[Samba] Deploy software in fileserver folder

Denis Cardon dcardon at tranquil.it
Thu Jan 11 16:06:25 UTC 2018 

Hi Elias,

> I thought it worked, but after I uninstalled the software that I deployed
> via user scope, it did not reinstall. I selected the "Redeploy application"
> option, but it also did not work.

The user scope GPO are run with the privileges and access tokens of the 
logged on user, so the user have local admin rights for install and need 
access rights to the share you are putting your installation files (read 
rights for "domain users" group for example).

The computer scope GPO are run with maximum privileges using LocalSystem 
account. LocalSystem has access to machine kerberos credentials, so for 
accessing a share on the file server, you'll need to add read rights for 
"domain computers" group. You can check that your computer account can 
connect to a share by login in as LocalSystem using psexec:
   psexec -i -s cmd
     net use F: \\server\sharename
     dir f:

Any way, you'd be better at using a software deployment solution for 
that task (GPO are really not good at that, even Microsoft would advise 
you to use ConfigMgr/SCCM). I'm partial on that point as I'm one of the 
developers, but I'd advise you to check out WAPT [2].

Cheers,

Denis

[1] https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
[2] https://wapt.fr/en

>
> I read that in the user scope there are 2 installation options:
>
> - Deployed to User, Assigned Software - Not installed until the default is
> opened in the Programs Folder in the Start Menu.
> - Deploy to User, Published Software - Not installed until initiated to be
> installed from the "Programs and Features".
>
> I used both options and it was not installed either.
>
> I want to try to install via computer scope and into a fileserver folder
> because of disk space in AD.
>
> Is there any other way to set this up?
>
>
> On Thu, Jan 11, 2018 at 8:48 AM, Elias Pereira <empbilly at gmail.com> wrote:
>
>> Hey Luke, thanks for the help!!! It's working now!!!
>>
>> God bless you and your family!! :D
>>
>> Remember that GPOs need to run as the context of either the computer or
>>> the user. Computers typically do not have access to many folders on a file
>>> server, even as "Everyone". That is why the NETLOGON folder works.
>>>
>>> If you're deploying as a USER configuration, then it should run as the
>>> context of the user, meaning the Everyone permission would work.
>>>
>>
>> On Wed, Jan 10, 2018 at 6:07 PM, Elias Pereira <empbilly at gmail.com> wrote:
>>
>>> Luke,
>>>
>>> I'm running via computer scope and I believe that's the problem. Later I
>>> will test and give a return if that was the detail.
>>>
>>>
>>> Em 10 de jan de 2018 15:47, "Luke Barone" <lukebarone at gmail.com>
>>> escreveu:
>>>
>>> Which GPO? Computer or User Configuration?
>>>
>>> Remember that GPOs need to run as the context of either the computer or
>>> the user. Computers typically do not have access to many folders on a file
>>> server, even as "Everyone". That is why the NETLOGON folder works.
>>>
>>> If you're deploying as a USER configuration, then it should run as the
>>> context of the user, meaning the Everyone permission would work.
>>>
>>> On Wed, Jan 10, 2018 at 9:45 AM, Elias Pereira <empbilly at gmail.com>
>>> wrote:
>>>
>>>> Sorry for a lack of information. I'm using GPOs for deploy the software.
>>>>
>>>> Em 10 de jan de 2018 3:00 PM, "Luke Barone" <lukebarone at gmail.com>
>>>> escreveu:
>>>>
>>>> How are you deploying the software? You've given us very little
>>>>
>>>> On Jan 10, 2018 7:01 AM, "Elias Pereira via samba" <
>>>> samba at lists.samba.org> wrote:
>>>>
>>>>> I tested putting "everyone" with full permission on the folder, but
>>>>> still
>>>>> the software deploy does not work.
>>>>>
>>>>> Any idea?
>>>>>
>>>>> On Tue, Jan 9, 2018 at 11:37 AM, Elias Pereira <empbilly at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hello list,
>>>>>>
>>>>>> I tried to set up a folder on our fileserver domain member, so I can
>>>>>> deploy software for users' machines, but is not working.
>>>>>>
>>>>>> If I put the software inside "netlogon" it installs correctly.
>>>>>>
>>>>>> \\172.16.1.7\storage\programs
>>>>>>
>>>>>> Auth Users - read & execute, list folder contents, read and write
>>>>>>
>>>>>> Do I need other permissions?
>>>>>>
>>>>>> --
>>>>>> Elias Pereira
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Elias Pereira
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>> --
>> Elias Pereira
>>
>
>
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

More information about the samba mailing list