Software Portal Task execution as currently logged-in User

Kostenloses Stock Foto zu apfel, backsteinmauer, becher, code

Some customers are currently evaluating to install MSIX using Symantec ITMS Software Portal. They do not want to publish a policy – they rather want to publish a task in the Software Portal.

Problem: When publishing a software task in the Software Portal, you are not able to select a Job / Task, you have to select a Software Release – sadly you are not able to select the credentials which will be used to execute the Task.

So we have to find a way to specify the credentials when using a Task (Software Release).
NOTE: Please make sure to backup the database before you proceed!

Solution: Symantec creates a hidden task when you publish a Software Release somewhere in the Console. To show this hidden Folder called „Software Request Item Folder“ we are taking a look for the attribute of this object using a simple SQL Query. The hidden Software Request Item Folders guid is 0c682f39-25bf-4b57-99a3-0c116d933fc.

select * from vitem where guid = '0c682f39-25bf-4b57-99a3-0c0116d933fc'

Now we know that the Software Request Item Folder has a Attribute of 21 which means (Hidden, NoReplication, NoDelete) and we are updating the Attribute to 0 which means (Normal).

To update the attribute we use the following SQL Query:

update Item
set attributes=0
where guid = '0c682f39-25bf-4b57-99a3-0c0116d933fc'

Now you can navigate in the SMP Console and modify the task to run with currently logged-in User credentials. SMP Console – Settings – All Settings -> Notification Server -> Resource and Dataclass Settings -> Dataclasses -> Software Management -> Software Request Item Folder

Click on the Softwaretask Symbol and select Advanced to change the Credentials to Currently logged-in User.

Now every user that clicks on the published software in the Software Portal runs the application with Currently logged-in User credentials instead of Symantec Management Agent credentials! This only makes sense if the Software you are trying to install allows to be installed with the currently logged-in User. In most cases this needs to be done when using MSIX which is the predecessor of AppX. Using a policy would also be possible in most cases…. which will prevent you from modifying DB Attributes.

To revert changes back (hide the Folder) just run the following query:

update Item
set attributes=21
where guid = '0c682f39-25bf-4b57-99a3-0c0116d933fc'

Feature Request: Please allow the selection of Job / Task in addition to Software component and Managed delivery when publishing into the Software Portal

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

Du kommentierst mit deinem Abmelden /  Ändern )


Du kommentierst mit deinem Facebook-Konto. Abmelden /  Ändern )

Verbinde mit %s