The KACE Agent normally executes all managed installations and kscripts as the Local System account (LSA). Due to security limitations, the LSA is sometimes not feasible for some types of scripted activities. As a side note, online kscripts can utilize the Run As option to specify a user.
In that case, options to resolve would include either having valid user credentials embedded in the kscript itself (which is a security risk) OR alternatively using the built-in RunOnce directive for Windows so that upon the next time a user logs into a machine, the command(s) will execute with their credentials.
Use this in a batch file for an MSI, or a Run Command in a script:
C:\windows\system32\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce /v KACEScript /t REG_SZ /d “INSERT_YOUR_COMMAND_HERE_INCLUDING_PATH“
Example script:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce /v KACEScript /t REG_SZ /d "C:\Program Files\Kace\kbox\packages\kbots\XXXX\PowerProfile.bat"
What this will do is, like the KACE SDA appliance and it's post-installation tasks, add a command in the RunOnce directive for Windows where the NEXT time a user logs in (say, reboots or logs out) the install will run. Since this is based on the user log in, credentials are not necessary. This method also avoids Local System restrictions, because this will execute will all privileges of that user. The only disadvantage this has is that the action won’t happen the user logs back into their machine.
Step by step example can be referenced here:
Example of Setting up a Power Profile using the RunOnce Windows Directive
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center