Hi Shane, The Flash installation for me has been, so far, very simple. I'm only talking about the Flash Reader IE active-x plug-in though, not a full blown copy of the Flash developer. I grabbed the distributable msi by applying for a license, created a per-computer GPO software installation, told it to uninstall if moved out of scope and left the rest at default. I didn't apply any transforms or application switches. I assigned it to a test OU which only has a single workstation in and applied it to two groups we have, one for desktops and one for laptops. I have since gone through and given 'Domain Computers' 'Full Control' my installation files folder. However, I have only done this on a brand new, fully patched version of XP SP3 with minimal installations on it such as Office 2007, Acrobat, Java, etc. I read a lot of problems on appdeploy.com about Flash installation failing if a previous version of Flash exists on the system. Everyone on there seems to have had to deploy Flash using a script which checks for Flash and runs an uninstaller first if its present. I expect I'll have these problems once I test this on an existing workstation with all the usual trash on! I doubt this helps but hope it does. Andrew From: Shane Williford [mailto:shane.williford@xxxxxxxxxx] Sent: 05 August 2008 16:45 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Permissions for software installation Hi Andrew... I actually was just getting GP assistance for deploying Flash via GP last week. I thought I had it licked, but alas...it doesn't work. I followed all documentation steps as well as suggestions from here (Jamie, specifically) and it seemed to work for me, but when I apply it on other OUs, it doesn't seem to install unless an Admin runs/activates it first. If you get yours to work, please share how. Thanks. Shane M. Williford Systems Administrator MCSE, MCSA Sec, Sec+, Net+, A+ Mazuma Credit Union 9300 Troost Kansas City, MO 64131 shane.williford@xxxxxxxxxx 816-361-4194 x6012 From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew McHale Sent: Tuesday, August 05, 2008 4:45 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Permissions for software installation Hi all, Thanks for the pointer. It was a per-computer GPO (sorry for missing this out in my original post) and I didn't even think about adding Domain Computers instead of Everyone. Interestingly, the Authenticated Users group has no rights on this folder which could add to the fact it wouldn't run. I used a full computer path, not an IP, so this wasn't the issue, but thanks for the suggestion. What I still don't understand though, is why the Java installation would work fine but the Acrobat one wouldn't. They are both per-computer GPO's and have files in the same folder structure with exactly the same permissions. The only differences are the Acrobat install uses a Transform file and the GPO has the User Configuration Settings disabled, where as the Java GPO doesn't. Any idea's or should I just chalk this up to 'one of those things'? Many thanks Andrew From: Nelson, Jamie [mailto:Jamie.Nelson@xxxxxxx] Sent: 04 August 2008 23:58 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Permissions for software installation Don't know why you would use an IP, but in this case it shouldn't make a difference. It usually comes down to permissions. From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Sent: Monday, August 04, 2008 5:50 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Permissions for software installation When you set up the deployment, did you point it to an IP address or a server name? I had this issue once in the past when I used an ip address and found out it will cause you to get access denied. ----- Original Message ----- From: Nelson, Jamie <mailto:Jamie.Nelson@xxxxxxx> To: gptalk@xxxxxxxxxxxxx Sent: Monday, August 04, 2008 1:29 PM Subject: [gptalk] Re: Permissions for software installation Yep, I've always made it a point to grant explicit rights to Domain Computers if it is a per-computer assigned installation. From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Monday, August 04, 2008 11:41 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Permissions for software installation Andrew- Was this a per-computer deployment? If so, then the installation happens in the context of the machine's domain account. In the past I've noticed that Authenticated Users was not sufficient to solve this problem, even though it should have been. I'm not clear why this is, but perhaps setting up some auditing on the server sided would have pointed the way. What I've seen, as a solution, is to grant either Domain Computers or Everyone explicit access to the files. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew McHale Sent: Monday, August 04, 2008 9:33 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Permissions for software installation Hi all, I've just created a GPO for deploying Acrobat 9 using the standard policy software installation (not GPP) and added a transform file to get around things like desktop shortcuts and EULA agreements. However, when I came to deploy it I got errors about not being able to access the files. On Friday I also created a GPO to deploy Java. This had exactly the same access rights as the Acrobat files but worked first time. I managed to get the Acrobat installation to work by giving 'Everyone' read, list and execute permissions to the folder containing the files but am confused as to why I had to do this. I thought the software installation used elevated privileges to install software? Can anyone explain to me (to help my GP understanding) why this is the case? In case you need to know, our environment is 100% Server 2003 SP2 and I was deploying to a XP SP3 machine. Thanks Andrew ________________________________ Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system. ________________________________ Notice: The information transmitted in this e-mail may contain confidential and/ or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system.