RE: Assigning an application
From: Dennam (Dennam_at_discussions.microsoft.com)
Date: 02/17/05
- Next message: news: "preconfigure vpn client for our homeuser"
- Previous message: John M: "Re: User.dmp"
- In reply to: Dennam: "Assigning an application"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 17 Feb 2005 14:31:07 -0800
Give the share authenticated user access so the computer can access the .msi.
Startup scripts are machine specific and run before a user logs on. As a
result they run in the context of the localSystem account on a computer. As
localSystem, they have privilege to do just about anything on a Windows
system. If a startup script needs to access network resources (e.g. a server
share) however, localSystem will not work. Given that, Group Policy will
change the security context of the script to that of the machine's computer
account, which is a valid AD user (e.g. a machine named WorkstationA will
have an account in AD called WorkstationA$--this account is hidden, but is
represented by the computer object when you are viewing an AD domain). The
machine account, just like any other user account in AD, is a member of the
Authenticated Users and can thus access any network resources that a member
of this group can. So, if you have a startup script that needs to access
server resources, make sure that the computer's machine account has
permissions to access those resources.
"Dennam" wrote:
> When I publish an application to User Configuration, users under the OU can
> see the app under Add/Remove. However, I when I assign an app (whether
> under U.C or Computer Config.), the program does not auto install.
>
>
> I may be off in my thinking, but if you assign an application, won't it
> automatically install (without requiring user intervention)? Thanks for any
> help!
>
- Next message: news: "preconfigure vpn client for our homeuser"
- Previous message: John M: "Re: User.dmp"
- In reply to: Dennam: "Assigning an application"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
