Re: Running advertisment with Software Installation Account only works when user logged off?

From: John Pickett (jpickett_at_acs.utah.edu)
Date: 09/30/04 

Date: Thu, 30 Sep 2004 13:23:13 -0600

Nevermind. Pathetic really. According to MS in a thread titled, "Use of
Advanced Client Network Access Account" posted 9/29/04 at about 6:50AM, SMS
2003 will not allow you to utilize network resources in programs run with
the advanced client. WTH?

"John Pickett" <jpickett@acs.utah.edu> wrote in message
news:%23mPhq7xpEHA.1160@tk2msftngp13.phx.gbl...
> I've been doing a lot of reading and I found one statement that is
> particularly troubling to me. From this page:
>
> Security Frequently Asked Questions:
> http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/tfaq12.mspx
>
> The question:
> What does the Advanced Client Network Access Account do? (Added August 31,
> 2004)
>
> says, "Unlike the Legacy Client Software Installation account, the
> Advanced Client Network Access account is not used when an advertised
> program needs to access a shared folder on a server other than the
> distribution point."
>
> My question is how DO you allow an advertised program access to a shared
> folder on a server other than the distribution point?
>
> John
>
> "John Pickett" <jpickett@acs.utah.edu> wrote in message
> news:%238PVYBxpEHA.644@tk2msftngp13.phx.gbl...
>> Shehzad,
>>
>> Thanks for your reply. I re-read the help file and I noticed it does
>> refer to the legacy client with regards to the Software Installation
>> account, I just didn't think it was exclusive. Thanks for the
>> clarification.
>>
>> I'm not sure how to answer your first question though. Basically, as I
>> understand it, the system context has no access to network resources.
>> I've read this in several locations and my own testing seems to verify
>> this. Basically if I run my VB application as a normal user it works
>> fine, however if I run it through SMS (which runs it as SYSTEM user) it
>> can't see any network resources.
>>
>> The help file indicates selecting 'Run with administrative rights' will
>> force "the program to run under the local Administrator account on the
>> client computer". Unfortunately I don't observe this as it is running my
>> program as SYSTEM, which acts AFAIK as a non-networked administrative
>> account. Both computer and user I would like to run the program as are
>> in AD. Of course, if it wants to run as a local admin, I don't have that
>> defined anywhere, I use our domain admin wherever it asks (ie. Legacy
>> Client Software Installation Account or Advanced Client Network Access
>> Account). Should I change either of these to simply be 'administrator'?
>>
>> When I said I'm trying to run scripts, that was somewhat of a
>> simplification of the issue. We're actually trying to setup PeopleSoft
>> environments (about 10-12) each of which are several gig's. I could
>> easily place the initial application we are trying to run on a DP, but it
>> would still need access to the rest of the files. Either way, SMS should
>> allow network access I think?
>
>

Relevant Pages
Loading