myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


MS03-040 requires admin logon after reboot with IE5.x

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS Feature Packs >> MS03-040 requires admin logon after reboot with IE5.x Page: [1]
Login
Message << Older Topic   Newer Topic >>
MS03-040 requires admin logon after reboot with IE5.x - 10/6/2003 9:15:15 AM   
abanford

 

Posts: 333
Score: 19
Joined: 6/20/2001
Status: offline 		Heads up everyone! From the MS03-040 security bulletin:


Reboot needed: Yes - After reboot, an administrator logon is required for:

Internet Explorer 5.01 on Microsoft Windows 2000 and Microsoft Windows NT 4.0
Internet Explorer 5.5 on Microsoft Windows 2000
Post #: 1
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/6/2003 9:41:13 PM   
jhawks709

 

Posts: 2
Score: 0
Joined: 10/6/2003
Status: offline 		Anyone going to push this with feature pack even if the users are not admins.

If so are you going to try and use the runonce admin logon wrapper?

thanks!

(in reply to abanford)
Post #: 2
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/7/2003 11:13:18 AM   
bleary


Posts: 172
Score: 11
Joined: 3/12/2003
From: Denver, CO
Status: offline 		I' m looking into using the RunOnce wrapper, but I am also considering just making a dependant package to run after the patch reboots the machine. I have sent an e-mail to my Microsoft TAM to find out what what its doing under the Admin context after the reboot. The Windows\CurrentVersion\RunOnce key in the registry shows these two lines before the machine get bounced:

C:\WINNT\System32\regsvr32.exe /s C:\WINNT\System32\mshtml.dll
C:\WINNT\System32\regsvr32.exe /i /s C:\WINNT\System32\urlmon.dll

If this is all its doing, I' m going to try making a dependant SMS package to run after the reboot to register the .dll files. If I find out anything else from my TAM, I' ll post it here.

_____________________________

Brian Leary
Solutions Architect
EMC Microsoft Practice


(in reply to abanford)
Post #: 3
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/7/2003 5:25:22 PM   
ilockhart

 

Posts: 37
Score: 2
Joined: 7/29/2001
Status: offline 		Brian,

Just went through a very similar situation when deploying the previous IE rollup fix. Our environment is IE 5.5sp with Win2k and all our users run under local user rights.
(further discussion at http://www.myitforum.com/forums/tm.asp?m=36850&p=1&tmode=1)

The plan you' re outlining sounds like a reasonable way to go.

Can I suggest a couple of little things to also look out for when using this method.

First of all, the script you use to deploy the MS03-040 update should remove the 2 reg values mentioned before initiating the restart, and place a reference to itself under runonce.
Secondly, the wrapper script you mention needs to delete the runonce value that launched it (as inserted earlier), because a standard user account does not have permission to do this (users only have read access to this key).

Good luck with your deployments.

Regards
Ian Lockhart
Network Administrator
Melbourne, Australia

(in reply to abanford)
Post #: 4
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/7/2003 11:40:16 PM   
mconclave277

 

Posts: 8
Score: 0
Joined: 10/7/2003
Status: offline 		Ian,

I think your solution combined with SMS SUS may be the way to go for us (we' re in the same boat with MS03-040). I read the discussion re: ms03-032 - can you tell me how you told your wrapper script to run with admin priviledges - did you use the Run As command?

thanks,
Mhoram

(in reply to abanford)
Post #: 5
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/8/2003 6:08:39 PM   
ilockhart

 

Posts: 37
Score: 2
Joined: 7/29/2001
Status: offline 		Mhoram,

The wrapper script I use originally came from another web site (http://www.dragonsoft.spb.ru/ & look for the RunAs script by Ralf Buschmann) which has some very useful Wise scripts & actions. I don' t understand exactly how it works but from what I can see it uses DLL calls, and as long as the username/password/domain information is passed to it, it all works fine.

The main reason I spent time looking for something like this, was so that I could hide the admin password (in this case inside an exe file) because runas does not allow you to do it that way.

When deploying our new image (also using some this feature), I added a network user account into the local admin on each machine so that I can now use it with the deployment wrapper scripts.

Good luck and let us know how you go with this.

Regards
Ian


(in reply to abanford)
Post #: 6
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/8/2003 6:26:03 PM   
mconclave277

 

Posts: 8
Score: 0
Joined: 10/7/2003
Status: offline 		Ian,

Thanks very much - this could prove to be an extremely useful site! The script looks promising, and interesting - I' m not sure of the calls it' s making, but we' ll see how it goes.

Thanks,
Mhoram

(in reply to abanford)
Post #: 7
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/10/2003 10:30:12 AM   
mcarriere893


Posts: 3621
Score: 300
Joined: 4/12/2002
From: Manitoba, Canada
Status: offline 		BTW the SMS Admin FP has the elevated rights deployment tool (runonce) that is specifically designed to use with installs the require and admin login after reboot.

