the application actually being installed so the driver certificate is already trusted.
My post installer is running:
start /wait certutil -addstore "TrustedPublisher" nortelvpncert.cer
However, it is failing to work . After this post install task I have the actuall install:
start /wait NortelVPNClient.msi /qb
however it is not working... Not sure if the trust store install is causing it to fail or the actual MSI as it hangs during the MSI install
0 Comments
[ + ] Show comments
Answers (8)
Please log in to answer
Posted by:
airwolf
13 years ago
Everything is run under the Administrator account created during Windows setup (which is the account set for auto-login for post-install).
Posted by:
dchristian
13 years ago
vtphilk,
Does the certificate get installed?
If it does than you know its a problem with the MSI.
Also are you running this all at once or is it 2 separate tasks?
One more thought... i usually install certs my certs in a .p7b format (doubt it matters but just in case)
Does the certificate get installed?
If it does than you know its a problem with the MSI.
Also are you running this all at once or is it 2 separate tasks?
One more thought... i usually install certs my certs in a .p7b format (doubt it matters but just in case)
Posted by:
vtphilk
13 years ago
Basically what I did was on a test machine installed the VPN client. When it asked to you want to trust I said "Always Trust". I then went to the certmgr.msc and exported the certificate from "Trusted Publishers" for the app to DER format.
Currently I have one post install application which I uploaded the exported DER file and run the certutil command. Then after that, I run the msi.
The certificate is NOT installed so I assume the problem is with certutil. I tried running (As the logged in admin) and found it needed a elevated command prompt to successfully import. So I'm trying to figure out howto get around this need for elevated command prompt or howto elevate the prompt the kace task runs from
Currently I have one post install application which I uploaded the exported DER file and run the certutil command. Then after that, I run the msi.
The certificate is NOT installed so I assume the problem is with certutil. I tried running (As the logged in admin) and found it needed a elevated command prompt to successfully import. So I'm trying to figure out howto get around this need for elevated command prompt or howto elevate the prompt the kace task runs from
Posted by:
dchristian
13 years ago
After playing around with this i don't think its an issue with the UAC.
I ran through one of these with a pause at the end and it said the store wasn't created.
To force creation, try calling certutil with a -f.
I ran through one of these with a pause at the end and it said the store wasn't created.
To force creation, try calling certutil with a -f.
certutil -f -addstore "TrustedPublisher" nortelvpncert.cer
Posted by:
vtphilk
13 years ago
No joy on the -f. If I run the command in a normal command prompt I get:
"Administrator permissions are needed to use the selected options."
If i run the command prompt with 'runas admin' then it works fine.
"Administrator permissions are needed to use the selected options."
If i run the command prompt with 'runas admin' then it works fine.
Posted by:
dchristian
13 years ago
hmmm...
This is what i use to install virtual clone drive.
I do it as one post install task in the K2.
The cert, installer and bat file are all zipped up.
I call the bat file as the command text.
Here are the contents of that installer bat.
i wonder if anybody has any ideas on whats different...
This is what i use to install virtual clone drive.
I do it as one post install task in the K2.
The cert, installer and bat file are all zipped up.
I call the bat file as the command text.
Here are the contents of that installer bat.
certutil -f -addstore "TrustedPublisher" cert.cer
SetupVirtualCloneDrive5450.exe /S /norebooti wonder if anybody has any ideas on whats different...
Posted by:
vtphilk
13 years ago
I am going to try and build a .bat and run in the .bat a certutil and then the MSI run line..
then in the post install task put :
start /wait installcontivity.bat
so that hopefully it will not try running any other installs because the contivity vpn really does not like other installs running in the background..
but this start /wait thing has not really been working for me..kace seems to just run more than one anyhow..
then in the post install task put :
start /wait installcontivity.bat
so that hopefully it will not try running any other installs because the contivity vpn really does not like other installs running in the background..
but this start /wait thing has not really been working for me..kace seems to just run more than one anyhow..
Posted by:
cserrins
13 years ago
vtphilk,
You wouldn't run a start /wait on a .bat file, that only works on .exe's
you would call a bat file
call installcontivity.bat
You wouldn't run a start /wait on a .bat file, that only works on .exe's
you would call a bat file
call installcontivity.bat
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.