Jump to content


JerichoJones

SCCM 2012 R2 - Deploy Application from DFS

Recommended Posts

Hello All,

I have been struggling with this for the last few days. I have been trying to deploy Applications from a DFS share but cannot get it to work. It appears that the MSI cannot be found when MSIEXEC is invoked (error 1619). I have checked the paths and permissions and there does not appear to be an issue there (both the Site Server and installation user account have permissions). Under the Deployment Type I have the following:
Content Tab - Empty
Programs Tab
Installation Program: msiexec /i "\\dfsroot\Software\Install\7zip\7z920x64.msi"
Installation start in: \\dfsroot\Software\Install\7zip
User Experience Tab
Installation behavior: Install for system
Logon requirement: Whether or not a user is logged on
Installation program visibility: Hidden

I checked the event log on the client and MSIEXEC is getting invoked under the SYSTEM account. That obviously won't work.

What am I missing?

Share this post


Link to post
Share on other sites

1. Why would you use DFS, instead of a DP? This complete defeats the purpose of what CM12 does.

2. This is going to be a permission issue. Why because the local system account does NOT have access to the DFS server and therefore get accessed denied to the MSI.

Share this post


Link to post
Share on other sites

Well pointing at the server directly fails as well. It does work if I give "Everyone" access. So something strange is going on with how the permissions are parsed (I guess). Does anyone have ideas or links on troubleshooting permissions parsing? I've never had to get that deep into it.

Share this post


Link to post
Share on other sites

1. Why would you use DFS, instead of a DP? This complete defeats the purpose of what CM12 does.

2. This is going to be a permission issue. Why because the local system account does NOT have access to the DFS server and therefore get accessed denied to the MSI.

Answer to #1 - So I do not have to redo how we install software or maintain multiple repositories. Maybe I'm missing something though.

 

Oddly I have a friend at another institution that uses DFS successfully (or so he claims). Others on the Interwebs indicate that they are using it as well. Unfortunately I have had no success in finding a document that covers how to set this up.

Share this post


Link to post
Share on other sites

Answer to #1 - So I do not have to redo how we install software or maintain multiple repositories. Maybe I'm missing something though.

 

Oddly I have a friend at another institution that uses DFS successfully (or so he claims). Others on the Interwebs indicate that they are using it as well. Unfortunately I have had no success in finding I document that covers how to set this up.

 

#1, yes I think you are missing the whole point of CM12. DP should always be "near" client, they use BITS to download content or use branch cache to reduce network traffic.

#2, I'm sure you can make it work but you will be compromising security to do it. Again you are not using the benefits of CM12, branch cache, etc.

Share this post


Link to post
Share on other sites

 

#1, yes I think you are missing the whole point of CM12. DP should always be "near" client, they use BITS to download content or use branch cache to reduce network traffic.

#2, I'm sure you can make it work but you will be compromising security to do it. Again you are not using the benefits of CM12, branch cache, etc.

#1, It would seem then that I have to have the same software in multiple places due to what appears to be a restrictive design choice by MS. Is there a sensible reason why SCCM does not use a domain account to do the installation? I don't get it.

 

#2, Agreed. We cannot give Everyone access.

Share this post


Link to post
Share on other sites

#1, It would seem then that I have to have the same software in multiple places due to what appears to be a restrictive design choice by MS. Is there a sensible reason why SCCM does not use a domain account to do the installation? I don't get it.

 

#2, Agreed. We cannot give Everyone access.

#1 how is it multiple place? aka how exact would it be different than DFS with respect to multiple places?

#1 Yes there is a reason, it is less secure to use a domain account that using the local system account, Plus it will not allow you to manage workgroup PC, *nix, mac, and mobile phone and increase your support cost.

Share this post


Link to post
Share on other sites

#1 how is it multiple place? aka how exact would it be different than DFS with respect to multiple places?

#1 Yes there is a reason, it is less secure to use a domain account that using the local system account, Plus it will not allow you to manage workgroup PC, *nix, mac, and mobile phone and increase your support cost.

Technically correct however from a user perspective it is one place. They go to one place to get the software. I go to one place to update it. Simple.

 

Unix & Mac? Really? I can deploy software to those? Is that new? Last I heard it could only do inventory.

As for mobile we have something designed specifically for that. CM12 is not even close to being a robust solution yet.

 

In any event I can get around the issue for now by using Packages which do use the domain account (Thanks go to REDDIT for that tidbit). Strangely MS does not view that as a security concern.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.