Re: Advanced Client Installations on Restricted W2K machines

From: Stan White [MS] (stanwh_at_microsoft.com)
Date: 11/17/04 

Date: Wed, 17 Nov 2004 15:24:15 -0800

If you are looking for the basics:
Add the group policy snap in to MMC then choose default domain policy.
Computer Configuration - Software Settings - Software Installation
Add a new package from the start menu and it will ask for an MSI.

Please be aware of two things:
Don't patch an admin image, it's a really complex maintenance challenge and
you don't want to go there.
To apply updates (client.msp) you will need a local client.msi source on the
client and will need to re-direct the source file resolution to that source.
(Or the original unaltered client.MSI will need to be available on the
original share it was installed from )

We highly recommend using ccmsetup instead but it seems that will not work
well with your plans. 

-- 
-- 
Stan [MSFT]
--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--
--
"Jon Yonke" <JonYonke@discussions.microsoft.com> wrote in message 
news:1F31B0A4-FBCB-4960-8EB8-C27B7E47E540@microsoft.com...
> Very helpful posts from both you and Stan.  I like the group policy option 
> as
> this is something I can turn off and on at will.  However, I can't seam to
> find the right "key" in group policies to do this.  I know this isn't the
> right place to ask group policy question, but would you happen to know 
> where
> I need to go?  (We are running W2003 standard server with a Windows 2003
> Active Directory, all workstations are Windows 2000, at least sp3).
>
> Thanks,
>
> Jon
>
> "JP" wrote:
>
>> Jon,
>>
>> For SMS client deployment you've got 2 issues.  First, how to get it out 
>> to
>> all the clients already deployed.  Second, how to get it out to new 
>> computers
>> going forward.  The easiest way to get it out to existing clients is the 
>> push
>> installation method.  I would suggest that you turn on file/print sharing 
>> for
>> a brief period, maybe a day or two and let SMS push the client out.  Then
>> turn off file/print sharing.  You could do this via group policy.  This 
>> would
>> be the easiest thing by far.
>>
>> The alternative is to get utilize a login script that allows a non-admin
>> user to launch the SMS client installation as an administrative user.  I 
>> just
>> did a similar thing for a client who is deploying XP SP2 via CD.  I used 
>> the
>> AutoIT scripting tool from www.hiddensoft.com.  It is an open source 
>> program
>> and it is really powerful and yet simple to use.  The reason I use this 
>> is
>> that scripts can be created in Notepad and then compiled into an EXE so 
>> users
>> never see the administrative account and password you are using.  If you 
>> use
>> the RunAsSet command you can enter an alternative username and password 
>> under
>> which the SMS client can be installed.
>>
>> If the only reason for disabling file and print sharing is to reduce 
>> clutter
>> in Network Neighborhood, the same thing can be accomplished by modifying 
>> a
>> registry setting.  Here is a link that describes how to do this.  I've
>> implemented it via group policy in the past.
>>
>> http://www.winguides.com/registry/display.php/58/
>>
>> JP
>>
>>
>> "Jon Yonke" wrote:
>>
>> > I finally figured out why half of my 220 W2KPro client machines have 
>> > not
>> > installed the SMS advanced client, they don't have file and print 
>> > sharing
>> > enabled.
>> >
>> > Here is my dilemma:
>> >
>> > We have group policies setup so only Domain Admins or Computer
>> > Administrators can install software to help us maintain appropriate
>> > licensing.  Also our images have file and print sharing disabled to 
>> > reduce
>> > clutter in Network Neighborhood (although half of our images got out 
>> > with
>> > file and print sharing enabled, which in this case is fortunate). 
>> > Neither of
>> > those restrictions is going to change.
>> >
>> > I can put our domain users in an administrative group on the Domain 
>> > side of
>> > the equation and install the SMS client via login scripts, but I do not 
>> > to
>> > allow my users access to install programs even for a minute, unless I 
>> > can
>> > "supervise" the installation.
>> >
>> > I can't "Push" the SMS client out because there is no administrative 
>> > share
>> > to attach to, and I certainly can't go to each machine and install the 
>> > SMS
>> > client (with any kind of acceptable efficiency that is).
>> >
>> > The question is: How can I install the remainder of my clients without
>> > changing "security" settings or sitting down at each machine?
>> >
>> > Thanks for listening,
>> >
>> > Jon Yonke
>> >
>> >
>> >

Relevant Pages

  • RE: Install printers to groups of users or computers by using Group Policy
    ... I understand that you want to install share ... printer on clients by SBS Group Policy. ... Based on my research, in SBS 2003 environment, the client printer is ...
    (microsoft.public.windows.server.sbs)
  • RE: Advanced Client Installations on Restricted W2K machines
    ... I like the group policy option as ... maybe a day or two and let SMS push the client out. ... > user to launch the SMS client installation as an administrative user. ... >> the equation and install the SMS client via login scripts, ...
    (microsoft.public.sms.admin)
  • Re: Installing clients SCCM 2007
    ... For example i manualy comand to install client to the IGORS machine. ... ---> Trying each entry in the SMS Client Remote Installation account list~ ... <![LOG[Select first cert flag is set, ...
    (microsoft.public.sms.admin)
  • RE: CLIENT PUSH INSTALLATION PROBLEM
    ... wanted to do that was simply install the SMS client in the rest of machines. ...
    (microsoft.public.sms.admin)
  • Re: Question about "Install Flag"
    ... machine on my domain recieved the sms client successfully on the first run. ... everyday(to make sure that all clients are up at the discovery time). ... 3.activated SQL maintainance task "Clear Install flag" to clear install flag ...
    (microsoft.public.sms.admin)