MSI install without admin privilages

[P Ratcliff]

Hi All,

My situation is: MS Server 2003, MS SQL server 2000. I have an exported
..msi package from sql server to install on 400 NT desktops. The .msi
file requires admin level privilages to install and my users are
standard users.

I know I can edit the registry to AlwaysInstallElevated but don't like
the security hole that creates. All the 3rd party apps I can find to do
the edit automatically still need admin privilages. Also, I'd prefer to
avoid spending thousands on some elaborate push or pull software.
Surely there must be some way????

Thanks in advance,
Cheers,
P Ratcliff

 

[Carolyn Napier [MSFT]]

There are several different methods for enabling installation for non-admin
users. (I also agree that AlwaysInstallElevated is not the way to go).

Check out:
http://msdn.microsoft.com/library/d..._with_elevated_privileges_for_a_non-admin.asp.

You can use Group Policy/Active Directory to deploy it. Alternatively, all you
need to do is run the following command "msiexec /jm package.msi" as an
Administrator. After that, the user can install the package and it will run
elevated even though the user is a non-admin.

- Carolyn Napier
Microsoft Windows Installer Team

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

MSI FAQ:
<http://www.microsoft.com/windows2000/community/centers/management/msi_faq.mspx>

 

[P Ratcliff]

Carolyn,

Thank you for your answer. I have a question about one of your

Alternatively, all you
need to do is run the following command "msiexec /jm package.msi" as an
Administrator. After that, the user can install the package and it will run
elevated even though the user is a non-admin.

Unless I am missing something, I'm not clear on how this helps me avoid
visiting each of the 400+ machines and logging on as an admin. I have
tried running the command line on a test machine and it works
wonerfully - but attempting to run this command remotely from something
like SMS doesn't work so I am left with the option of going to each
machine.

I have read the information on Advertising and it sounds like I cannot
use this for NTWS, which is most of what I have.

Thanks again and if you have any further advice, I'd love to hear from
you.

Cheers,
P Ratcliff

 

[Carolyn Napier [MSFT]]

Could you not deploy this as a simple batch file through SMS that runs as
administrator? Additionally, SMS does have support for performing elevated
installations. Fundamentally all you need is to have something run that command
line as administrator on the box. Whether this is possible in your environment
depends upon what technology you use to manage your clients. (And I definitely
agree that you wouldn't want to go visit each machine). What capabilities does
your management technology offer?


-Carolyn Napier

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

MSI FAQ:
<http://www.microsoft.com/windows2000/community/centers/management/msi_faq.mspx>

 

[P Ratcliff]

Carolyn,

Thanks for your response. We are running SMS ver.2. This particular
upgrade runs as a 'pull'. The client app. knows, based on data from the
db, when there is a new update and goes out to a server and runs the
update.exe file we create using sms. This sms package contains any
system files needed, the new client .exe file plus the .msi package
exported from COM+.

The problem occurs when the user can't run the .msi file due to
permission levels. I'm currently working on having the sms package run
the advertisement (EXECUTE msiexec -jm c:\[pathtofile]\mymsi.msi) and
then the .msi file, but I am waiting on a new test version of the app.
so I'll have to get back to you on the results.

Thanks again for your answer.
Philippa Ratcliff