Give the share authenticated user access so the computer can access the .msi.
Startup scripts are machine specific and run before a user logs on. As a
result they run in the context of the localSystem account on a computer. As
localSystem, they have privilege to do just about anything on a Windows
system. If a startup script needs to access network resources (e.g. a server
share) however, localSystem will not work. Given that, Group Policy will
change the security context of the script to that of the machine's computer
account, which is a valid AD user (e.g. a machine named WorkstationA will
have an account in AD called WorkstationA$--this account is hidden, but is
represented by the computer object when you are viewing an AD domain). The
machine account, just like any other user account in AD, is a member of the
Authenticated Users and can thus access any network resources that a member
of this group can. So, if you have a startup script that needs to access
server resources, make sure that the computer's machine account has
permissions to access those resources.
"Dennam" wrote:
> When I publish an application to User Configuration, users under the OU can
> see the app under Add/Remove. However, I when I assign an app (whether
> under U.C or Computer Config.), the program does not auto install.
>
>
> I may be off in my thinking, but if you assign an application, won't it
> automatically install (without requiring user intervention)? Thanks for any
> help!
>
|
Similar Threads
