6.17 Action - Install Network MSI

The Action - Install Network MSI dialog box lets you specify the location of the MSI file; its Install, Uninstall, and Repair parameters; transform file; and executable security level. You can also specify the specific requirements that a device must meet for the action to be executed on the device.

Figure 6-19 Action - Install Network MSI Dialog Box

Action - Install Network MSI Dialog Box

To access this dialog box in ZENworks Control Center, click the Bundles tab. Click the underlined link of a bundle in the Name column of the Bundles list, click the Actions tab, click one of the action set tabs (Distribute, Install, Launch, Verify, Uninstall, Terminate, or Preboot), click the Add drop-down list, then select an available action.

The following sections contains additional information:

6.17.1 General

The Action - Install Network MSI dialog box lets you specify the location of the MSI file; its Install, Uninstall, and Repair parameters; the transform file; and the executable security level.

.msi File

Specify the .msi file to install.

If you have not installed the Novell ZENworks File Upload plug-in on this device, you must do so before you can browse for a file path. For more information, see Novell ZENworks File Upload Plug-in.

Install Parameters

Click Parameters icon to display the Install Parameters dialog box, then specify the desired parameters. Click the Help button for additional information.

Uninstall Parameters

Click Parameters icon to display the Uninstall Parameters dialog box, then specify the desired parameters. Click the Help button for additional information.

Repair Parameters

Click Parameters icon to display the Repair Parameters dialog box, then specify the desired parameters. Click the Help button for additional information.

Transform File

Click Add to browse to and select the desired transform file. You can upload the transform file or you can specify its location.

If you have not installed the Novell ZENworks File Upload plug-in on this device, you must do so before you can browse to for a file path. For more information, see Section F.0, Novell ZENworks File Upload Plug-in.

Different groups within an organization often use the same application, but that doesn’t mean they require the same feature set. One of the benefits of Windows Installer is that if you have 10 groups needing 10 different feature sets or other alterations for the same application, you can deploy the same MSI package to all 10 user groups, but with a different transform file (MST) applied for each group.

A transform file is a collection of changes applied to an MSI installation. It contains all modification information, such as whether features are installed; how they are installed; which files, shortcuts, and registry entries are included; and Add/Remove Programs applet information.

If you have vendor-supplied MSI packages, you can use AdminStudio ZENworks Edition to create and manage transforms.

MSI Properties

The MSI package contains the property values that were defined during the administrative installation of the application. These property values determine the way the Microsoft Windows Installer installs the application to the workstation. In some cases, you might want to change one or more of the property values. For example, a property value might define the default location for a user’s work files. By adding the property to the list and changing the property’s value, you can override the default location defined in the MSI package.

If necessary, you can add public properties that were not included in the MSI package. When doing so, you should be careful to add only those properties that are valid for the package. The following options are available:

  • Add: To override a property value, you change the property value and add the property to the Properties list so that Application Launcher knows to use that property value rather than the one defined in the MSI package. To do so, click Add to display the MSI Properties dialog box. In the Name field, select the property whose value you want to override, specify the new value in the Value field, then click OK to add the property to the MSI Properties list.

  • Edit: To modify a property that is in the MSI Properties list, select the property, click Edit, modify the value data, then click OK.

  • Remove: To remove a property from the MSI Properties list, select the property, then click Remove. Deleting the property causes future installations of the application to use the property value defined in the MSI package.

Executable Security Level

On Windows 2000, Windows XP, Windows Vista, or Windows 7 device, the application executable can run in either the “user” space or the “system” space. By default, the Run normal option is selected, which causes the application to run in the “user” space and inherit the same workstation security level as the logged-in user.

If the logged-in user's security level does not provide sufficient rights and file access to run the application, you can configure the application to run in the “system” space or as a dynamic administrator, as described below:

  • Run as logged in user: The MSI application inherits the logged-in user’s credentials. For example, the application has the same rights to the registry and the file system as the logged-in user.

    Select the application’s display mode: Normal, Minimized, Maximized, or Hidden. In Hidden mode, the application runs normally without a user interface available. This is useful if you want the application to process something, then go away without user intervention.

    Select Grant administrator privilege to user during installation to provide administrator privileges to the logged-in user. However, providing administrator privileges to a user might pose security risks. If this option is selected, the user on the managed device is prompted to enter the password when the MSI is installed on the device. To install the MSI, the user must log in to the device with a user account that has a password configured.

    NOTE:On a Vista device, if the administrator is logged in to the device and the Grant administrator privilege to user during installation is selected, the action is performed in the quiet mode.

  • Run as secure system user (Don't allow system to interact with desktop): The application is run under the Local System user and inherits Administrator-level credentials. For example, the application has full rights to the registry and the file system. Because the security level is set to Secure, the application's interface is not displayed to the user and the application is only visible in the Task Manager. This option is useful when running applications that require full access to the workstation but require no user intervention.

  • Run as dynamic administrator: A dynamic administrator is an administrator account that is locally created on the fly to perform certain procedures, such as installing applications. Using a dynamic administrator is helpful when installing applications (some MSI applications, for example) that cannot be installed in the system space. Because the dynamic administrator does not have access to the network, the network shares on which the MSI is available must be made publicly accessible. When you select this action, the dynamic administrator is created, it performs the required tasks, and then the account is deleted.

    You cannot use mapped network drives to specify files and directories because dynamic administrators do not have access to mapped drives.

    Select credential for network access: If the file or directory specified in the action are a part of the UNC path or network share that can be accessed only through credentials, then browse through the credential vault to select a credential that has access to the network.

    NOTE:ZENworks does not support Windows Distributed File System (DFS) share.

    For more information on Credential Vault and adding credential to the Credential Vault, see Adding a Credential in the ZENworks 11 SP3 ZENworks Control Center Reference.

    NOTE:Performing this action as a dynamic administrator on a Windows domain controller fails because Microsoft does not allow the use of local administrator accounts on domain controllers.

6.17.2 Requirements

The Requirements page lets you define specific requirements that a device must meet for the action to be enforced on it. For information about the requirements, see Requirements.