Issues with Snap-ins
-
just thought of something, could it be a permissions thing? Under what username will the Snap-in be installing? fog?
-
That script looks absolutely fine to me, I’d go with the permissions thing too. I have had several issues with some snapins early on and nearly all of them went away when I told fog client to run under the local administrator account. I’m not saying thats your issue, but give it a go so it can be discounted if its not the fix.
By the way, the sleep.exe app is in the script I notice… not to patronise at all, as I use it myself, but you have downloaded it right? You dont seem like a novice at all, but I’m just mentioning it in case its something that slipped your mind.
Anyhow… I’ve included screenshots of what I did to fog client for you to try.
Incidentally I have a fully working snapin of Adobe Reader 11.0.1 Which you are more than welcome to.
[ATTACH=full]243[/ATTACH][ATTACH=full]244[/ATTACH]
[url=“/_imported_xf_attachments/0/243_services.jpg?:”]services.jpg[/url][url=“/_imported_xf_attachments/0/244_serviceproperties.jpg?:”]serviceproperties.jpg[/url]
-
lol no I have not forgotten it, not patronizing at all, I suppose won’t know until you ask.
I will give the permissions thing a go. Anything else I should look out for?
Thank you for the help btw!
-
The only other likely thing that springs to mind is that perhaps its a vlan issue? I guess it depends what port fogservice uses to talk to the server on and if thats allowed… presuming that you use vlans?
Lets see how the local administrator thing pans out. I’m hoping its that simple for you.
-
I created a domain admin account specifically for the FOG service to use.
Going to try the snap-in now. Will let you know how I fare.
-
Hi Matt,
Simply Love you!! That worked a treat!! Thank you sooo much…
-
Brilliant… glad to be of help and give a little back
-
For security reasons and just in case there is ever a vulnerability in the FOG client that can be exploited, you may want to reduce that service account to a normal user, but through Group Policy, make it a local admin on the boxes and give it rights to any network shares that it may need.
-
Chad do you think my giving the service local administrator access will suffice then? I assumed that should there be a vulnerability that if it had only local admin privileges, it would be a lot less of a threat to the security of my network that way rather than give it a domain account that allowed local privileges. I see exactly what you are saying, I guess my question is simply, is it safe the way I did it in your opinion?
-
If you use a domain admin account for this, you will most likely fail any kind of security audit including Sarbanes-Oxley if your financial systems are tied to your active directory in ANY way. Even if you aren’t a publicly traded company, it’s not safe to hand out domain admin accounts even if they are easier to deal with in terms of security troubleshooting. While I normally will try a domain admin account during debugging to see if it’s a permissions issue, I do my best to avoid them if at all possible. If I must use one, I must.
If you want to create and use a local account in the workstations administrator group, that will give the FOG service enough rights to the local machine, but may not allow them to access network resources that are not visible to the “Everyone” group on your domain.
There is something special about the local system and network service accounts on Windows in regards to accessing remote service, but I don’t remember them offhand.