You are viewing limited content. For full access, please sign in.

Question

Question

Running Silent Installs on User Machines w Batch Files - Elevation Required?

Laserfiche Version 11 Installation and Upgrades Self-Hosted
Updated one day ago
asked one day ago

Good morning,

We have LF11 and are trying to encourage our users to use the Web Client, so we are trying to avoid widespread installs of the Windows client, but we are dependent on the Office integration and having difficulties installing it on user workstations. Our users are restricted from local admin privileges on their machines so if the install is happening per-machine, IT's typical process is to go to each workstation for the install because it requires elevation - this can get pretty time-consuming after a while.

We do not have Intune (are moving towards it but cannot use it at this time) and have found PDQ to be finicky; our preferred install method is to install via an MSI through GPO. Our IT team extracted the MSIs for the LFOffice-x64_en, the cab file for webtools, and the MSI for lfwebtools from the Windows client folder in the ISO package, but we are experiencing issues with the install. I recognize that the recommended method is to have the user run the EXE file themselves, but that's unacceptable with our security policy and is likely to cause more problems than it solves. 

Currently, there will be a security pop-up (see below, in the bottom-right) that comes up after the install is complete and the connection between Office and the Web Client is established by doing a Save to Laserfiche and adding the repository in Office - and if the pop-up action is not approved quickly enough, the pop-up disappears and blocks the Web Client from connecting to the Office integration. After this happens, the user then cannot open files from the Web client in Office on their desktop (they will endlessly be prompted to download the Office plugin and install it, despite it being installed on their machine).

I haven't been able to figure out where the dismissal is actually registered in Windows (so that I could potentially instruct users on how to approve the security request after the fact), so the only solution I have is to uninstall everything and then reinstall it myself manually so that I can catch the pop-up when it comes up, which defeats the whole point of the MSIs and GPO install procedure.

 

As it stands, I have a few questions and am hoping y'all can help:

1. Is it necessary to install the Windows client with both of those plugins? How do other orgs that restrict user install privileges and/or are preferentially using the Web client handle the install piece?

2. Is there documentation somewhere about the install order and dependencies of each component?

I wanted to test running the relevant MSIs from the Windows client install folder in case there is an issue with the MSIs we are using (which are isolated in an install folder), but am not sure which pieces might be prerequisites for others etc.

3. I tried creating a batch file like what is recommended in the silent install instructions, but it prompts for admin credentials on the local workstation - is there a good way to get around that? 

I tried researching but most of the solutions seem to require either nested batch files (ex a batch file that invokes another batch file) or PowerShell commands. If I'm running the installs (because even if IT pushes them out, the security pop-up mentioned before can still come up, so I need to assume that reinstalling is a possibility), I don't have admin privileges on everyone's computers. How do other orgs handle this requirement?

I really appreciate any insights that can be provided - this has been a frustrating sequence of trial and error attempts.

Thanks!

0 0

Replies

replied one day ago

Installing just the MSIs bypasses the checks for dependencies and may leave your install in an incomplete state. It would be best to use SetupLF in your unattended installs. See help file.

All Laserfiche products are installed per machine (rather than per user), so both the MSI installs and SetupLF will require elevation.

1 0
replied one day ago

@echo off
:: Check for admin privileges
net session >nul 2>&1
if %errorLevel% neq 0 (
    echo Requesting administrative privileges...
    powershell -Command "Start-Process '%~f0' -Verb RunAs"
    exit /b
)

:: Place your installation commands below this line
echo Installing application...
msiexec /i "C:\Path\To\AppInstaller.msi" /qn
 

  • Check if the batch is running as an admin.

  • If not, it re-launches itself as admin using PowerShell with -Verb RunAs.

  • Once elevated, it proceeds to run installation commands like msiexec or setup.exe.

0 0
replied one day ago

Or you could use GPO. 

0 0
replied one day ago Show version history

Hi Hannah,

With respect to the "Do you trust this site?" pop-up from Webtools Agent:

Webtools Agent throws the pop-up prompt when you try to connect it to a site that isn't in a Trusted Hosts list is stored in the Windows registry. All the prompt does (when approved) is add the site to the Trusted Hosts list so it doesn't appear in the future.

You can easily push the registry value(s) out to end users via GPO or other automated means.

As shown in the screenshot below, the keys (type REG_SZ) with the trusted Repository Web Client sites/URLs go under:

Computer\HKEY_CURRENT_USER\Software\Laserfiche\Webtools Agent\Trusted Hosts

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...