Re: unable to installed software. No rights

• Previous message: Jim Chronis: "Security Updates Problem"
• Maybe in reply to: Susan: "unable to installed software. No rights"
• Next in thread: Shehzad Khoja [MSFT]: "Re: unable to installed software. No rights"
• Messages sorted by: [ date ] [ thread ]

Date: Sat, 18 Dec 2004 12:53:50 -0800

If the default is 60 minutes then this means that machine policy will be
polled every 60 minutes regardless if a user is logged on or not. However,
if someone is not logged in then user policies will not be requested. User
policies are policies when you create an advertisement and target it to a
collection whose members are users or user groups and not machines.

For your second question I am not sure when you want to distribute your
application.

If you want to distribute your application only when a user is logged on
then you have an option to specify to run the program in logged on user's
context or in system context. If users in your environment don't have rights
to install your application then you probably should go with selecting run
in admin context. User interaction check-box only comes into picture if you
are running program in admin context and you want user to see installation
progress or give input to any dialog box messages. Remember that this is a
security risk that is why by default SMS doesn't allow this. If you want to
get more information about security implication then it is commonly known as
'Shatter Attack'.

On other hand, if you want your application to be installed regardless if
someone is logged in or not, then you should select to run weather or not a
user is logged on and run with Admin rights.

Use software installation account setting is only for SMS Legacy clients and
this checkbox doesn't make any difference on SMS Advanced client.

Does this answer your question?

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"Owen Heart" <owen_heart73@yahoo.com> wrote in message 
news:cq1fra$r6h$1@reader01.singnet.com.sg...
> Hi Shehzad,
>
> May I ask you if the default is 60 minutes, then does it means that client
> will poll for policy 60 minutes later? Then what does it mean whether or 
> not
> user is logged on? Can I say that even if the user is logged on the policy
> will only poll 60 minutes later?
>
> In addition,  Let say u want to distribute a acrobat reader (acrobat.exe)
> and when Domain user login in(no administrative rights),  what opion will
> you select under the run mode
>
> a) Run administrative rights
> b) Use software Installation Account
> c) Allow users to interface with this program.  - Since user have no local
> rights- this is not possible.
>
> Thanks.
>
>
>
>
> "Shehzad Khoja [MSFT]" <srkhoja@online.microsoft.com> wrote in message
> news:OrFSUB94EHA.3648@TK2MSFTNGP11.phx.gbl...
>> Hi Susan
>>
>> In Advertised Program Client Agent settings there is a settings which
>> indicates how often clients should poll MP for new\updated policies. This
> is
>> set to 60 minutes by default. If you don't want to wait for 60 minutes
> then
>> you might want to reduce this down to something more frequent. But you
>> should understand that this will generate more nextwork traffic and if 
>> you
>> are over slow links then how does this affect your organization.
>>
>> As for you other question, you should look at what time client got the
>> advertisement? Again, ExecMgr.log will give you this information. Also
> same
>> log will give you information as why program didn't run for 2 hours. 
>> There
>> can be several things why this could happen:
>> 1 - Package contents are not on DP.
>> 2 - Client didn't get policy until 16:00
>> 3 - User environment condition was not met...
>> 4 - Client was considered roaming until 16:00...
>>
>> List goes on ... however, ExecMgr.log is the best place to look as why 
>> was
>> this delay. You can simply look at the reports as see when did client get
>> the policy and after how long it ran the program and why it did take that
>> long. If you find out that there are issues with client finding the
> content
>> then CAS.log, LocationServices.log and DataTransferService.log will be
>> intresting to look at as well.
>>
>> If you are not familiar with client logs then please zip these logs and
> post
>> them to the group.
>>
>> -- 
>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>>
>>
>> "Susan" <Susan@hotmail.com> wrote in message
>> news:cprcrt$jct$1@reader01.singnet.com.sg...
>> >
>> > Hi,
>> >
>> > I encounterd the following on all machine. I'm running sms 2003 with
> sp1.
>> > The application run but when it was executed the following occur
>> >
>> > "This version of symantec antirius require elevated prileges in order 
>> > to
>> > install. Please log in as an administrator or contact your network
>> > administrator for help."
>> >
>> > The package account given is  Asia\Domain User
>> >
>> > I have specify the Domain administrator in the Network access account.
>> > All
>> > user do not have local administrator rights on their machine. They are
>> > Domain user.
>> >
>> > In the package, i have select when user log in,   administrative
> prileges
>> > and allow to interact was checked.  Despite i have select the time to
> run
>> > the  advertisment, some of the application did not run as expected for
>> > example, if i schedule the application at 14:00, it did not run even i
>> > have
>> > waited for 2 hrs. I do not want the advisertisent to run as soon as
>> > possible
>> >
>> > When will the client pull down the policy despite that i have restart
> the
>> > machine a few time?  Since some the machine is at remote site, i can't
> go
>> > to
>> > every machine to initiate action on Machine Policy Retrieval &
> Evaluation
>> > Cycle.
>> >
>> > Thanks.
>> >
>> >
>>
>>
>
> 

• Previous message: Jim Chronis: "Security Updates Problem"
• Maybe in reply to: Susan: "unable to installed software. No rights"
• Next in thread: Shehzad Khoja [MSFT]: "Re: unable to installed software. No rights"
• Messages sorted by: [ date ] [ thread ]