/build/static/layout/Breadcrumb_cap_w.png

Problem: USB device driver package asks for local Admin

I have made packages with the WISE 5.5 device driver template and one described in the https://adelie.ucs.ed.ac.uk/dstwiki/index.php/device%20drivers article.
Both works fine in installing the drivers, but now the problem comes that once a User wants to connect the USB device (Dymo Label) it asks for an administrator to install the new hardware.

The PC's are locked down for the user with a policy in the AD. And they cannot see or write to the ROOT (C:) drive

How to solve this that once a user connects the usb kabel it automatically installs the drivers without asking for an admin.

Tnkx
Dubwize

0 Comments   [ + ] Show comments

Answers (8)

Posted by: Bigge 15 years ago
Senior Yellow Belt
0
Have you tryed the (DIFxApp) funktion in wise?

http://www.wise.com/KBArticle.aspx?articleno=2162&keywords=device+driver+msi

/Bigge
Posted by: wiseapp 15 years ago
Second Degree Green Belt
0
Hi Dub:

I assume that you are first installing the drivers on admin's context and when you login as a locked down user it asks you to reinstall the same. Am I going right? do let me know.
Posted by: dubwize 15 years ago
Senior Yellow Belt
0
This template is also the default for Device Driver template in Wise Package Studio 5.5, (which only works with one .inf file btw)

So i tried it yes.

I install it initially as the local administrator (also did it with sms). Files are being copied to the driver repository. Once the user login and connects the USB printer, it wants to copy and install the files as a new device. As admin this goes right. But the lockdown user gets a login box that an administrator needs to install this.
I don't want this.
Posted by: wiseapp 15 years ago
Second Degree Green Belt
0
Hi dub:

Since it's a locked down environment and the users do not have local admin rights , I would ask you to add a registry to your current msi that will give the user elevated privileges just add the following reg key to your package.

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer

KeyName: AlwaysInstallElevated

Value: 1

Just set these keys and your installation would run in admin context , so it would not ask you to login as an admin for a lock down user.

In case you require more help do let us know.
Posted by: dubwize 15 years ago
Senior Yellow Belt
0
Nope I tried this now but still it asks for a admin account. Any idea why it is like this.
If fill in the administrator name and password. Printer works. If i then connect the printer in another USB port it again asks for the admin.

Problem is still there....

Tnks
Satish
Posted by: wiseapp 15 years ago
Second Degree Green Belt
0
Hi Dub:

I believe your GPO settings are overriding the elevated priviliges key , that's why the application is asking for the admin account and password. If you could ask your sys admin whether he has this option that will override the elevated privileges then we need to think of something else.

Moreover you could also edit this property in your MSI along with the registry keys mentioned above:

ALLUSERS=2

either you can hardcode this value in your msi in the properties section or pass it as a command line parameter to your msi:

msiexec.exe /i c:\abc.msi ALLUSERS=2

This would run the msi in system/machine context rather than user's context. If your GPO is allowed to give elevated rights to machine/system then the above should work.

Do let me know
Posted by: dubwize 15 years ago
Senior Yellow Belt
0
Nope not working. Tried ALLUSERS=1 ALLUSERS=2
In XP the default localmachine policy is that only PowerUsers and Admins have rights to install new hardware.
The ideal situation is that an users only can plug in a device assigned by us. So that only for this instance they can install new hardware and drivers are installed by the package. That's it.

It seems that not everything can be solved with packages. Or am i wrong?

Satish
Posted by: glwday 15 years ago
Orange Belt
0
We had exactly the same problem with ActiveSync and our company's new phone from Orange. In the end we had to get the user to log a helpdesk call when they where ready to activate the phone connection to the pc and the Active sync software had already been installed remotely. Helpdesk would add them to the local pc admin group via dameware. User logs out and in to pick up new priviledges, plug phone in - it can now install USB drivers. Helpdesk remove user from admin group, user logs out and back in so admin rights are removed. Not a great solution but effective and straight forward.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