Forum: SuRun English speaking RSS
Enterprise Deployment
HDI best deploy this to multiple PCs
jsun #1
Mitglied seit 05/2009 · 1 Beitrag
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Betreff: Enterprise Deployment
I have started to use SuRun, and I have to first off say thinks, this is exactly what I was looking for.

I would like to deploy this to 70 PCs but what is the best way to do this, and is there a way to do this without having to setup the access list on each PC, I see that I can export the list; and then import it in the program, but I was hoping there might be a way to import this from a command line argument?

Any information or thoughts anyone has on this would be greatly appreciated.

J-sun

Thanks again for a great product.
Kay (Administrator) #2
Benutzertitel: Weltverbesserer
Mitglied seit 11/2007 · 1464 Beiträge · Wohnort: Magdeburg
Gruppenmitgliedschaften: Administratoren, Mitglieder
Profil anzeigen · Link auf diesen Beitrag
You can silently install SuRun with User Settings from the command line:

InstallSuRun.exe /INSTALL <path to>\<SuRunSettingsFile>

SuRuns Settings file is a standard Windows INI file that is easy understandable.
You need to setup the INI for each domain User/PC by modifying the [User<N>] [WhiteList<N>] [WhiteListFlags<N>] sections.

This is not quiet comfortable, but it works. ;-)

Some expert settings that represent Windows Settings are not backed up/restored by SuRun. You can change these settings directly with ADM files or by using subinacl.exe.

E.g. to let SuRunners modify power options you need to call:
"subinacl.exe /keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVerion\Controls Folder\PowerCfg" /grant=SuRunners=F"
jsun822 (Gast) #3
Kein Benutzerprofil vorhanden.
Link auf diesen Beitrag
Thank you very much Kay again for such a great product, can you tell me where I would put this INI file and what to call it?
Kay (Administrator) #4
Benutzertitel: Weltverbesserer
Mitglied seit 11/2007 · 1464 Beiträge · Wohnort: Magdeburg
Gruppenmitgliedschaften: Administratoren, Mitglieder
Profil anzeigen · Link auf diesen Beitrag
As I'm not a domain user/admin, I need to guess here.
I'm sure that there is a way that you usually deploy new software to your domain. Some domain admins asked me the same questions and they had a kind of scripting system or msi files to do that.

You also need to setup at least one SuRun user template on your server or a client pc and backup SuRuns settings to a file. (Let's call the file surunsettings.ini) If all users can login to all of the 70 boxes you need to copy the sections [User0] [WhiteList0] [WhiteListFlags0] to new sections [User1] [WhiteList1] [WhiteListFlags1] ... [User69] [WhiteList69] [WhiteListFlags69] in surunsettings.ini. You also need to set the right user names in the [User<n>] sections. If there's only one user using one system, you only need to set the user name in the [User0] section of the original surunsettings.ini.

When deploing for the first time you need to copy SuRunInst.exe and surunsettings.ini to each system and call "SuRunInst.exe /INSTALL <PathTo>surunsettings.ini" then reboot.

When deploying an update for SuRun, just copy SuRunInst to each system and call "SuRunInst.exe /INSTALL".

When you need to deploy changed settings for your users, copy surunsettings.ini to each system and call "SuRun /RESTORE <PathTo>surunsettings.ini".

Your deployment software needs to be run as real Administrator.
Stephen2 #5
Mitglied seit 02/2012 · 4 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Betreff: Set 'Administrators' instead of 'Object Creator' as default owner
Thanks to everyone in this thread, I'm almost ready to deploy 1.2.1.0 into my workplace domain.

The only part I'm having trouble with is the "Advanced" settings section, replicating these as scripts/GPO policies.

Kay, you've said:
Some expert settings that represent Windows Settings are not backed up/restored by SuRun. You can change these settings directly with ADM files or by using subinacl.exe.

The most important function I'm trying to replicating using scripts/GPO is "Set 'Administrators' instead of 'Object Creator' as default owner for objects created by Administrators.

Could you please describe in detail how to achieve this function through scripting/GPO, in Windows 2008R2 and Windows 7?  If I can just figure this out, I'll be ready to deploy and kill the horrible setup I've inherited from previous network admin!

Also, as a secondary, it would be great to understand how to set each of the 5 "Convenience settings" on/off using command line, or group/security policy?

Actually, I already know three:

1) Allow 'SuRunners' to change 'Power Options' and to select power schemes:
"subinacl.exe /keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVerion\Controls Folder\PowerCfg" /grant=SuRunners=F"

2) Show Windows update notifications to all users (if automatic updates are activated).
GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update
Setting: Allow non-administrators to receive update notifications

3) No auto-restart for scheduled Automatic Windows Updates installations
GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update
Setting: No auto-restart with logged on users for scheduled automatic updates installation

Thank you so much!
Stephen2 #6
Mitglied seit 02/2012 · 4 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
haha, I'm so happy, with more forum browsing I found you'd already explained my main question:

To achieve "Set 'Administrators' instead of 'Object Creator' as default owner for objects created by Administrators":
This option is a Windows policy, so SuRun does not export and import it.
You can set it yourself in the registry:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"nodefaultadminowner"=dword:00000000

Thanks Kay - I'm adding SuRun to the work domain I'm responsible for, and removing everyone as Local Administrators of their system (YUCK!)
Stephen2 #7
Mitglied seit 02/2012 · 4 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
All good deployment strategies need an Uninstall strategy.

Unfortunately, I can't figure out how to make Surun UNINSTALL using command line, without popping up the uninstall box.

Surun /UNINSTALL /QUIET seems to throw an error.

Is there any way to achieve my solution - preferably with the default options:
Keep SuRun Settings - UNticked
Delete group 'SuRunners' - TICKED
Make members of 'SuRunners' to local Administrators - UNticked


Thanks again
Kay (Administrator) #8
Benutzertitel: Weltverbesserer
Mitglied seit 11/2007 · 1464 Beiträge · Wohnort: Magdeburg
Gruppenmitgliedschaften: Administratoren, Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Zitat von Stephen2 am 19.02.2012, 11:00:
Is there any way to achieve my solution - preferably with the default options:
Keep SuRun Settings - UNticked
Delete group 'SuRunners' - TICKED
Make members of 'SuRunners' to local Administrators - UNticked

Not at the moment.
A dialog based uninstall is all there is for now.
Maybe you could use something like autoit to automate clicks.
Stephen2 #9
Mitglied seit 02/2012 · 4 Beiträge
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
Thanks Kay, I'll figure something out and share it with the forum when I do.

Please charge money for your software, it is fantastic.
Convertible #10
Mitglied seit 03/2012 · 1 Beitrag
Gruppenmitgliedschaften: Mitglieder
Profil anzeigen · Link auf diesen Beitrag
here a little AutoIt Script for Silent uninstall (window in german :) ):

Run ("InstallSuRun.exe /UNINSTALL")
Sleep (1000)
WinWait ("SuRun Entfernen")
Sleep (1000)
ControlClick ("SuRun Entfernen","","Button1")
Sleep (6000)
ControlClick ("SuRun Entfernen","","Button1")

Greetz

Chris
Schließen Kleiner – Größer + Auf diesen Beitrag antworten:
Prüfcode: VeriCode Gib bitte das Wort aus dem Bild ins folgende Textfeld ein. (Nur die Buchstaben eingeben, Kleinschreibung ist in Ordnung.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Weitere Zeichen:
Gehe zu Forum
Nicht angemeldet. · Kennwort vergessen · Registrieren
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Seite erstellt in 126,5 ms (83,1 ms) · 99 Datenbankabfragen in 23,5 ms
Aktuelle Zeit: 24.06.2017, 05:25:22 (UTC +02:00)