20 September 2011

MDT/SCCM 2010 - Running Applications Installations under different credentials

You may have an application that needs special credentials when installing during the MDT deployment. As you have seen, there is no where to enter these credentials in the Applications section. There is the runas.exe, but the password cannot be passed through the command line as it demands manual entry. VBScript can be used in the installation package, but do you want to expose the password on the network?

You can use PsExec.exe to install the application under a specified credential. It is available for download here. Once it is downloaded, you can do one of the following: 1) add a task sequence in MDT to install the executable in the %SYSTEM32% directory on the target machine or 2) Place the PsExec.exe on a network share that will be accessible during the deployment.

So now that you have PsExec.exe available, here is how you use it in the build process:

  1. Create a new application in the Applications folder of MDT
  2. Fill in the Working directory with the location where the application resides
  3. The command line will be as follows:

<location of psexec.exe>\PsExec.exe \\%COMPUTERNAME% /accepteula -u <domain>\<username> -p <password> <installation commandline>

NOTE: The \\%COMPUTERNAME% is needed. You will continuously get an error 1 if it is not present. This uses the local computer name. The /accepteula is needed because if it is not accepted, it will prompt for acceptance during the silent install. The registry key is located under the HKCU, leaving this the easiest way to circumvent that. <location of psexec.exe> can be omitted if you have psexec.exe installed into the system32 directory.

VBScript NOTE: If you are running a VBscript for the , you do not need to put any of it in quotations.


Post a Comment