none
What is the security context when deploying application using SCCM 2012? RRS feed

  • Question

  • As far as i know when using Group Policy the software is always installed under SYSTEM security context. However i cannot find any information related to SCCM 2012 (and deploying applications) security context.

    Also is there a difference in doing "Install for User" or "Install for Device/System"?

    Thanks

    Friday, November 30, 2012 10:54 AM

Answers

All replies

  • Yes...

    If you select "Install for User" the installation will run in the User context.

    If you selcet "Install for System", the installation will run in the System context.


    Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs: http://www.ronnipedersen.com/ and SCUG.dk/ | Twitter @ronnipedersen

    Friday, November 30, 2012 11:28 AM
  • It depends on the setting. It's either 'system' ("Install for Device/System") or the logged-on user ("Install for User").


    Torsten Meringer | http://www.mssccmfaq.de

    Friday, November 30, 2012 11:29 AM
    Moderator
  • Thanks. Just to confirm that if you use Group Policy and you Publish the msi for user when the user install it from Add/Remove Programs it is still going to be executed in SYSTEM security context?

    And while we are on this topic - is the above (about the security context in SCCM 2012) written anywhere in some official MS web page?

    Friday, November 30, 2012 1:10 PM
  • Thanks. Just to confirm that if you use Group Policy and you Publish the msi for user when the user install it from Add/Remove Programs it is still going to be executed in SYSTEM security context?

    And while we are on this topic - is the above (about the security context in SCCM 2012) written anywhere in some official MS web page?


    Not sure about the context for Intellimirror, but for ConfigMgr it's as Ronnie and Torsten stated. This may be documented somewhere, not sure. Not everything is documented though -- in fact, I'd say less than 25% (probably less than 10%) of everything to be known about ConfigMgr is officially documented. Note that this is the same for any product -- there simply are far too many permutations and possibilities to document them all. 

    Jason | http://blog.configmgrftw.com


    Friday, November 30, 2012 1:45 PM
  • We are setting an EXE (Script based) installer to "Install for user" and it always runs under the SYSTEM context.  Can someone confirm this behavior?

    SCCM 2012 SP1 CU2


    Levi Stevens Technical Consultant - End User Computing - West Region Dell | Services

    Friday, January 10, 2014 12:31 AM
  • What is leading you to this statement? Are there log files that you can share and additional information for us to help you troubleshoot? As it is, there's nothing for us to go on at all.

    Jason | http://blog.configmgrftw.com

    Friday, January 10, 2014 12:52 AM
  • Under Task Manager, it showed the installer running under the SYSTEM context.  Customer has already moved on to use a SMS Package/Program instead, so I'm going to try and reproduce this in a LAB and get back to you.

    Levi Stevens Technical Consultant - End User Computing - West Region Dell | Services

    Friday, January 10, 2014 12:53 AM