Installing/Running Applications as Unsecure/Secure System User
Novell Cool Solutions: Trench
By Paul Pedron
Digg This -
Posted: 12 Mar 2002
When you run an app as Unsecure/Secure System user it is using the system credentials not the user credential.
If the workstation or "system" (not user) doesn't have a mapping it won't obviously see that directory.
There are a couple of things you can do:
- If original app was installed via snapshot you can set the Uninstall (but settings have to be precise in areas like file/registry/ini for Copy Always/If Newer/etc.) So this is perhaps more complex than what you need.
- Create a script with a .CMD extension using XCACLS.exe to allow the workstation appropriate rights for application installation(deinstallation), and push out with ZEN. Example:
\\<XXSERV1>\SYS\PUBLIC\XCACLS.exe "C:\NALCACHE" /T /G EVERYONE:RC /Y
\\<XXSERV1>\SYS\PUBLIC\XCACLS.exe "C:\NALCACHE" /T /G SYSTEM:F /Y
This will allow anything installed from NALCACHE on the local drive to have system rights for User Group Everyone and System. (Note: Research this command (xcacls.exe), we are just starting to use it on our NT/2K machines - and it works great!)
- I also have used Winkill.exe to stop exe. It is simple and I've used it to stop GroupWise Services (like Notify, GroupWise.exe), as a prelaunch script in the app, in order to install the GWClient.
In ConsoleOne Run Options | Launch Scripts | Run before Launching (or Distribution Options | Distribution Scripts | Run before Distribution
#\\<<XXSERV1>>\vol1\winkill\winkill -kp notify.exe -kp edsdlv32.exe -kp edmsrv32.exe -kp wflmgr32.exe -kp grpwise.exe -kp gwdsktop.exe -kp gwmarq.exe
OR for NDPS
#\\<XXSERV1>\zen_apps\winkill -kp wm.exe -kp wuser32.exe -kp wuolservice.exe -kp dpmw32.exe To determine what the exe you need to terminate, you run winkill.exe and it will put it in your system tray.
Then right click on the winkill (in system tray) and follow the menus.
- There is another way to stop a service.
Create a Batch file and do a preinstall script and include in it like - (at a CMD prompt): Net Stop "Remote Management"
It uses the same naming in the Services of the Control Panel that displays all services running or not... if space requires you to put in quotes.
Or, for instance, I need to push out the NDPS updates and I use the Net Stop.
Then I run the .inf with the following command line Application. Look up 129 numbers mean different thing... Don't have MS TID though, sorry. Found it in the search ".inf and autorun"
As an app I put in ConsoleOne
Run | Applications | Path to Executable: C:\Winnt\System32\rundll32.exe
Run | Applications | Parameters:setupapi,InstallHinfSection DefaultInstall 129
One more way I uninstall application that was not a push is using the Uninstall.exe built into Windows. MS TID Q101507, Q100021, Q101507 (support.microsoft.com).
Example:As an app I put in ConsoleOne
C:\Windows\IsUninst.exe -fC:\Novell\Groupwise\deisl1.isu -cC:\Windows\System\Gwuninst.dll -a -x
Run | Applications | Path to Executable: C:\Windows\IsUninst.exe
Run | Applications | Parameters: -fC:\Novell\Groupwise\deisl1.isu -cC:\Windows\System\Gwuninst.dll -a -x
This will uninstall GroupWise as if I went to the Add/Remove Programs and uninstalled all the different components (GW, Notify, Desktop, etc.).
I've even gotten to the point of removing a run from the
HKEY_LOCAL_MACHINE\SYSTEM\Software\ Microsoft\Windows\Current Version\Run
bouncing the box, and deinstalling for those really hard apps so it doesn't start on startup.
Or for a service ripping it out of
and bouncing the box and deinstalling. But this is the more drastic way.
If you have any questions you may contact Paul at Paul.Pedron@ci.fresno.ca.us. Paul is Senior Network System Specialist for the City of Fresno (California).