When pushing software through Software Delivery, what account is used by default to run the installation, and how do I deploy using the logged on users account?

Document ID : KB000050565
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When Deploying Software through Software Delivery, the installation is performed as Local System by default.

In order to deploy software and have it install as the logged on user's account, you must deploy to a User Profile instead of the computer.

Please see how to setup this up below.

Solution:

  1. Since User Profiles are not enabled by default you must enable User Profile Collection in the Configuration Policy.

  2. Unseal the Configuration Policy.

  3. Go to \DSM\Agent\Common Agent\Software Delivery\ and modify "Registration: Supported unit" to allow "Computer + User Profile".

    Figure 1

  4. Seal the policy, this will start the Configuration Job which will take some time to apply to all computers. If you create a new policy make sure to copy the new policy directly to the group of computers you want this applied to.

  5. Once the Configuration policy is applied to all computers or at least to the computers you want, you have to allow the computers to register in again to populate this info. You can force this by running the command "caf resister all" locally on an agent, or you can push this command through an asset job or software delivery job.

  6. Once the collect engine task runs and collects the User Profiles, you will see them under the "All User Profiles" tree of the DSM Explorer as shown below.

    The User Profiles will be in the format of "ComputerName/UserName" so they will be unique even if the same user account uses many machines.

    Figure 2

  7. Once you see the User Profiles, these can be targeted by Software Delivery Jobs to allow a job to run in the context of that user.

You will target the User Profile as opposed to the computer in the software job.

If you target a user profile you are not targeting a user, you are targeting a user on THAT MACHINE. If the user logs on elsewhere or does not log into that machine again, they will not receive this job. There is no way to target a user generically.