You would then use it, and deploy the patch as a regular s/w distribution.

It' s free on the SMS Management site under Microsoft.


_____________________________

Mark Carriere
Microsoft MVP-SMS
www.SMSUG.ca

(in reply to abanford)
Post #: 8
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/12/2003 7:17:47 AM   
iburnell


Posts: 253
Score: 1
Joined: 5/14/2003
From: London, UK
Status: offline 		Mark,

I' m trying to upgrade to IE6.1 using the run_once tool and have been unsuccessful. I' ve downloaded and followed all the instructions for the elevated rights tool, so that installs Run_once.exe into my ie6 directory. It even sets up the two packages for you, one to cleanup and pre-requirement to run the deploy. This all runs great. If you take off the hidden command you can see the Microsoft Run_once command windows sayings its spawned ie6setup.exe. Great but after reboot log back into the non-priv account (job rans with SMS rights initially) it complains that you must be running an administrative account to complete the upgrade. What am I doing wrong?. I tried looking for the reg keys before the reboot - I' m assuming its moving keys from the run into SMS\run but I couldn' t see them

(in reply to abanford)
Post #: 9
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/12/2003 7:49:51 AM   
sambusa

 

Posts: 160
Score: 0
Joined: 4/15/2003
Status: offline 		iburnell ,
I am with u in the same situation RUN-once not running correctly,..
Can any one guide us pls


Thanks in advance
SAMI

(in reply to abanford)
Post #: 10
RE: RE: MS03-040 requires admin logon after reboot with... - 10/12/2003 9:28:13 AM   
fracine


Posts: 1624
Score: 23
Joined: 11/17/2001
From: Québec, Canada
Status: offline 		I have some difficulties to figure how it works exactly. As an example, can you post how to use it with ms03-040?

Or why not writing an article?

Yes, I read that documentation but it is still unclear.

_____________________________

François Racine
Technicien

Please rate my post :)

(in reply to mcarriere893)
Post #: 11
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/12/2003 9:37:15 AM   
abanford

 

Posts: 333
Score: 19
Joined: 6/20/2001
Status: offline 		If you use IEAK6 to create your upgrade package, you will not need to use Runonce to get elevated rights after the reboot. IEAK 5.5 and above include the option to allow a regular user to logon after the reboot. All you have to do is create your source directory with IEAK then execute the following from a wrapper script. In mine, I have it set to R:N then the wrapper script executes a shutdown with 30 second countdown.

ie6setup.exe /C:" ie6wzd /S:" " #e" " /R:N"

(in reply to abanford)
Post #: 12
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/12/2003 9:43:26 AM   
sambusa

 

Posts: 160
Score: 0
Joined: 4/15/2003
Status: offline 		Pls is there any Doc or resource for IEAK,




Thanks alot

(in reply to abanford)
Post #: 13
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/13/2003 2:18:29 AM   
iburnell


Posts: 253
Score: 1
Joined: 5/14/2003
From: London, UK
Status: offline 		I agree that the IEAK will do the job, but I' m not familiar with all the settings and customisations. I dwonloaded the full blown IE6 using the commands listed above and now if you run ie6setup.exe it appears to work fine i.e. not to blow away any existing customisations. The SMS elevated rights tool should do the job. I ran another test and did see the key SMS\Runonce with a key of BrandClearStubs so I' m still not understanding why the job doesn' t successfully complete when logging back in to a non-privileged account as SMS should handle the runonce under its elevated rights. Has anyone managed to do it via the SMS route?

Thanks
Ian Burnell.

(in reply to abanford)
Post #: 14
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/13/2003 12:37:11 PM   
abanford

 

Posts: 333
Score: 19
Joined: 6/20/2001
Status: offline 		If you are going to deploy IE6 you must download and install IEAK6. Then run the IEAK6 Internet Explorer Customization Wizard. The wizard will download the necessary source files and allow you to customise your setup. One of the wizard options is " Enable logon after restart with user-level access" . This is the easist way to accomplish an IE6 distribution to users without Admin rights. You must choose the flat distribution method on the Media Selection page in Stage 1 of the wizard in order to have this option. IEAK6 comes with a detailed Help file that should answer most questions.

(in reply to abanford)
Post #: 15
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/16/2003 9:13:34 PM   
crider

 

Posts: 259
Score: 4
Joined: 11/18/2002
Status: offline 		I' ve tried using the URD option in IEAK, but can only get it to work on Win2k SP3 and later machines. My NT4 machines complain about not having admin rights after logging back in as a non-admin user. I' ve also tried using the RunOnce Wrapper included in the Admin FP with no luck. It gives me the same problem, does not elevate the rights. There' s gotta be an easier, more reliable way to deploy IE than this.

