Trying out new 9.5.5 "Run As Specified User" capability

Developer.BigFix.com appears to be the premier reference location.

You can find out more about this feature here: https://developer.bigfix.com/action-script/reference/execution/override.html

I do see how this is an issue:

but, I am curious:

• What is your use case?
• You have software that fails to install when run under the System account, but succeeds when installed as a service account?
• Does the software require admin rights to install?

You might be able to get an account to show up as having logged in by using something like PSExec or similar on the machines through bigfix if the account is not in the list. I’m not sure what is required to appear on that list. RDP should work, but still not a good solution.

Another option might be to have BigFix create a local admin user with a randomized password and then use it and delete it. Definitely not an elegant option.

We are working to remove the requirement for the user to have previously logged in for a future release along with some privilege escalation capabilities that should help.

Steve, is there an ETA when this will be available? So many of us Administrators out there need this fixed and we’ve been waiting for this for so long. I’m faced with having to manually do an install for 800 machines, but if you and your team perfected this you would be lifesavers!

Thanks.

Many of us would like to use this, can someone post simple examples of how to use this new feature?
Thanks!

Hi James - Some use cases that we have are programs that are Profile specific. For example, WebEx Productivity Tools. If installed as System, they appear in Control Panel > Programs, but no where else. The user would have to located the EXE in the file system and open it for it to work.

Running as user works great if UAC is disabled, but UAC isn’t disabled on all of our endpoints, so it would be hit or miss.

OneDrive would be another example of a Profile specific installer.

The enhancements I mentioned are coming in 9.5.7 around the end of Sept. They should also help with the UAC issues AlexaVonTess described.

Just an update on the WebEx install… This was corrected using the ALLUSERS=2 switch (ref).

Is 9.5.7 available and do you have some sample code? I really need this. Thanks.

I have been trying to get this to work with both local and domain users, but only seem to get errors posted above. Here is the latest what I’ve tried:

override wait
hidden=true
RunAs=localuser
user=administrator
password=required
completion=none
wait notepad.exe
Command failed (Cannot find needed SecureParameter ‘action override password’) wait notepad.exe

If you need to use override runas=localuser, without manually log in with the specified user, then you can just use 9.5.7 Agent.
If you want to run program with elevated privilege, there is a sample at the bottom of https://developer.bigfix.com/action-script/reference/execution/override.html (need 9.5.7 Agent).
Also, with 957 Agent, override runas=localuser works with both local and domain account.

If you run the action containing password=required through API, you need to supply password as “action override password” secure parameter as the message indicate.
When you take action from the Console, Console prompts you the password and pass it with the secure parameter.