Dynamic targeting greyed when using "password" execution override

arneh 2018-10-15 07:05:29 UTC #1

Hi!

I have come across an application that requires local admin rights to be installed, and furthermore that the user logged in on the client you are deploying to must see and be able to input information in the installation dialog.

One of the solutions I have considered is using the following Action Script statements:
override wait
hidden=true
RunAs=localuser
user=administrator
password=required
completion=none
wait application.exe

The above appears very promising since you are asked for the local admin password during “Take Action”, but:

Dynamic targeting becomes greyed, in effect making the deployment as an “Offer” extremely cumbersome, and
The install dialog is not shown in the logged-in user’s console

Is there a way to avoid dynamic targeting getting greyed when using the “password” override?
Is there a security measure behind greying?

Override with password

vnovik 2018-10-15 07:21:40 UTC #2

Hello arneh,

When “password=required” is specified, a Take Action Dialog requiring to enter the user’s password is displayed on the Console. That password is then passed to the agent as a SecureParameter.

Dynamic targeting has an action that ends up in the actionsite of the user. If you use secure parameters this MUST be a mailbox action and thus targeted directly which means picking the endpoints so that the system can encrypt the parameters to the specific endpoints. With Client Mailboxing you can send an encrypted action to any given client, instead of broadcasting it to all clients.

arneh 2018-10-15 07:31:31 UTC #3

Hi vnovik!

Thank you for an excellent explanation, makes sense!

Best regards,
Arne

dipan1990 2019-01-16 20:39:16 UTC #4

@vnovik @jgstew @JasonWalker @steve @jgo @Aram

Thanks for the explanation.

However there’s a requirement where-in we would require to use the override along with “Dynamically target by Property” which would be delivered to the users as “Offer”.

Require help here.