I'm probably going to get a lot of heat for this but how do I resume an installation after a reboot if the profile it ran from originally gets renamed. E.g. install ran under Administrator.. the account was renamed to NewAdministrator and then the PC is restarted and you logged in using NewAdministrator?

What I'm getting now is a message that indicates there is a pending install that ran under Administrator and it must run under that profile to continue the installation.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
just let it run...what's the problem?
Answered 02/23/2009 by: aogilmor
Ninth Degree Black Belt

Please log in to comment
0
Did you install as per-user or per-machine?
To get rid of the "pending install" just remove the below registry key.
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress
Answered 02/23/2009 by: AngelD
Red Belt

Please log in to comment
0
just let it run...what's the problem?I'm willing to bet that the package does the account rename, that's what!
Answered 02/24/2009 by: VBScab
Red Belt

Please log in to comment
0
VBScab is correct. A CA inside the package is renaming the account. After the account is renamed, the computer is forced to restart. Upon logging in, I'd like for the installation to resume but instead it displays a message that the installation ran under the original account (although I'm logging in with the same account, same SID.. just renamed). Any ideas?

AngelD - It is setup to run per-machine. I actually want it to continue the installation so I dont want to remove that key.
Answered 02/24/2009 by: jayteeo
Purple Belt

Please log in to comment
0
A CA inside the package is renaming the account.
ehm....why?
Answered 02/24/2009 by: AngelD
Red Belt

Please log in to comment
0
Most sites would rename the Administrator account as part of the build. Part of another installation is really the wrong place for that process.
Answered 02/24/2009 by: VBScab
Red Belt

Please log in to comment
0
Yeah but for what, false protection?
The RID will always stay the same so it would be a no brainer to find out the "real" built-in Administrator account through enumeration.
Answered 02/24/2009 by: AngelD
Red Belt

Please log in to comment
0
false protectionWell, in common with this type of thing, it's designed to keep out the casual/amateur hacker, the guy who's seen the default Administrator password on a Post-It note on a Helpdesk operator's screen. No-one pretends it would keep out the determined type.
Answered 02/24/2009 by: VBScab
Red Belt

Please log in to comment
0
ORIGINAL: VBScab
false protectionWell, in common with this type of thing, it's designed to keep out the casual/amateur hacker, the guy who's seen the default Administrator password on a Post-It note on a Helpdesk operator's screen. No-one pretends it would keep out the determined type.

interesting discussion. I don't pretend to be a security expert, but I was at one time product manager for antivirus at a large engineering co. and wrote "batch scripts" to update dat files (yeah I know it's weak but it worked). AV/security has come a long way, threats gotten more sophisticated, etc. I think key is redundant levels of protection, for example, your ISP and email provider probably have pretty decent security because it's in their interest to do so. But do you rely totally on them? No, probably not, you have your own virus protection as well as practicing safe computing.

I think we can agree that it's a bad practice to rename an account in an MSI package...that was something I never even considered. Jay should submit that to thedailywtf, for real!
Answered 02/24/2009 by: aogilmor
Ninth Degree Black Belt

Please log in to comment
0
Edit Group Policy:
Computer Configuration > Windows Settings > Local Policies > Security Options > Accounts: Rename administrator account
Problem solved
Answered 02/24/2009 by: revizor
Third Degree Blue Belt

Please log in to comment
0
Paul,

You just spoiled a nice security discussion, you bad boy [:D]


Ian,

We don't kneed to know the password anymore, we just need to "pass the hash" [;)]
Answered 02/24/2009 by: AngelD
Red Belt

Please log in to comment
0
ORIGINAL: aogilmor
I think we can agree that it's a bad practice to rename an account in an MSI package...that was something I never even considered. Jay should submit that to thedailywtf, for real!


It really is bizarre.
Answered 02/24/2009 by: reds4eva
Second Degree Blue Belt

Please log in to comment
0
1. What does it geto renamed to?
2. Server set up for WorkGroup at the time of the MSI's execution
Answered 02/24/2009 by: jayteeo
Purple Belt

Please log in to comment
0
2. Shouldn't matter as the rename will be handled when the client joins the domain
1. http://support.microsoft.com/kb/816109

Please do a little search before asking!
Answered 02/24/2009 by: AngelD
Red Belt

Please log in to comment
0
Please do a little search before asking!Tchya! Like, THAT'S ever gonna happen...
Answered 02/25/2009 by: VBScab
Red Belt

Please log in to comment
0
Well it does matter because we have requirements that machines are compliant before it joins the domain. I had skimmed through that KB but overlooked the line where the new name is specified :)
Answered 02/25/2009 by: jayteeo
Purple Belt

Please log in to comment
0
Still, there are local security policies you may want to engage in your case...
Answered 02/26/2009 by: revizor
Third Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity