MS03-040 requires admin logon after reboot with IE5.x

MS03-040 requires admin logon after reboot with IE5.x (Full Version)

All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS Feature Packs

Message

abanford -> MS03-040 requires admin logon after reboot with IE5.x (10/6/2003 9:15:15 AM)
Heads up everyone! From the MS03-040 security bulletin: Reboot needed: Yes - After reboot, an administrator logon is required for: Internet Explorer 5.01 on Microsoft Windows 2000 and Microsoft Windows NT 4.0 Internet Explorer 5.5 on Microsoft Windows 2000

jhawks709 -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/6/2003 9:41:13 PM)
Anyone going to push this with feature pack even if the users are not admins. If so are you going to try and use the runonce admin logon wrapper? thanks!

bleary -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/7/2003 11:13:18 AM)
I' m looking into using the RunOnce wrapper, but I am also considering just making a dependant package to run after the patch reboots the machine. I have sent an e-mail to my Microsoft TAM to find out what what its doing under the Admin context after the reboot. The Windows\CurrentVersion\RunOnce key in the registry shows these two lines before the machine get bounced: C:\WINNT\System32\regsvr32.exe /s C:\WINNT\System32\mshtml.dll C:\WINNT\System32\regsvr32.exe /i /s C:\WINNT\System32\urlmon.dll If this is all its doing, I' m going to try making a dependant SMS package to run after the reboot to register the .dll files. If I find out anything else from my TAM, I' ll post it here.

ilockhart -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/7/2003 5:25:22 PM)
Brian, Just went through a very similar situation when deploying the previous IE rollup fix. Our environment is IE 5.5sp with Win2k and all our users run under local user rights. (further discussion at http://www.myitforum.com/forums/tm.asp?m=36850&p=1&tmode=1) The plan you' re outlining sounds like a reasonable way to go. Can I suggest a couple of little things to also look out for when using this method. First of all, the script you use to deploy the MS03-040 update should remove the 2 reg values mentioned before initiating the restart, and place a reference to itself under runonce. Secondly, the wrapper script you mention needs to delete the runonce value that launched it (as inserted earlier), because a standard user account does not have permission to do this (users only have read access to this key). Good luck with your deployments. Regards Ian Lockhart Network Administrator Melbourne, Australia

mconclave277 -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/7/2003 11:40:16 PM)
Ian, I think your solution combined with SMS SUS may be the way to go for us (we' re in the same boat with MS03-040). I read the discussion re: ms03-032 - can you tell me how you told your wrapper script to run with admin priviledges - did you use the Run As command? thanks, Mhoram

ilockhart -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/8/2003 6:08:39 PM)
Mhoram, The wrapper script I use originally came from another web site (http://www.dragonsoft.spb.ru/ & look for the RunAs script by Ralf Buschmann) which has some very useful Wise scripts & actions. I don' t understand exactly how it works but from what I can see it uses DLL calls, and as long as the username/password/domain information is passed to it, it all works fine. The main reason I spent time looking for something like this, was so that I could hide the admin password (in this case inside an exe file) because runas does not allow you to do it that way. When deploying our new image (also using some this feature), I added a network user account into the local admin on each machine so that I can now use it with the deployment wrapper scripts. Good luck and let us know how you go with this. Regards Ian

mconclave277 -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/8/2003 6:26:03 PM)
Ian, Thanks very much - this could prove to be an extremely useful site! The script looks promising, and interesting - I' m not sure of the calls it' s making, but we' ll see how it goes. Thanks, Mhoram

mcarriere893 -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/10/2003 10:30:12 AM)
BTW the SMS Admin FP has the elevated rights deployment tool (runonce) that is specifically designed to use with installs the require and admin login after reboot. You would then use it, and deploy the patch as a regular s/w distribution. It' s free on the SMS Management site under Microsoft.

iburnell -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/12/2003 7:17:47 AM)
Mark, I' m trying to upgrade to IE6.1 using the run_once tool and have been unsuccessful. I' ve downloaded and followed all the instructions for the elevated rights tool, so that installs Run_once.exe into my ie6 directory. It even sets up the two packages for you, one to cleanup and pre-requirement to run the deploy. This all runs great. If you take off the hidden command you can see the Microsoft Run_once command windows sayings its spawned ie6setup.exe. Great but after reboot log back into the non-priv account (job rans with SMS rights initially) it complains that you must be running an administrative account to complete the upgrade. What am I doing wrong?. I tried looking for the reg keys before the reboot - I' m assuming its moving keys from the run into SMS\run but I couldn' t see them

sambusa -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/12/2003 7:49:51 AM)
iburnell , I am with u in the same situation RUN-once not running correctly,.. Can any one guide us pls Thanks in advance SAMI

fracine -> RE: RE: MS03-040 requires admin logon after reboot with IE5.x (10/12/2003 9:28:13 AM)
I have some difficulties to figure how it works exactly. As an example, can you post how to use it with ms03-040? Or why not writing an article? Yes, I read that documentation but it is still unclear.

abanford -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/12/2003 9:37:15 AM)
If you use IEAK6 to create your upgrade package, you will not need to use Runonce to get elevated rights after the reboot. IEAK 5.5 and above include the option to allow a regular user to logon after the reboot. All you have to do is create your source directory with IEAK then execute the following from a wrapper script. In mine, I have it set to R:N then the wrapper script executes a shutdown with 30 second countdown. ie6setup.exe /C:" ie6wzd /S:" " #e" " /R:N"

sambusa -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/12/2003 9:43:26 AM)
Pls is there any Doc or resource for IEAK, Thanks alot

iburnell -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/13/2003 2:18:29 AM)
I agree that the IEAK will do the job, but I' m not familiar with all the settings and customisations. I dwonloaded the full blown IE6 using the commands listed above and now if you run ie6setup.exe it appears to work fine i.e. not to blow away any existing customisations. The SMS elevated rights tool should do the job. I ran another test and did see the key SMS\Runonce with a key of BrandClearStubs so I' m still not understanding why the job doesn' t successfully complete when logging back in to a non-privileged account as SMS should handle the runonce under its elevated rights. Has anyone managed to do it via the SMS route? Thanks Ian Burnell.

abanford -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/13/2003 12:37:11 PM)
If you are going to deploy IE6 you must download and install IEAK6. Then run the IEAK6 Internet Explorer Customization Wizard. The wizard will download the necessary source files and allow you to customise your setup. One of the wizard options is " Enable logon after restart with user-level access" . This is the easist way to accomplish an IE6 distribution to users without Admin rights. You must choose the flat distribution method on the Media Selection page in Stage 1 of the wizard in order to have this option. IEAK6 comes with a detailed Help file that should answer most questions.

crider -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/16/2003 9:13:34 PM)
I' ve tried using the URD option in IEAK, but can only get it to work on Win2k SP3 and later machines. My NT4 machines complain about not having admin rights after logging back in as a non-admin user. I' ve also tried using the RunOnce Wrapper included in the Admin FP with no luck. It gives me the same problem, does not elevate the rights. There' s gotta be an easier, more reliable way to deploy IE than this.

mcooper -> RE: RE: MS03-040 requires admin logon after reboot with IE5.x (10/17/2003 2:15:10 PM)
How can you get Run_Once.exe aka the Elevated Rights Deployment Tool? When I try to download the Administrator Feature Pack from Microsoft, I get a message that the wizard is not available. Extensive searching on the Premier site and TechNet site only brings me to the same page, and the same message.

bleary -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/17/2003 2:49:02 PM)
MCooper, I was able to download it without any errors. Try going to this address and click on " Register and download" on the right side of the page: http://www.microsoft.com/SMServer/downloads/20/featurepacks/adminpack/default.asp You then get a prompt to sign in with a .NET Passport account, and then you are at a page to download it from.

mcooper -> RE: RE: MS03-040 requires admin logon after reboot with IE5.x (10/17/2003 3:16:01 PM)
I just this minute tried it again, and got the same message: " Product Download Registration " The Wizard you are trying to access is no longer available Please be sure to remove any bookmarks you have to this location on microsoft.com to avoid the error in the future." Two other folks at my company tried earlier today, with the same results. I wonder if our firewall is doing something screwy? Did you just now try it?

bleary -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/17/2003 3:53:19 PM)
I tried it right before my reply post. Maybe try clearing your IE cache? If that doesn' t work, here' s the link straight to the file (not sure if its passport dependant): http://download.microsoft.com/download/a/7/7/a77aa894-00cb-49ba-98cb-c5c76eb3cd57/smsadminfp_enu.exe

mcooper -> RE: RE: MS03-040 requires admin logon after reboot with IE5.x (10/17/2003 4:12:19 PM)
I tried clearing the IE cache, but still got the same message when I tried to access the Microsoft site. However, your link worked like a charm! Thanks millions.

lbriggs -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/20/2003 8:54:03 AM)

I am working on the same issue, but came up with a fairly simple KIX workaround. The idea is to have KIX make the changes to the registry to let the admin autologon but also place another kix script in the allusers/startup to reset everything after x minutes.

To do so, a script needs to write the following values:

WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " DontDisplayLastUserName" , " 0" , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " AutoAdminLogon" , " 1" , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " DefaultUserName" , " Administrator" , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " DefaultDomainName" , " %computername%" , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " DefaultPassword" , " xxxxxx" , " REG_SZ" )

WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " LegalNoticeCaption" , " " , " REG_SZ" )
WRITEVALUE(" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" , " LegalNoticeText" , " " , " REG_SZ" )

All you need to change is the default password. The LegalNotice area needs to be set to null in order for the auto-login to work.

Use another script which sets all of the above to null, and AutoAdminLogon to 0, and copy that to the alluser startup. Add a reboot command to the kix scripts and you are good to go.

kingskawn -> RE: MS03-040 requires admin logon after reboot with IE5.x (10/8/2008 2:32:40 AM)
Hello, I've got IBM iSeries Access V5R4 that is a program to work on mainframes. It installs with 'Setup.exe -s' but needs a restart + login with admin rights. Can I manage this with an easy tool? EDIT: Skip the restart, I can generate that in the task sequence in SCCM but still needs to login with admin rights

Page: [1]

0.34375