< Message edited by crider -- 10/20/2003 5:21:40 AM >

_____________________________

Chad Rider
AD/SharePoint/SMS/Windows Admin
NT4 MCSE

SMS Site Server Configuration:
Windows Server 2003 SP2
SMS 2003 SP3, SQL 2000 SP3a
3500 clients (NT/2K/XP/2K3)

(in reply to abanford)
Post #: 16
RE: RE: MS03-040 requires admin logon after reboot with... - 10/17/2003 2:15:10 PM   
mcooper

 

Posts: 22
Score: 1
Joined: 2/27/2003
From: Mary Cooper
Status: offline 		How can you get Run_Once.exe aka the Elevated Rights Deployment Tool? When I try to download the Administrator Feature Pack from Microsoft, I get a message that the wizard is not available. Extensive searching on the Premier site and TechNet site only brings me to the same page, and the same message.

(in reply to crider)
Post #: 17
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/17/2003 2:49:02 PM   
bleary


Posts: 172
Score: 11
Joined: 3/12/2003
From: Denver, CO
Status: offline 		MCooper,

I was able to download it without any errors. Try going to this address and click on " Register and download" on the right side of the page:
http://www.microsoft.com/SMServer/downloads/20/featurepacks/adminpack/default.asp

You then get a prompt to sign in with a .NET Passport account, and then you are at a page to download it from.



_____________________________

Brian Leary
Solutions Architect
EMC Microsoft Practice


(in reply to abanford)
Post #: 18
RE: RE: MS03-040 requires admin logon after reboot with... - 10/17/2003 3:16:01 PM   
mcooper

 

Posts: 22
Score: 1
Joined: 2/27/2003
From: Mary Cooper
Status: offline 		I just this minute tried it again, and got the same message:

" Product Download Registration

" The Wizard you are trying to access is no longer available
Please be sure to remove any bookmarks you have to this location on microsoft.com to avoid the error in the future."

Two other folks at my company tried earlier today, with the same results. I wonder if our firewall is doing something screwy? Did you just now try it?


(in reply to bleary)
Post #: 19
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/17/2003 3:53:19 PM   
bleary


Posts: 172
Score: 11
Joined: 3/12/2003
From: Denver, CO
Status: offline 		I tried it right before my reply post. Maybe try clearing your IE cache? If that doesn' t work, here' s the link straight to the file (not sure if its passport dependant):

http://download.microsoft.com/download/a/7/7/a77aa894-00cb-49ba-98cb-c5c76eb3cd57/smsadminfp_enu.exe

_____________________________

Brian Leary
Solutions Architect
EMC Microsoft Practice


(in reply to abanford)
Post #: 20
RE: RE: MS03-040 requires admin logon after reboot with... - 10/17/2003 4:12:19 PM   
mcooper

 

Posts: 22
Score: 1
Joined: 2/27/2003
From: Mary Cooper
Status: offline 		I tried clearing the IE cache, but still got the same message when I tried to access the Microsoft site. However, your link worked like a charm! Thanks millions.

(in reply to bleary)
Post #: 21
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/20/2003 8:54:03 AM   
lbriggs


Posts: 94
Score: 2
Joined: 7/10/2003
From: Hartford, CT
Status: offline 		I am working on the same issue, but came up with a fairly simple KIX workaround. The idea is to have KIX make the changes to the registry to let the admin autologon but also place another kix script in the allusers/startup to reset everything after x minutes.

To do so, a script needs to write the following values: 

WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " DontDisplayLastUserName" , " 0" , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " AutoAdminLogon" , " 1" , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " DefaultUserName" , " Administrator" , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " DefaultDomainName" , " %computername%" , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " DefaultPassword" , " xxxxxx" , " REG_SZ" )

WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " LegalNoticeCaption" , " " , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " LegalNoticeText" , " " , " REG_SZ" )


All you need to change is the default password. The LegalNotice area needs to be set to null in order for the auto-login to work.

Use another script which sets all of the above to null, and AutoAdminLogon to 0, and copy that to the alluser startup. Add a reboot command to the kix scripts and you are good to go.

(in reply to abanford)
Post #: 22
RE: MS03-040 requires admin logon after reboot with IE5.x - 10/8/2008 2:32:40 AM   
kingskawn

 

Posts: 61
Score: -2
Joined: 4/25/2007
Status: offline 		Hello,

I've got IBM iSeries Access V5R4 that is a program to work on mainframes. It installs with 'Setup.exe -s' but needs a restart + login with admin rights. Can I manage this with an easy tool?

EDIT: Skip the restart, I can generate that in the task sequence in SCCM but still needs to login with admin rights


< Message edited by kingskawn -- 10/8/2008 3:39:19 AM >

(in reply to lbriggs)
Post #: 23
Page:   [1]
All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS Feature Packs >> MS03-040 requires admin logon after reboot with IE5.x Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.375