Novell Home

Running an App Object as Secure or Unsecure System User on Windows XP

Novell Cool Solutions: Tip
By Rich Stevenson

Rate This Page

Reader Rating  stars  from 5 ratings

Digg This - Slashdot This

Updated: 10 Feb 2006 		 

PROBLEM: We're all familiar with the problem that exists when running an application object as Secure or Unsecure System User on a Windows XP box. With Windows NT/2000 every process shared the same drive mappings but in XP the system does not have access to those mappings. The work-around is to use UNC pathing instead of a mapped drive. This works well but can also cause additional work for the administrator if the application exists in multiple locations, i.e. satellite offices across the WAN. The problem is, if you have to use UNC paths, you'll need to create a separate application object with the respective UNC path for each office.

SOLUTION: Instead of creating an application object for each location, you can set and use an environment variable that will pass the name of the server your user is logged into. Here's what you need to do:

In your login script, add the following line:
SET SERVER="%FILE_SERVER"

This line will create an environment variable in Windows using the name of the server the user has logged into. You can verify this from a Command prompt by typing 'SET' on the workstation.

Now, in your application object use the new variable to build the path to your application like this:
\\%SERVER%\sys\Apache2\htdocs\IPPDOCS\NIPP.EXE

So if your server name is FS1, then this line translates to
\\FS1\sys\Apache2\htdocs\IPPDOCS\NIPP.EXE
when the application is run.

You can also use the new variable for MSI installs through ZENworks. Just make sure the path to the MST file also uses the variable. If you do use this technique for an MSI, you will receive an error in ConsoleOne when you view the properties of the object. The error reported is, "Database could not be opened. MSI file could not be found." Click the Close button and the properties page will be displayed. The error occurs because ConsoleOne doesn't use the variable when it's checking to see if the MSI file exists. But this doesn't affect the user when the application is run.

You now have one application for all of your locations that automatically runs from whichever server the user is logged in to.

One thing to keep in mind is that this solution will only work if your application files exists on the same server that the user logs into.

If you have any questions you may contact Rich at richstevenson@richstevenson.com

Other Suggestions

VWOOD

Actually we have been doing this already without adding a set statement and using the default variable %FILESERVER% or %FILE_SERVER%. You can use the same variable (with just the preceding %) in the login script to run an executable also. I experimented with your steps and when I tried to use the %SERVER% variable in the login script it errors out. I was just wondering what the advantage would be of following this tip rather than using the default variable which works in both NAL apps and the login script.

Roland Pfenninger

Thanks Rich, your article is very cool. However, one simple improvement could be, if you use the variable 'zenwsimport' instead of the File_Server variable to make sure that the app object on every users site connects to the appropriate ZENworks server. (This is, in our case, better than the file server.)

If you have any questions you may contact Roland at Roland.Pfenninger@fd.zg.ch

Reader Comments

  • That is an interesting way to variablize the distribution path for mulitiple locations. In my case the preferred server is not always the distribution point for the application files. Thus, we set up a DNS zone at each location and a DNS entry "apps" in each zone. We use the "apps' variable to identify the distribution server. In some locations we have more than one distribution server so we set up a round robin DNS scenario. I am curious, where and how are you setting the Preferred server (%FILE_SERVER) variable for your clients?
  • Actually you can do this already without adding a set statement and using the default variable %FILESERVER or =%FILE_SERVER.
  • Use ZWXPDrive at http://www.ithowto.com/Articles/ZWXPDrive.htm
  • Been using %fileserver% since Zen2 and %fileserver or %file_server works well, however there are some traps when using it in conjunction with the login script. You can't use it if you associate to workstations and want to force run. If you use %fileserver directly in the app objects and the server or pc goes offline it loses the %fileserver value and you have to either reboot the pc or restart the workstation manager service.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.