Skip to main content
A
Anonymous
April 27, 2006
Question

MSI file installation fails on computers with logged-in restricted users

  • April 27, 2006
  • 12 replies
  • 4406 views
I'm trying to package Flash Player 8b for silent distribution via Microsoft SMS. My package works correctly on computers where a logged in user is either a local Administrator or Power user, but fails with an error on computers where the logged in user has no such rights. The SMS package is set to install with administrative rights. The computers are Windows 2000 SP4 and Windows XP SP2 workstations. I only have the problem with Windows XP SP2, but those computers are the only ones without priviledged users. I've confirmed that computers with logged-in administrative users work properly, like my own Windows XP machine.

The installer I'm using is "install_flash_player_active_x.msi" and the version is "8,0,24,0". The digital signature is dated "Friday, March 31, 2006 12:45:10 PM". I am led by other posts to believe that this is the most current version and that I shouldn't be having these problems with it.

The error that is reported in the log files is:

1: ISMsiServerStartup Failure, Failed to Initialize script support, Error = 0x80070006

I'm using a Visual Basic script in my SMS package. It attempts to run the "uninstall_flash_player.exe" uninstaller to remove old versions, then tries to run the installer. It uses the following command line:

install_flash_player_active_x.msi /log %systemroot%\temp\flash_msi.log /qn allusers=2 reboot=reallysuppress

Originally I did not include the "allusers=2 reboot=reallysuppress", but I was having another error and various Macrovision and InstallShield support sites suggested that addition as a fix. That error was "Internal error 2103. 26".

Any ideas? Should this really be so hard to package and distribute?



    This topic has been closed for replies.

    12 replies

    M
    mrgbat63
    Participating Frequently
    May 19, 2006
    As the May 11th, adobe tech note stated, I ran the new uninstaller then re-installed. I have had no problems installing flash at all but it still won't work for limited user accounts. I have flash player working only on admin. account. Been like this for two months or longer. It seems to me that adobe/macromedia flash needs some competition, then this problem would be resolved quickly. I have followed every instruction, reg edits, so on and so on that adobe has put out concerning this problem and nothing seems to work.
    A
    Anonymous
    May 24, 2006
    There are multple posts with permissions settings that need to be changed. I had the same issue until I changed the permissions on some clsid keys...
    setacl.exe - information at http://www.helge.mynetcologne.de/setacl/
    command lines used (4):
    SetACL.exe -on "hklm\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}" -ot reg -actn ace -ace "n:Users;p:read" >nul
    SetACL.exe -on "hklm\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}" -ot reg -actn ace -ace "n:Users;p:read" >nul
    SetACL.exe -on "hklm\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}" -ot reg -actn ace -ace "n:Users;p:read" >nul
    SetACL.exe -on "hklm\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}" -ot reg -actn ace -ace "n:Users;p:read" >nul

    Script it how you like..... I used a high tech cmd file..............


    Please post results for others.

    Scott
    A
    Anonymous
    May 15, 2006
    I did find a solution to this odd problem. It does seem to be a dcom priveledges issue. I suspect the reason it isn't seen on pre-sp2 is because Microsoft made some changes to post xp-sp2 to tighten security. So ISSCript is called via dcom. Installsheilds default runas is "Interactive User" somewhere between SMS client running as user with admin rights causes this to break. I found that if you remove the runas string it will execute in whatever security context the program that called is running in. Since the SMS client has full control of the machine it works. I've attached a script that basically makes an array of dcom appid using wmi, removes the ones that don't have the column "InstallShield InstallDriver" in them - store those in a an array then remove the runas line from each. I actually found this script on the InstallShield site - I left the credits intact - however I've already thought of a few ways to improve on this script.

    The other problem is that Flash Player 8 installs the InstallSheild Driver version 10 on launch - which effectively restores the runas string. So I found there's a custom action called "EngineStartup.4F635B62_07BF_4779_B74E_D80C29D508E3" - to disable this I simply made a transform and removed this row in the InstallExecuteSequence table. Then it all works .

    Keep in mind - if your target machines do not have Install Shield Driver 10 on them you'll need to install that in your script before installing Flash Player 10. To do this make a transform for isscript10.msi and remove the Registry601 row - so it does not create the runas key on install.

    Or... You could just do the install as system - and forget this whole thing ever happened.
    S
    sfodd_lethal
    Participant
    May 16, 2006
    Thanks for that script! I've been able to successfully test it on my machine. However, I wanted to test it again to be sure it worked 100% before I started deploying to numerous computers. With that being said, I uninstalled Flash using uninstall_flash_player.exe and restarted the machine. I then tried to install flash again using the script, however this time the installshield quickly pops up and dissapears and then nothing happens. After this happened I could no longer succesfully install flash using the script. When I looked in the task manager there were two msiexec.exe's and two wmiprvse's. I ended those processes and tried again to no avail. Are there possibly any other processes I would need to end in order for the installation to complete succesfully again without restarting the PC? Any ideas why this happened in the first place?
    N
    NLee1234
    Known Participant
    May 17, 2006
    All,

    Bentley Wolfe indicated that Adobe would provide more information and/or new install later this week. I'm hoping that they are still on the case and working toward a resolution. Bentley, can we still expect something from you?

    Nancy
    N
    Newsgroup_User
    Inspiring
    May 15, 2006
    Skuld-Chan wrote:

    > I actually tested this scenario today - just for kicks. I usually install most
    > things via system, however when I tested in my SMS-2003, XP-SP2 test
    > environment it worked just fine.
    >
    > However - in researching this problem I found people who had similar problems
    > with ISScript - with the exact error your getting.
    >
    > The only thing I can think is that I had installed ISSCript 10.1 earlier for
    > some other test. What is the exact version of issscript that you are using?

    I have someone looking into this. It is some sort of ISSCript issue, and
    we might be able to provide some guidance later this week...

    Bentley Wolfe
    Senior Support Engineer, Flash/Flash Player
    Adobe
    A
    Anonymous
    May 13, 2006
    What is the exact version of isscript that you are using? I tested using 10.1.x - decent results, althought I might be using the same exact config you are. I'll look into the problem a bit further though.
    R
    RichMosca
    Participant
    May 11, 2006
    Just finished with the SMS crew at Premier. What happens is when the MSI runs it starts with the SMS software install account and if a user is logged on somewhere in the middle the msi switches to the logged on user account. If permissions on the temp directory are not correct it can't create a directory under temp and continue to unload and run. If no user is logged on it continues and appears to go ok. We altered our install script which is just a wrapper around the msi to check permissions on temp and give users full control on the temp directory using cacls. Good to go after that. Will do more testing tomorrow.
    A
    Anonymous
    May 11, 2006
    Rich,

    Which temp directory is it using? %systemroot%\temp?

    Bentley, can your dev folks take a look at this and see why the MSI switches to the logged-in user as Rich describes? If it installed using the system account it shouldn't have any trouble accessing the temp directory.

    --Nate



    R
    RichMosca
    Participant
    May 12, 2006
    Nate, this is what MS sent us. How we confirmed, we gave users full control on the window\temp and then monitored the install with task manager. At some point you see the isxxx process jump in with the logged on user account. Hope this helps.
    FROM MS: <I believe this is an extract from a customer>
    When the 8.0.24.0 Flash MSI runs as LocalSystem, it extracts some files into a directory under C:\WINDOWS\TEMP (named with a GUID). It then switches to the currently logged-on user account and attempts to do some things (not sure what) as that account in which it attempts to access those files it extracted into that subdirectory of C:\WINDOWS\TEMP. This, of course, it cannot do, because Microsoft wisely and craftily set the permissions on C:\WINDOWS\TEMP so that anyone can create files and folders therein, but so that access to those files and folders are restricted to the account that created them.
    -The workaround is either to avoid running the MSI while there is a user logged on that lacks admin privs or to adjust the permissions on C:\WINDOWS\TEMP before and after running the MSI
    A
    Anonymous
    May 11, 2006
    No, not really. I don't have hours to spend troubleshooting this problem so I'm setting the Flash Player package's install program to only run when no one is logged in to the computer. It will take much longer to distribute that way, but at least it works.

    I suspect we'll have more people reporting this problem now that the May patch summary from Microsoft is out, as it recommends that people get their Flash Players upgraded to resolve its many and varied security flaws.

    --Nate
    R
    RichMosca
    Participant
    May 11, 2006
    We have the same exact problem running with SMS on some machines. Has this been resolved in any way.

    Thanks, Rich
    A
    Anonymous
    May 3, 2006
    Bentley,

    I don't think I'm getting anywhere with Support. First they sent me a link to the KB article that references the 'new' installer, then they sent me a link to download that same file again. Although I've asked directly several times, no one seems willing to answer this simple question: "Do I have the correct version of the MSI installer?"

    Can you help? Do I have the correct version of the MSI installer? It has a digital signature dated "Friday, March 31, 2006 12:52:16 PM", has a file size of 4,624,384 bytes, and has a revision number of {DE82756D-0BC2-486A-92BE-012EB168AA54}.

    If I have the right installer, can you help me find out why it will not install on computers with logged-in restricted users?

    --Nate
    B
    Bbbent
    Inspiring
    May 3, 2006
    I've confirmed that you do have the correct installer.

    I'm going to have a higher level agent take over and contact you. We don't generally support distributions, so we may just have to escalate to Engineering and find out what they have to say. Make sure you take a look at the required permissions technote as well ( http://www.adobe.com/go/tn_19148).

    Bentley
    A
    Anonymous
    April 28, 2006
    Bentley,

    I've opened case 8546662 and referenced this thread for more information. I responded to the automated support message asking to keep the case open.

    Is the version I have the proper version, or is there another, newer version of the .MSI file that haven't been able to find? I've looked all over this site and Google for a newer version than the one I keep downloading.

    Thanks!
    N
    Newsgroup_User
    Inspiring
    April 28, 2006
    Nate Allen wrote:
    > Bentley,
    >
    > Thank you for your response. I tried re-downloading the .MSI installer but
    > the file is exactly the same as the one I'm attempting to distribute. I used
    > the link in the licensing response system to get to the download page:
    >
    >
    > http://www.macromedia.com/cfusion/entitlement/index.cfm?loc=en%5Fus&k=31599404%2
    > Dd9d1%2D7e4d%2D02ab395ca6e90736
    >
    > Is that not the correct link? How can I tell if the .MSI file I have is the
    > correct file?

    Nate..

    Please open a support case via
    http://www.macromedia.com/support/flashplayer (or use the licensing
    address provided in your license..)

    Bentley Wolfe
    Senior Support Engineer, Flash/Flash Player
    Adobe
    Show more replies
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices