I've got the follwing problem;

During the unattended installation of the machine I install Windows Messenger and Office Communicator 2005. I also set NTFS permissions to C:\Program files\Microsoft Communicator (RXWD) for the corresponding AD security group.
The MSI installation of communicator is "out-of-the-box" with a custom pre and post MSI for some reg settings en security. The communicator.msi is a machine install.

What's happening; When a user (NOT member of the security group) logs on to the machine and starts for example Acrobat Reader 7. The Self Healing feature kicks in. Wants to repair the communicator install because the communicator.exe is not accesable. And voila, a nice loop. I have tried to remove the corresponding keypaths in de MSI but when I do that Communicator doesn't start at all.

I can solve this issue by giving users read permissions to the dir, but a rather don't

Anyone an idea how to solve this?
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Solved the problem by setting ONLY read permissions voor de domain users on de directory and files.
In this way Windows Installer can see the executable staan so the self healing won't kick in.
But the users cannot execute the files.

Not the best method, but is works for me!
Answered 09/15/2005 by: subsense
Purple Belt

Please log in to comment
0
Why not restrict users from running communicator.exe through GPO?
Or, use NTFS permission "traverse folder / execute file" on the communicator.exe?
Answered 09/15/2005 by: revizor
Third Degree Blue Belt

Please log in to comment
0
Couldn't find a ADM for Office Communicator. Is there one? Or just setting NTFS permissions with GPO?
We don't set NTFS security with GPO, takes way to long to "applying computer settings" if we set to many permissions.

What I can do is making an extra GPO with a restrictiong for Communicator.exe for a certain group. But I rather don't want to use yet an extra GPO. We like to keep it flat and simple.
Answered 09/20/2005 by: subsense
Purple Belt

Please log in to comment
0
Subsense,
I'd like to dissuade you from going your route - say, you need to make a minor modification into ACL on communicator. You might have to redeploy the entire package. With GPO (NTFS permissions or restrict run), you can apply ACLs independently.
Answered 09/20/2005 by: revizor
Third Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity