Export (0) Print
Expand All

Appendix E: Using MS Systems Management Server

One of the ways administrators can deploy customized Internet Explorer 5 packages is by using Microsoft Systems Management Server. Custom packages are still creating using the IEAK, but rather than point users to the new packages, Systems Management Server delivers the new package directly to their desktops. Systems Management Server provides many additional capabilities. For more information, please visit http://www.microsoft.com/smsmgmt.

Installing Internet Explorer 5 on Windows NT Workstation 4.0 systems without user administrative privileges

Administrators using Systems Management Server need to have special consideration when installing Internet Explorer 5 packages on Windows NT Workstation 4.0-based PCs without local user administrative privileges. Windows NT Workstation 4.0 is designed to reduce total cost of ownership. One of the ways Windows NT Workstation 4.0 demonstrates lower cost of ownership is by requiring users to have administrative rights to install applications. Many corporations do not provide users with administrative rights, which keeps users from installing untested and unauthorized applications.

Systems Management Server provides administrators with the ability to distribute applications to systems without local user administrative rights. However, Internet Explorer Setup requires Administrator rights to complete its installation on computers running Windows NT. The Systems Management Server Package Command Manager (PCM) service can deliver the first phase of the Internet Explorer installation and restart the client. The problem is that after the client is restarted, Internet Explorer Setup continues running instructions from the RunOnce section of the registry. The processes running from the registry require Administrator rights to complete the installation.

The following section provides guidelines for distributing Internet Explorer 5 using Systems Management Server on Windows NT Workstation 4.0 systems without user administrative privileges.

Using Systems Management Server 2.0

The purpose of this document is to provide a step by step walk through of how to go about not only successfully creating a package for deployment with SMS, but also serves as a guideline of what steps need to be taken to deploy this package to your Windows NT client machines. This is not meant to be an in depth guide to using Systems Management Server 2.0. This is meant to be a guide to assist corporate administrators to understand how to use the auto logon script and how to deploy their package onto client computers on their LAN. Also, this is just one setup scenario using Systems Management Server 2.0. There are other ways to achieve setup with Systems Management Server 2.0. For these other ways, please refer to Systems Management Server help documentation.

Before beginning, you should obtain the Internet Explorer Administration Kit. This file contains the Iesetup.ipf and Shutdown.exe files. This file is available for download from:

http://www.microsoft.com/windows/ieak

Step 1 - Setting Up The Server:

The set up of the server for Systems Management Server 2.0 differs quite a bit in the User Interface rather than in functionality. Most of the setup is done through the MMC (Microsoft Management Console). The following tasks are to be performed on the server that you have Systems Management Server installed on.

  1. Click Start/Programs/System Management Server/SMS Administrator Console. This will bring up the MMC.

  2. In the left-hand pane, you will need to expand the Site Database tree. Then expand the 'Site Hierarchy' under the Site Database.

  3. Right click on the site that comes up and choose Properties.

  4. Click on the Accounts tab. Here you will need to add an account. To do this, you will click the Set button. Put the user name for the Systems Management Server client remote installation account. The account needs to have domain admin rights). Now enter the password and then confirm password.

  5. Click OK.

  6. Click OK again.

  7. Navigate to the Systems Management Server Database/Site Hierarchy/<name of your site>/Site Settings/Client Agents. In the right hand pane you will see Advertised Programs Client Agent, right click on it. Select Properties. Place a check mark in the Enable Software Distribution to Clients check box. Here you may want to change the polling interval (time in which the client checks to see if there is a package awaiting deployment) by adjusting the Check for new programs every xx minutes.

  8. When done, click OK.

  9. Under Systems Management Server Database/Site Hierarchy/<name of your site>/Site Settings/Client Installation Methods, right click on Windows Networking Logon Client Installation in the right hand pane.

  10. On the General tab, Put a check in the checkbox labeled Enable Windows Networking Logon Client installation.

  11. Make sure that your domain is listed in the logon points box. If it's not, then click on the gold star in the upper right hand and enter your domain.

  12. Go to the Logon Settings tab, put a check in the checkbox labeled Modify User Logon Scripts.

  13. Click OK.

  14. Under Systems Management Server Database/Site Hierarchy/<name of your site>/Site Settings/Discovery Methods, right click on Windows Networking Logon Discovery.

  15. Put a check in the Windows Networking Logon Discovery checkbox. Again, make sure that your domain is showing up here, if not, then add it by clicking on the gold star in the upper right hand and entering your domain.

  16. Make sure that the modify user logon scripts is still checked. If not, check it.

  17. Click OK.

Step 2 – Customizing And Compiling The Script:

The following steps will go through customizing the Systems Management Server installer script, 'iesetup.ipf' and creating the iesetup.exe. The iesetup.exe file is generated when the iesetup.ipf script is compiled by Systems Management Server Installer You will need to have the Systems Management Server installer installed. Unlike 1.2, the Systems Management Server installer is now a part of the Systems Management Server installation. If you compiled your script with the older version of the Systems Management Server installer need to recompile your script using the Systems Management Server installer at least later than 2.0.64.00 or later.

The Iesetup.ipf is a sample script that modifies the client registry to enable automatic logon on the Windows NT clients with an Administrator account. For additional information about enabling automatic logon, please see the following article in the Microsoft Knowledge Base:

Q97597 How to Enable Automatic Logon in Windows NT

Administrators should follow these steps:

  1. Open the script 'iesetup.ipf' with in the Systems Management Server installer.1 http://www.microsoft.com/windows/ie.

  2. Scroll down until you see the *SET DOMAIN ADMIN ACCOUNT NAME HERE* and change the variable to be the name of the account with domain admin rights.

  3. Directly below that, change the *SET DOMAIN ADMIN'S ACCOUNT PASSWORD* to the password for the domain admin.

  4. Directly below that, *SET DOMAIN NAME HERE*, change the value to the name of the domain of which the admin account is a part of.

  5. Save the file.

  6. On the Systems Management Server installer menu bar, click Installation/Compile. That will create an .EXE file with the same name as the installer script that you are using. In this case it is iesetup.exe. You'll need to put the iesetup.exe and shutdown.exe into the same directory as the IE 5 installation files.

There are some factors that need to be addressed at this point. If you have created you IEAK package to be installed silently, you will not have to do any additional configurations to the script. The script has the syntax needed for a silent installation (ie: ie5setup.exe /Q:A /C:"ie5wzd /S:""#E"" /Q /R:N") All you will have to do is to remember to check the "Install Silently" check box in the IEAK when creating your customized installation of Internet Explorer.

But if you choose not to have the package install silently, and wish to have a user interface, you will need to make sure you do not check the "Install Silently" checkbox in the IEAK, plus you will need to go to the section of the script that looks like --> Text=Executing %IENT_PATH%\ie5setup.exe /Q:A /C:"ie5wzd /S:""#E"" /Q /R:N", and remove the command line syntax. The line should read--> Text=Executing %IENT_PATH%\ie5setup.exe .

Here is a list of the switches that you can use to control Internet Explorer Setup:

  • /Q - Specifies a quiet "hands-free" mode. The user is prompted for information that isn't specified.

  • /B:iebatch.txt - Specifies the batch script file to use.

  • /Q:A - Specifies a quiet mode with no user prompts.

  • /Q:C - Specifies a quiet mode with the Cancel button not displayed, so the user cannot cancel Setup. The Internet Explorer Customization wizard uses this switch if you select the Install package silently option when you are installing as a corporate administrator.

  • /M:[0|1|2|3...] - Specifies the installation mode. For customized IEAK packages, 0 refers to the first installation choice, 1 refers to the second choice, and so on (for example, 0=minimal, 1=typical (default), 2=full).

  • /E:ComponentID,ComponentID - Specifies extra components to be installed regardless of the installation mode. Use this switch to specify components that aren't a part of the installation type you specified in the Customization wizard. This switch also overrides settings in the batch text file, if used. The ComponentID is a string that uniquely identifies a component; you can find the corresponding string in the component sections of the Iesetup.cif file.

  • /S:""#e"" - Designates the source path of Ie5setup.exe. The ""#e"" refers to the full path and name of the .exe file. Note that the path must be surrounded by two pairs of double quotation marks.

  • /R:N - Suppresses restarting the computer after installation. If you suppress restarting, your program should take care of restarting the computer. Internet Explorer is not configured correctly until the computer is restarted.

  • /D - Specifies that you want to download only the files for the current operating system.

  • /D:1 - Specifies that you want to download files for Microsoft Windows and Windows NT operating systems.

  • /G: - Runs specified installation sections in Iesetup.inf. Separate sections with commas.

  • /X - Installs Internet Explorer without the shell, icons, or links. This option is useful for hosting browser controls in your own application.

  • /X:1 - Installs Internet Explorer with the shell, icons, or links, but does not take over default browser or http protocol associations.

  • /P - Reports the required component and disk space cost for an installation. It enables you to see how much disk space will be used based on the installation options selected.

  • /F -(Fix) Reinstalls all items on the user's computer that are the same version or newer. Using the /F switch ensures that no component is replaced with an earlier version.

Step 3 – Creating The Systems Management Server Package:

The following will go through the steps needed to create your Systems Management Server package for deployment. This is not to be confused with the package you created of Internet Explorer that you created with the IEAK. This is the actual package that Systems Management Server will have scheduled as a job for distribution.

  1. In the MMC right click on Packages and click New/Package.

  2. On the General tab, give your package a name.

  3. Go to the Data Source tab, and put a check in the box in This Package Contains Source Files checkbox.

  4. Now click on the Set button

  5. Under the Source Version/Source Directory enter the path to the set up files in the source directory.

  6. Click OK.

  7. Go to Distribution Settings, and change the Sending Priority to high.

  8. Click OK. You'll see the package under the Packages section.

  9. Expand your package under Packages.

  10. Right click on Distribution points and choose New/Distribution Points and follow the step in the wizard.

  11. Click next in wizard.

  12. Put a check in the check box on the server you want to use and click finish.

  13. Right click on Programs.

  14. Click on New/ Program, in the General tab give it a name.

  15. On the Command Line field, enter the full path to the script executable.

  16. Go to the Environment tab, clear the User Input Required check box.

  17. Put a check in the check box that is labeled Run with Administrative rights. *This is VERY important that this is done.

  18. Click OK.

You will now be brought back to the Packages window. Here you will now see your newly created Systems Management Server package.

Step 4 – Creating The Advertisement (Job):

You will now create the job that will be scheduled for distribution.

  1. Go to Queries /All client systems.

  2. Right click on the client that you are wanting to install the package onto.

  3. Choose All Tasks/Distribute software. This will bring up the Distribute Software wizard.

  4. Click Next.

  5. Select your package.

  6. Click Next.

  7. Make sure your distribution site is selected, and click next.

  8. Select the program that you want to install.

  9. Click Next.

  10. On the Advertisement Target screen, choose the radio button labeled Create a New Collection Containing This Resource and Advertise To The New Collection.

  11. Click Next until you get to the Assign Program screen.

  12. Once at the Assign Program screen, Click Yes to assign the program.

  13. Click Next.

  14. Click Finish.

When your client shows up in the Queries/All clients systems then it's ready to receive packages. The user will have to log on to the client machine before the server will recognize the client. This can be any account with user level rights.

Step 5 – The Installation Process:

Now both the Systems Management Server and the client are in a ready state for installation. Once the client recognizes that there is a job pending, it will start the installation process. Here is what is happening during this installation process.

Phase 1:

Iesetup.exe performs the following tasks:

  1. Modifies the registry to enable automatic logon.

  2. Disables the keyboard and mouse services.

  3. Records the path to the Systems Management Server distribution server.

  4. Where the script is being executed from.

  5. Calls Shutdown.exe to restart the client computer.

Phase 2:

  1. The client restarts with automatic logon enabled, and with the keyboard and the mouse disabled. At this point, everything will be running under the context of the Administrator account.

  2. Ie5setup.exe runs from the registry. It starts Internet Explorer Setup in "quiet" mode.

  3. Internet Explorer Setup finishes the first phase of its installation.

  4. Iesetup.exe calls Shutdown.exe to restart the client computer.

Phase 3:

  1. Iesetup.exe starts again. It disables automatic logon, removes the Administrator account and password from the registry, and enables the keyboard and mouse services.

  2. Internet Explorer Setup continues with the final phase of the installation. Iesetup.exe calls shutdwon.exe with a 30 seconds timer. You may need to adjust the timer to allow sufficient time for Microsoft Internet Explorer to finish its configuration. At this point, Internet Explorer is completely installed, but it must configure itself for the Administrator account that is running these procedures.

  3. The client is restarted and is ready for the user to log on.

Using Systems Management Server 1.2

This section describes a procedure to deploy Internet Explorer 5 through Microsoft Systems Management Server 1.2 to Microsoft Windows NT Workstation-based PCs when the user is not an administrator on the local computer. It provides a walk through of how to go about not only successfully creating a package for deployment with SMS, but also serves as a guideline of what steps need to be taken to deploy this package to your Windows NT client machines. It is not meant to be an in depth guide to using Systems Management Server 1.2. This is meant to be a guide to assist corporate administrators to understand how to use the auto logon script and how to deploy their package onto client computers on their LAN. Also, this is just one setup scenario using Systems Management Server 1.2. There are other ways to achieve setup with Systems Management Server 1.2. For these other ways, please refer to Systems Management Server help documentation.

Before beginning, you should obtain the Internet Explorer Administration Kit. This file contains the Iesetup.ipf and Shutdown.exe files. This file is available for download from:

http://www.microsoft.com/windows/ieak

The procedures described below require that the Windows NT clients run the Systems Management Server Package Command Manager as a service.

The PCM service requires a user account that has:

  • Domain Administrator privileges on the client computer.

  • Domain user authority to read PCM instruction file on the Systems Management Server logon server and run a setup program in the package directory on the Systems Management Server distribution server.

Because it works through a user account with administrative privileges, the PCM service can perform tasks that the PCM application cannot. For example, it can install files into secured directories or make changes to secured registry keys. For additional information about installing the Package Command Manager service, please see the following article in the Microsoft Knowledge Base:

167114 SMS: PCM Service Now Available for Windows NT Clients

Step 1 - Setting Client Up With Package Command Manager:

Make sure that the client machine is in the same domain as the Systems Management Server. If not, there are other issues that need to be resolved (ie: authentication issues, etc). For further information on this issue, please refer to your Systems Management Server help documentation.

  1. Run runsms.bat in the profile that will be active during installation. Runsms.bat should be installed by connecting to the Systems Management Server through a UNC path, ie: \\<sms server>\sms_shrc\login.srv\runsms.bat

  2. Reboot the client machine

  3. Run rservice.exe with your customized .ini file on client to install Package Command Manager as a service. This must be done on the client while logged in as the domain administrator. Start/Run/Cmd.2 can be found on the SMS SP4 CD under support\PCMSVC32\X86 (or Alpha). Information on creating the customized .ini file can be found on the SMS SP4 CD under support\PCMSVC32\install.doc). At the command prompt, type c:\rservice.exe rservice.ini /install

  4. Reboot the client machine

  5. Log back into the client. At this point not only has the Package Command Manager been installed and started as a service on the client machine, it is also telling the Systems Management Server that it is an Systems Management Server client.

Step 2 – Customizing And Compiling The Script:

The following steps will go through customizing the Systems Management Server installer script, 'iesetup.ipf'. and creating the iesetup.exe. The iesetup.exe file is generated when the iesetup.ipf script is compiled by Systems Management Server Installer You will need to have the Systems Management Server installer installed on the Systems Management Server server.

The Iesetup.ipf is a sample script that modifies the client registry to enable automatic logon on the Windows NT clients with an Administrator account.

For additional information about enabling automatic logon, please see the following article in the Microsoft Knowledge Base:

Q97597 How to Enable Automatic Logon in Windows NT

Administrators should take the following steps:

  1. Open the script 'iesetup.ipf' with in the Systems Management Server installer.3 http://www.microsoft.com/windows/ie

    .

  2. Scroll down until you see the *SET DOMAIN ADMIN ACCOUNT NAME HERE* and change the variable to be the name of the account with domain admin rights.

  3. Directly below that, change the *SET DOMAIN ADMIN'S ACCOUNT PASSWORD* to the password for the domain admin.

  4. Directly below that, *SET DOMAIN NAME HERE*, change the value to the name of the domain of which the admin account is a part of.

  5. Save the file.

  6. On the Systems Management Server installer menu bar , click Installation/Compile. That will create an .EXE file with the same name as the installer script that you are using. In this case it is iesetup.exe. You'll need to put the iesetup.exe and shutdown.exe into the same directory as the IE 5 installation files.

There are some factors that need to be addressed at this point. If you have created you IEAK package to be installed silently, you will not have to do any additional configurations to the script. The script has the syntax needed for a silent installation (ie: ie5setup.exe /Q:A /C:"ie5wzd /S:""#E"" /Q /R:N") All you will have to do is to remember to check the "Install Silently" check box in the IEAK when creating your customized installation of Internet Explorer.

But if you choose not to have the package install silently, and wish to have a user interface, you will need to make sure you do not check the "Install Silently" checkbox in the IEAK, plus you will need to go to the section of the script that looks like --> Text=Executing %IENT_PATH%\ie5setup.exe /Q:A /C:"ie5wzd /S:""#E"" /Q /R:N", and remove the command line syntax. The line should read--> Text=Executing %IENT_PATH%\ie5setup.exe.

Here is a list of the switches that you can use to control Internet Explorer Setup:

  • /Q - Specifies a quiet "hands-free" mode. The user is prompted for information that isn't specified.

  • /B:iebatch.txt - Specifies the batch script file to use.

  • /Q:A - Specifies a quiet mode with no user prompts.

  • /Q:C - Specifies a quiet mode with the Cancel button not displayed, so the user cannot cancel Setup. The Internet Explorer Customization wizard uses this switch if you select the Install package silently option when you are installing as a corporate administrator.

  • /M:[0|1|2|3...] - Specifies the installation mode. For customized IEAK packages, 0 refers to the first installation choice, 1 refers to the second choice, and so on (for example, 0=minimal, 1=typical (default), 2=full).

  • /E:ComponentID,ComponentID - Specifies extra components to be installed regardless of the installation mode. Use this switch to specify components that aren't a part of the installation type you specified in the Customization wizard. This switch also overrides settings in the batch text file, if used. The ComponentID is a string that uniquely identifies a component; you can find the corresponding string in the component sections of the Iesetup.cif file.

  • /S:""#e"" - Designates the source path of Ie5setup.exe. The ""#e"" refers to the full path and name of the .exe file. Note that the path must be surrounded by two pairs of double quotation marks.

  • /R:N - Suppresses restarting the computer after installation. If you suppress restarting, your program should take care of restarting the computer. Internet Explorer is not configured correctly until the computer is restarted.

  • /D - Specifies that you want to download only the files for the current operating system.

  • /D:1 - Specifies that you want to download files for Microsoft Windows and Windows NT operating systems.

  • /G: - Runs specified installation sections in Iesetup.inf. Separate sections with commas.

  • /X - Installs Internet Explorer without the shell, icons, or links. This option is useful for hosting browser controls in your own application.

  • /X:1 - Installs Internet Explorer with the shell, icons, or links, but does not take over default browser or http protocol associations.

  • /P - Reports the required component and disk space cost for an installation. It enables you to see how much disk space will be used based on the installation options selected.

  • /F -(Fix) Reinstalls all items on the user's computer that are the same version or newer. Using the /F switch ensures that no component is replaced with an earlier version.

Step 3 – Creating The Systems Management Server Package:

The following will go through the steps needed to create your Systems Management Server package for deployment. This is not to be confused with the package you created of Internet Explorer that you created with the IEAK. This is the actual package that Systems Management Server will have scheduled as a job for distribution.

  1. You'll create the package in the Systems Management Server administrator. On menu bar, click button labeled 'Open Window: Packages', you'll see the 'Packages' window.

  2. Now, on the menu bar click File/New. You'll see the 'Package Properties Window'. *You can give any name and any comment you wish.

  3. Click on the Workstations button, in the source directory field, enter the UNC path to where you have the IEAK installation package residing (i.e.: "\\\\server\\share").

  4. Click on the Properties button, you can specify any command name you wish. Command Line is the location of the script file ("\\\\server\\share\\iesetup.exe").

  5. You will also see two checkboxes here, one labeled 'Automated Command Line' and the other is 'System (background task)'. Make sure both check boxes are checked.

  6. You will also see the box named 'Supported Platforms'. Check the boxes to the platforms that you will be installing the IE package on. In this case, it's Windows NT (x86).

  7. Click OK.

  8. Click Close.

  9. Click OK.

You will now be brought back to the Packages window. Here you will now see your newly created Systems Management Server package.

Step 4 – Creating The Job:

You will now create the job that will be scheduled for distribution.

  1. In the Systems Management Server administrator, click the button labeled 'Open Window: Jobs'

  2. Also click the 'Open Window: Sites" option.

  3. In the Sites windows, expand the tree to see your intended client (s).

  4. Drag the package from the Packages window and drop it onto your clients name in the Sites window. That will bring up the job details dialog box.

  5. Here you will see the 'Distribute' phase section with two checkboxes. One is called 'Refresh Existing Distribution Servers', and the other is called 'Put On Specified Distribution Servers', make sure that both of these are checked.

  6. In the drop down box, make sure it says 'Default Servers'.

  7. In the Run Phase section, make sure that 'Run Workstation Command' is checked. *In the drop down box below that, you should see the name that you specified in the Command name field in the Package Properties window.

  8. Click on the check box that says 'Mandatory After', and 'Offer After' should be equal.

  9. Uncheck Expires after radio button.

  10. Click OK. *This will bring you back to the job properties box.

  11. Click on the button that says schedule, and change the priority to high.

  12. Click OK.

  13. Click OK.

In the jobs window you will see the job you just made. The status should say pending.

Now wait for the job to show active status in the job window. Once it does, the package will be available for installation, once your client acknowledges that the package is there.

Step 5 – The Installation Process:

Now both the Systems Management Server and the client are in a ready state for installation. Once the client recognizes that there is a job pending, it will start the installation process. Here is what is happening during this installation process.

Phase 1:

Iesetup.exe performs the following tasks:

  1. Modifies the registry to enable automatic logon.

  2. Disables the keyboard and mouse services.

  3. Records the path to the Systems Management Server distribution server where the script is being executed.

  4. Calls Shutdown.exe to restart the client computer.

Phase 2:

  1. The client restarts with automatic logon enabled, and with the keyboard and he mouse disabled. At this point, everything will be running under the context of the Administrator account.

  2. Ie5setup.exe runs from the registry. It starts Internet Explorer Setup in "quiet" mode.

  3. Internet Explorer Setup finishes the first phase of its installation.

  4. Iesetup.exe calls Shutdown.exe to restart the client computer.

Phase 3:

  1. Iesetup.exe starts again. It disables automatic logon, removes the Administrator account and password from the registry, and enables the keyboard and mouse services.

  2. Internet Explorer Setup continues with the final phase of the installation. Iesetup.exe calls shutdwon.exe with a 30 seconds timer. You may need to adjust the timer to allow sufficient time for Microsoft Internet Explorer to finish its configuration. At this point, Internet Explorer is completely installed, but it must configure itself for the Administrator account that is running these procedures.

  3. The client is restarted and is ready for the user to log on.

1 Microsoft provides a sample script is available on

2 rservice.exe

3 A sample script is available on

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft