Forum: SuRun English speaking RSS
Enterprise Deployment
HDI best deploy this to multiple PCs
jsun #1
Member since May 2009 · 1 post
Group memberships: Mitglieder
Show profile · Link to this post
Subject: Enterprise Deployment
I have started to use SuRun, and I have to first off say thinks, this is exactly what I was looking for.

I would like to deploy this to 70 PCs but what is the best way to do this, and is there a way to do this without having to setup the access list on each PC, I see that I can export the list; and then import it in the program, but I was hoping there might be a way to import this from a command line argument?

Any information or thoughts anyone has on this would be greatly appreciated.

J-sun

Thanks again for a great product.
Kay (Administrator) #2
User title: Weltverbesserer
Member since Nov 2007 · 1507 posts · Location: Magdeburg
Group memberships: Administratoren, Mitglieder
Show profile · Link to this post
You can silently install SuRun with User Settings from the command line:

InstallSuRun.exe /INSTALL <path to>\<SuRunSettingsFile>

SuRuns Settings file is a standard Windows INI file that is easy understandable.
You need to setup the INI for each domain User/PC by modifying the [User<N>] [WhiteList<N>] [WhiteListFlags<N>] sections.

This is not quiet comfortable, but it works. ;-)

Some expert settings that represent Windows Settings are not backed up/restored by SuRun. You can change these settings directly with ADM files or by using subinacl.exe.

E.g. to let SuRunners modify power options you need to call:
"subinacl.exe /keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVerion\Controls Folder\PowerCfg" /grant=SuRunners=F"
jsun822 (Guest) #3
No profile available.
Link to this post
Thank you very much Kay again for such a great product, can you tell me where I would put this INI file and what to call it?
Kay (Administrator) #4
User title: Weltverbesserer
Member since Nov 2007 · 1507 posts · Location: Magdeburg
Group memberships: Administratoren, Mitglieder
Show profile · Link to this post
As I'm not a domain user/admin, I need to guess here.
I'm sure that there is a way that you usually deploy new software to your domain. Some domain admins asked me the same questions and they had a kind of scripting system or msi files to do that.

You also need to setup at least one SuRun user template on your server or a client pc and backup SuRuns settings to a file. (Let's call the file surunsettings.ini) If all users can login to all of the 70 boxes you need to copy the sections [User0] [WhiteList0] [WhiteListFlags0] to new sections [User1] [WhiteList1] [WhiteListFlags1] ... [User69] [WhiteList69] [WhiteListFlags69] in surunsettings.ini. You also need to set the right user names in the [User<n>] sections. If there's only one user using one system, you only need to set the user name in the [User0] section of the original surunsettings.ini.

When deploing for the first time you need to copy SuRunInst.exe and surunsettings.ini to each system and call "SuRunInst.exe /INSTALL <PathTo>surunsettings.ini" then reboot.

When deploying an update for SuRun, just copy SuRunInst to each system and call "SuRunInst.exe /INSTALL".

When you need to deploy changed settings for your users, copy surunsettings.ini to each system and call "SuRun /RESTORE <PathTo>surunsettings.ini".

Your deployment software needs to be run as real Administrator.
Stephen2 #5
Member since Feb 2012 · 4 posts
Group memberships: Mitglieder
Show profile · Link to this post
Subject: Set 'Administrators' instead of 'Object Creator' as default owner
Thanks to everyone in this thread, I'm almost ready to deploy 1.2.1.0 into my workplace domain.

The only part I'm having trouble with is the "Advanced" settings section, replicating these as scripts/GPO policies.

Kay, you've said:
Some expert settings that represent Windows Settings are not backed up/restored by SuRun. You can change these settings directly with ADM files or by using subinacl.exe.

The most important function I'm trying to replicating using scripts/GPO is "Set 'Administrators' instead of 'Object Creator' as default owner for objects created by Administrators.

Could you please describe in detail how to achieve this function through scripting/GPO, in Windows 2008R2 and Windows 7?  If I can just figure this out, I'll be ready to deploy and kill the horrible setup I've inherited from previous network admin!

Also, as a secondary, it would be great to understand how to set each of the 5 "Convenience settings" on/off using command line, or group/security policy?

Actually, I already know three:

1) Allow 'SuRunners' to change 'Power Options' and to select power schemes:
"subinacl.exe /keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVerion\Controls Folder\PowerCfg" /grant=SuRunners=F"

2) Show Windows update notifications to all users (if automatic updates are activated).
GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update
Setting: Allow non-administrators to receive update notifications

3) No auto-restart for scheduled Automatic Windows Updates installations
GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update
Setting: No auto-restart with logged on users for scheduled automatic updates installation

Thank you so much!
Stephen2 #6
Member since Feb 2012 · 4 posts
Group memberships: Mitglieder
Show profile · Link to this post
haha, I'm so happy, with more forum browsing I found you'd already explained my main question:

To achieve "Set 'Administrators' instead of 'Object Creator' as default owner for objects created by Administrators":
This option is a Windows policy, so SuRun does not export and import it.
You can set it yourself in the registry:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"nodefaultadminowner"=dword:00000000

Thanks Kay - I'm adding SuRun to the work domain I'm responsible for, and removing everyone as Local Administrators of their system (YUCK!)
Stephen2 #7
Member since Feb 2012 · 4 posts
Group memberships: Mitglieder
Show profile · Link to this post
All good deployment strategies need an Uninstall strategy.

Unfortunately, I can't figure out how to make Surun UNINSTALL using command line, without popping up the uninstall box.

Surun /UNINSTALL /QUIET seems to throw an error.

Is there any way to achieve my solution - preferably with the default options:
Keep SuRun Settings - UNticked
Delete group 'SuRunners' - TICKED
Make members of 'SuRunners' to local Administrators - UNticked


Thanks again
Kay (Administrator) #8
User title: Weltverbesserer
Member since Nov 2007 · 1507 posts · Location: Magdeburg
Group memberships: Administratoren, Mitglieder
Show profile · Link to this post
Quote by Stephen2 on 2012-02-19, 11:00:
Is there any way to achieve my solution - preferably with the default options:
Keep SuRun Settings - UNticked
Delete group 'SuRunners' - TICKED
Make members of 'SuRunners' to local Administrators - UNticked

Not at the moment.
A dialog based uninstall is all there is for now.
Maybe you could use something like autoit to automate clicks.
Stephen2 #9
Member since Feb 2012 · 4 posts
Group memberships: Mitglieder
Show profile · Link to this post
Thanks Kay, I'll figure something out and share it with the forum when I do.

Please charge money for your software, it is fantastic.
Convertible #10
Member since Mar 2012 · 1 post
Group memberships: Mitglieder
Show profile · Link to this post
here a little AutoIt Script for Silent uninstall (window in german :) ):

Run ("InstallSuRun.exe /UNINSTALL")
Sleep (1000)
WinWait ("SuRun Entfernen")
Sleep (1000)
ControlClick ("SuRun Entfernen","","Button1")
Sleep (6000)
ControlClick ("SuRun Entfernen","","Button1")

Greetz

Chris
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Not logged in. · Lost password · Register
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Page created in 67.1 ms (38.9 ms) · 99 database queries in 12.3 ms
Current time: 2019-07-22, 16:32:48 (UTC +02:00)