Web lists-archives.com

Re: [Samba] Deploy software in fileserver folder




Hi Elias,

I thought it worked, but after I uninstalled the software that I deployed
via user scope, it did not reinstall. I selected the "Redeploy application"
option, but it also did not work.

The user scope GPO are run with the privileges and access tokens of the logged on user, so the user have local admin rights for install and need access rights to the share you are putting your installation files (read rights for "domain users" group for example).

The computer scope GPO are run with maximum privileges using LocalSystem account. LocalSystem has access to machine kerberos credentials, so for accessing a share on the file server, you'll need to add read rights for "domain computers" group. You can check that your computer account can connect to a share by login in as LocalSystem using psexec:
  psexec -i -s cmd
    net use F: \\server\sharename
    dir f:

Any way, you'd be better at using a software deployment solution for that task (GPO are really not good at that, even Microsoft would advise you to use ConfigMgr/SCCM). I'm partial on that point as I'm one of the developers, but I'd advise you to check out WAPT [2].

Cheers,

Denis

[1] https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
[2] https://wapt.fr/en


I read that in the user scope there are 2 installation options:

- Deployed to User, Assigned Software - Not installed until the default is
opened in the Programs Folder in the Start Menu.
- Deploy to User, Published Software - Not installed until initiated to be
installed from the "Programs and Features".

I used both options and it was not installed either.

I want to try to install via computer scope and into a fileserver folder
because of disk space in AD.

Is there any other way to set this up?


On Thu, Jan 11, 2018 at 8:48 AM, Elias Pereira <empbilly@xxxxxxxxx> wrote:

Hey Luke, thanks for the help!!! It's working now!!!

God bless you and your family!! :D

Remember that GPOs need to run as the context of either the computer or
the user. Computers typically do not have access to many folders on a file
server, even as "Everyone". That is why the NETLOGON folder works.

If you're deploying as a USER configuration, then it should run as the
context of the user, meaning the Everyone permission would work.


On Wed, Jan 10, 2018 at 6:07 PM, Elias Pereira <empbilly@xxxxxxxxx> wrote:

Luke,

I'm running via computer scope and I believe that's the problem. Later I
will test and give a return if that was the detail.


Em 10 de jan de 2018 15:47, "Luke Barone" <lukebarone@xxxxxxxxx>
escreveu:

Which GPO? Computer or User Configuration?

Remember that GPOs need to run as the context of either the computer or
the user. Computers typically do not have access to many folders on a file
server, even as "Everyone". That is why the NETLOGON folder works.

If you're deploying as a USER configuration, then it should run as the
context of the user, meaning the Everyone permission would work.

On Wed, Jan 10, 2018 at 9:45 AM, Elias Pereira <empbilly@xxxxxxxxx>
wrote:

Sorry for a lack of information. I'm using GPOs for deploy the software.

Em 10 de jan de 2018 3:00 PM, "Luke Barone" <lukebarone@xxxxxxxxx>
escreveu:

How are you deploying the software? You've given us very little

On Jan 10, 2018 7:01 AM, "Elias Pereira via samba" <
samba@xxxxxxxxxxxxxxx> wrote:

I tested putting "everyone" with full permission on the folder, but
still
the software deploy does not work.

Any idea?

On Tue, Jan 9, 2018 at 11:37 AM, Elias Pereira <empbilly@xxxxxxxxx>
wrote:

Hello list,

I tried to set up a folder on our fileserver domain member, so I can
deploy software for users' machines, but is not working.

If I put the software inside "netlogon" it installs correctly.

\\172.16.1.7\storage\programs

Auth Users - read & execute, list folder contents, read and write

Do I need other permissions?

--
Elias Pereira




--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba







--
Elias Pereira





--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba