Hello,

I'd like to use KACE to install software to Windows 7 machines without disabling User Account Control.  Is this possible?  I have scripts written in KACE that install Adobe, install Quicktime, etc.  These work on Windows XP, but fail on 7.  If I disable UAC on 7, they work.

We migrated from Altiris to KACE, and Altiris was able to do this without disabling UAC.

I've been searching the forums and most people have been saying UAC must be turned off.

 

I found a workaround that disables a registry setting for UAC.  This was mentioned here in an article written by KACE employees:  http://www.kace.com/~/media/Files/Support/KACE-Konference/2012/2012_K2000-%20PostInstall%20Troubleshooting.ashx

"Disable User Account Control (UAC) or UAC prompting for admins 

– This can be done in the unattend file or as a postinstall task (no reboot 

required) 

› reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v 

ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f"

 

I wrote the following install that disables UAC, tries to install Adobe, then reenables UAC:

 

Task 1

Attempts:
On Failure: Break Continue

Verify

  1. Verify that “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System!ConsentPromptBehaviorAdmin” exists.

On Success

  1. Set “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System!ConsentPromptBehaviorAdmin” to “0x00000000”.
  2. Launch “SYS\cmd.exe” with params “ping loopback -n 60”.
  3. Install “Adobe Acrobat X Pro” with arguments “start /wait setup.exe”.
  4. Launch “SYS\cmd.exe” with params “ping loopback -n 300”.
  5. Set “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System!ConsentPromptBehaviorAdmin” to “0x00000005”.
  6. Launch “SYS\cmd.exe” with params “ping loopback -n 60”.
  7. Log “Adobe Acrobat X Pro install command issued successfully.” to “status”.

Remediation

  1. Install “Adobe Acrobat X Pro” with arguments “start /wait setup.exe”.
  2. Log “Adobe Acrobat X Pro install command issued successfully.” to “status”.

On Remediation Success

On Remediation Failure

 

 

If I run each of these 3 steps as seperate scripts, it works.  If I try to chain them all together however, it fails.  I stuck the ping commands in there to try and make it wait.  It does not work.

How should I be installing software on machines with UAC enabled?  How do I make a script wait for the next command instead of trying to run them all at once?

 

 

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

1

We run our install scripts as the SYSTEM user, hasn't prompted us for UAC once:

Answered 02/14/2013 by: nheyne
Red Belt

  • This does not work for us. When I try to run it as local system it fails
    • What happens if you switch to "run as user" and supply a local or network admin account?
  • If I do that with a network admin account, it fails with UAC on. If I do that with UAC turned off it works. If I run it on XP like that it works.
    • Fails or the UAC prompts and installs correctly?
  • Fails. No UAC prompt pops up at all if I run it with a domain admin account and enable UAC. If I disable UAC and run it again like that it works.
Please log in to comment
1

This does not work for us.  When I try to run it as local system it fails.

Answered 02/14/2013 by: edwimb
Third Degree Blue Belt

  • Installing Adobe shouldn't fail when running as SYSTEM. Maybe there's an issue in your script? Have you tried running this through a managed install? What steps are you taking on your Kace script?
  • I just took screenshots of the entire thing and posted it. It does not work for Windows 7 running as system. We tried it just now with a user logged in without admin rights. We are trying it again with no one logged on to the machine.
  • We are using the run now tab inside of KACE to run these.
  • Running it as system without anyone logged in also failed.
Please log in to comment
1

Answered 02/14/2013 by: edwimb
Third Degree Blue Belt

  • I'm guessing that you have all the files zipped and uploaded to Kace? So your just calling this install using Kace. Does your setup.exe run when manually installed on a Win 7 box?

    I would highly recommend creating a MI for this. The way your script is currently setup it would always try to install. If you add a VERIFY step that checked if a file existed (C:\program files\adobe\some_file.exe), then on Remediation run your install. That way it will not run on a machine that already has it.
  • I don't really care about installing it on a machine that already has it right now. Yes I have the files zipped and uploaded to KACE. Remember this works in KACE if I do it with an administrator account and disable UAC.
    • That's strange. If it works with UAC off, it should also work with it on and you clicking yes. I've never heard of the UAC failing to let an app install if you allow it to run. That sounds like a fun one.
  • When you turn on UAC, and you then try to deploy software to that machine remotely using administrative credentials, UAC will never prompt the logged on user with a pop up box. It doesn't work that way.
  • I also highly recommend using managed installs for application deployment. The main drawback is not being able to schedule as with scripts, but the benefits outweigh this drawback.

    For the record, all of my Win7 machines have UAC turned on and the managed installs push apps to them with no problem - hence my recommendation.

    John
Please log in to comment
This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.

This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.

0

Does anyone have a solution to this?  Is there a way for KACE to deploy software to a Windows 7 machine with UAC enabled?

Answered 02/15/2013 by: edwimb
Third Degree Blue Belt

  • All of my software deploys on both Win 7 x86 and x64 with UAC enabled without a prompt. You might want to contact support. Since it looks like you are having bigger issues with your Kbox.
Please log in to comment
0

The "solution" is to use managed installs.  I use these with my UAC-enabled Win7 clients with no issues whatsoever.  In my experience, scripts just aren't as resilient for application installs (and definitely not as easy to track and check status).

John

Answered 02/15/2013 by: jverbosk
Red Belt

  • Hi John. FYI I have followed your guide on the KACE helpdesk and you helped me out a lot in setting it up. Thank you.

    I initially went with the distribution tab and my deskside guys hated it. They hated the fact that someone would call, ask for a piece of software, and then to install it they had to edit the distribution to include their machine, find their machine and force the inventory, then wait and hope it worked sometime soon. The managed installs just seemed to take forever. I also didn't like how on the managed installs I had to grant them full access to the script in order to edit who got it.

    With scripting I just grant them access to the run now tab while making the scripts read only. That way they can run them but can't change them. Scripting also seems to work instantly.

    Someone with Dell support advised us to use scripting instead of managed installs a few months back, after I had set up everything in managed installs.
  • I just tested this using the distribution tab and it did work going to a Windows 7 machine with UAC enabled John. At least I have some sort of a solution now, no thanks to dell support... I would really prefer to use the scripting tab however. I don't understand why the exact same script installing the same thing to the same machine fails when run as a script but works when done as a distribution.
Please log in to comment
0

The "solution" is to use managed installs for deploying applications.  I use these with my UAC-enabled Win7 clients with no issues whatsoever.  In my experience, scripts just aren't as resilient for application installs (and definitely not as easy to track and check status).

John

Answered 02/15/2013 by: jverbosk
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja

Share