Software Deployment

Have you tryed the (DIFxApp) funktion in wise?

http://www.wise.com/KBArticle.aspx?articleno=2162&keywords=device+driver+msi

/Bigge

Hi Dub:

I assume that you are first installing the drivers on admin's context and when you login as a locked down user it asks you to reinstall the same. Am I going right? do let me know.

This template is also the default for Device Driver template in Wise Package Studio 5.5, (which only works with one .inf file btw)

So i tried it yes.

I install it initially as the local administrator (also did it with sms). Files are being copied to the driver repository. Once the user login and connects the USB printer, it wants to copy and install the files as a new device. As admin this goes right. But the lockdown user gets a login box that an administrator needs to install this.
I don't want this.

Hi dub:

Since it's a locked down environment and the users do not have local admin rights , I would ask you to add a registry to your current msi that will give the user elevated privileges just add the following reg key to your package.

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer

KeyName: AlwaysInstallElevated

Value: 1

Just set these keys and your installation would run in admin context , so it would not ask you to login as an admin for a lock down user.

In case you require more help do let us know.

Nope I tried this now but still it asks for a admin account. Any idea why it is like this.
If fill in the administrator name and password. Printer works. If i then connect the printer in another USB port it again asks for the admin.

Problem is still there....

Tnks
Satish

Hi Dub:

I believe your GPO settings are overriding the elevated priviliges key , that's why the application is asking for the admin account and password. If you could ask your sys admin whether he has this option that will override the elevated privileges then we need to think of something else.

Moreover you could also edit this property in your MSI along with the registry keys mentioned above:

ALLUSERS=2

either you can hardcode this value in your msi in the properties section or pass it as a command line parameter to your msi:

msiexec.exe /i c:\abc.msi ALLUSERS=2

This would run the msi in system/machine context rather than user's context. If your GPO is allowed to give elevated rights to machine/system then the above should work.

Do let me know

Nope not working. Tried ALLUSERS=1 ALLUSERS=2
In XP the default localmachine policy is that only PowerUsers and Admins have rights to install new hardware.
The ideal situation is that an users only can plug in a device assigned by us. So that only for this instance they can install new hardware and drivers are installed by the package. That's it.

It seems that not everything can be solved with packages. Or am i wrong?

Satish

We had exactly the same problem with ActiveSync and our company's new phone from Orange. In the end we had to get the user to log a helpdesk call when they where ready to activate the phone connection to the pc and the Active sync software had already been installed remotely. Helpdesk would add them to the local pc admin group via dameware. User logs out and in to pick up new priviledges, plug phone in - it can now install USB drivers. Helpdesk remove user from admin group, user logs out and back in so admin rights are removed. Not a great solution but effective and straight forward.