Re: Published install works for one user but fails for another. Both have same rights
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 09/28/04
- Next message: Cary Shultz [A.D. MVP]: "Re: GPO controlled user not able to access internet?"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Tracking Websites with GP?"
- In reply to: Steve Stormont: "Published install works for one user but fails for another. Both have same rights"
- Next in thread: Steve Stormont: "Re: Published install works for one user but fails for another. Both have same rights"
- Reply: Steve Stormont: "Re: Published install works for one user but fails for another. Both have same rights"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Sep 2004 10:23:11 -0400
Steve,
I am not sure that you are trying to deploy this application via GPO. Not
sure what your first sentence means.
Anyway, here is a quick rundown on what you need to do to publish or assign
software via GPO:
1) you need to typically do an Administrative Installation ( not always the
case, though ). I typically create a folder called APPLICATIONS and then
create shared folders inside that. So, I would have Office 2000 ( shared as
OFF2K$ ) and Office XP ( shared as OFFXP$ ) and Office 2003 ( shared as
OFF2K3$ ), Adobe Reader 601 ( shared as ADOBE601$ ) and the like.
2) on the shared folder I like to assign as few permissions as possible (
again, this is a general suggestion ). I like to give Administrators Full
Control on both the Share and NTFS permissions and then either Domain Users
or Domain Computers ( depending if assigned to the user or computer
configuration side of things ) Read on both the Share and NTFS permissions.
3) create the GPO, which usually means creating the Organizational Unit and
then moving either the user account objects or computer account objects to
that OU, right clicking that OU and creating a GPO. Give it a friendly
name, go in and disable it ( so that part of the GPO is not processed during
the 'background processing' process ) and then edit it ( well, that is what
it technically is as we pretty much created an empty GPO. We are now
filling it in! ). One of the big things is that you have to use the UNC
method when telling AD about the location of the .msi file. So, you would
use \\servername\sharename\file.msi instead of a mapped network drive.
Users typically do not need to be a member of the local Administrators group
when software is assigned / published.
What troubleshooting have you done? Have you looked at GPOTool? Have you
looked at GPRESULT?
HTH,
Cary
"Steve Stormont" <s.stormont@verizon.net> wrote in message
news:e12WmMNpEHA.3396@tk2msftngp13.phx.gbl...
> I used my administrator account to publish a software installation
> package (ArcGIS Desktop which uses a MSI file) to our Windows 2000 Native
> mode domain. Security for this package is:
>
> Authenticated Users = Read (Allow)
> Creator Owner = Read, Write (Allow)
> Domain Admins = Full Control, Read, Write (Allow)
> Enterprise Admins = Read, Write (Allow)
> System = Full Control, Read, Write (Allow)
>
> NTFS Permissions for the folder/files on the network where the
> installation is located are:
>
> Domain Admins = Full Control (Allow)
> Domain Users = Read & Execute, List Folder Contents, Read (Allow)
> My user account (not admin account) = Full Control (Allow)
> Another specified user = Full Control (Allow)
>
> There are no "Deny" permissions specified anywhere. The owner of the
> policy and the Folder/Files is "Domain Adminstrators"
>
> If a member of the Domain Users group tries to install the package,
they
> get the error: "The system cannot find the file specified." So I thought
> maybe they needed more than the limited permissions given to them by that
> group, so I specified a user and gave them Full Control on the
> folders/files. That specified user got the same error. But if I log on
> with my non-admin account to any PC on which the installation has failed
for
> a user, I can install that same package fine, so the policy does see it.
> This error happens on multiple machines, but other published packages
> install fine.
>
> If you look at Event Viewer when the error comes up, the message that
is
> listed is:
>
> Source: Application Management
> Category: None
> Type: Error
> Event ID: 101
> Description: The assignment of application ArcGIS Desktop from policy
> Default Domain Policy failed. The error was The system cannot find the
file
> specified. .
>
> Each user does have administrative privileges on their desktop.
Why
> can I install it, when a user with the same permissions cannot?
>
> Steve
>
>
- Next message: Cary Shultz [A.D. MVP]: "Re: GPO controlled user not able to access internet?"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Tracking Websites with GP?"
- In reply to: Steve Stormont: "Published install works for one user but fails for another. Both have same rights"
- Next in thread: Steve Stormont: "Re: Published install works for one user but fails for another. Both have same rights"
- Reply: Steve Stormont: "Re: Published install works for one user but fails for another. Both have same rights"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
