RIPs cannot be executed locally on the client computer when "Obtain rights through AClient" option is selected
|Article:HOWTO5707|||||Created: 2006-11-09|||||Updated: 2007-05-16|||||Article URL http://www.symantec.com/docs/HOWTO5707|
All the RIPs have the following option enabled: Rapidinstall Editor > Edit > RIP Options > Install Conditions > Administrator Rights > Obtain rights through ACient.
We use RIPs in two methods: method 1 is to deploy them through the Deployment Server console which works fine. Method 2 is to copy the RIPs down to the local client computer and execute them manually. The second method is used through logon scripts to automate post software installation hotfixes under the administrator security context (that is, changing file permissions/registry permissions and so on).
The problem is both existing (created with Deployment Solution 5.6) RIP Packages and new ones (made with Deployment Solution 6.5) are executed without any problem on a computer with AClient version 5.6/6.1 but are unable to execute (there appears no progress at all) on another computer with AClient version 6.5.
Deployment Solution 6.5 and higher
In Deployment Solution 5.6 and 6.1, we had a possibility to run a RIP on a computer that you do not have sufficient rights to run and, if AClient is on the computer, it will restart the RIP with admin access. This functionality was removed in 6.5 as it was considered being a security hole. Now if a RIP is set to Obtain rights through AClient, it will silently fail. It does write a log entry to %TEMP%\AltirisTemp\rinstall.log that indicates "This RIP will run through the service."
The “issue” described is actually a change of functionality. Design for RIPs distribution needs to be reconsidered.
Article URL http://www.symantec.com/docs/HOWTO5707