Hi All,
Can anyone pls advise me:
I have created a script that is used to install a card for a telephone system. What happens is that the drivers is installed with the package but when the user logs on, PnP launches and you need admin rights to install the hardware (although the card is already picked up in device manager). I have managed to get our support guys to go and do this manually, as it is a once off thing.

If the card hangs, there is a utility that is run to re-initialize the card. U need admin rights to do this. This is a big no-no here. Is there a way I can bypass this.

Wise Package Studio 5.0
Windows XP SP2 machines
Deployment , via SMS 2003 or RIS (I can use either as it is a seperate build).

Any advice
Pls help
0 Comments   [ + ] Show Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.


Turn on security auditing for all security access failures (i.e. access denied). Perform the desired action, then check the Security Event Log. That will tell you exactly what action is being denied access. From there you can create a local security policy to permit the resetting of the card, at a granular level, for regular users. You may need to go through this process several times until you are sucessful if there are multiple items that will be denied access in this process.

To prepare you, though, since you are dealing with hardware you will probably have a more difficult time as opposed to simple file/registry security blocks. You may find that it attempts to do things prohibited in a global policy.
Answered 01/04/2005 by: VikingLoki
Second Degree Brown Belt

Please log in to comment
Have you tried advertising the utility via SMS so that the end user selects it as if they were installing an application? If the job is set to run as SYSTEM it should be able to re-initialize the hardware.

You could also create a sufficiently privileged service that look for the existence of a ‘trigger file’ within an area of the disk that the user can write to. Once is ‘sees’ the file it runs the utility.

That’s all I can think of other that identifying the minimal account level i.e. POWERUSERS and perform a RUNAS or SU action that spawns off and runs the utility. However you would have to secure the Password and userID within the wrapper somehow (and be able to maintain it) – could be run from a network resource to overcome the maintenance issues although secutity issues still remain.

Good Luck,

Answered 01/04/2005 by: ST170SP1
Senior Yellow Belt

Please log in to comment
Usually, what I do is plug the PNP device and when the OS is asking for admin rights, I cancel the installation. Then I send the SMS package and the setup will completely install the device because SMS has full admin rights.
Answered 01/04/2005 by: Francoisracine
Third Degree Blue Belt

Please log in to comment
If you want to repackage it then try using the PNP Driver Installation Template listed in a sticky at the top of the forum. This template installs it to the machine and doesn't need user rights at all.
Answered 01/07/2005 by: MSIMaker
Second Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity