Software Deployment

just let it run...what's the problem?

Did you install as per-user or per-machine?
To get rid of the "pending install" just remove the below registry key.
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress

just let it run...what's the problem?I'm willing to bet that the package does the account rename, that's what!

VBScab is correct. A CA inside the package is renaming the account. After the account is renamed, the computer is forced to restart. Upon logging in, I'd like for the installation to resume but instead it displays a message that the installation ran under the original account (although I'm logging in with the same account, same SID.. just renamed). Any ideas?

AngelD - It is setup to run per-machine. I actually want it to continue the installation so I dont want to remove that key.

A CA inside the package is renaming the account.
ehm....why?

Most sites would rename the Administrator account as part of the build. Part of another installation is really the wrong place for that process.

Yeah but for what, false protection?
The RID will always stay the same so it would be a no brainer to find out the "real" built-in Administrator account through enumeration.

false protectionWell, in common with this type of thing, it's designed to keep out the casual/amateur hacker, the guy who's seen the default Administrator password on a Post-It note on a Helpdesk operator's screen. No-one pretends it would keep out the determined type.

ORIGINAL: VBScab
false protectionWell, in common with this type of thing, it's designed to keep out the casual/amateur hacker, the guy who's seen the default Administrator password on a Post-It note on a Helpdesk operator's screen. No-one pretends it would keep out the determined type.

interesting discussion. I don't pretend to be a security expert, but I was at one time product manager for antivirus at a large engineering co. and wrote "batch scripts" to update dat files (yeah I know it's weak but it worked). AV/security has come a long way, threats gotten more sophisticated, etc. I think key is redundant levels of protection, for example, your ISP and email provider probably have pretty decent security because it's in their interest to do so. But do you rely totally on them? No, probably not, you have your own virus protection as well as practicing safe computing.

I think we can agree that it's a bad practice to rename an account in an MSI package...that was something I never even considered. Jay should submit that to thedailywtf, for real!

Edit Group Policy:
Computer Configuration > Windows Settings > Local Policies > Security Options > Accounts: Rename administrator account
Problem solved

Paul,

You just spoiled a nice security discussion, you bad boy [:D]


Ian,

We don't kneed to know the password anymore, we just need to "pass the hash" [;)]

ORIGINAL: aogilmor
I think we can agree that it's a bad practice to rename an account in an MSI package...that was something I never even considered. Jay should submit that to thedailywtf, for real!


It really is bizarre.

1. What does it geto renamed to?
2. Server set up for WorkGroup at the time of the MSI's execution

2. Shouldn't matter as the rename will be handled when the client joins the domain
1. http://support.microsoft.com/kb/816109

Please do a little search before asking!

Please do a little search before asking!Tchya! Like, THAT'S ever gonna happen...

Well it does matter because we have requirements that machines are compliant before it joins the domain. I had skimmed through that KB but overlooked the line where the new name is specified :)

Still, there are local security policies you may want to engage in your case...