Suddenly I remembered I didn't install UltraEdit yet, my favorite text editor. I realized I came across a Command-Line Interface reference somewhere and decided to go and find out how this CLI could be used for one-time installations. And guess what: it worked out fine :)These are the steps I took to be able to install UltraEdit:
1. Allow access to CLI (Is restricted by default, needs to be opened up using an ePO task)
2. From CLI: "sadmin begin-update". This enabled the update mode locally
3. Installed the software
4. From CLI: "sadmin end-update"
Using "sadmin help" shows instructions on the available commands, but there is also a comprehensive pdf available covering the CLI.
I am still thinking what the real risk level would be of keeping the CLI opened up continuously. I guess it is a risk that shouldn't be taken, and as opening up the CLI can only be done from ePO I guess to install new software that is not allowed fromone of the exception rules requires you to logon to ePO and open up the CLI from there.
Furthermore I found there is a bit of a flaw to installations that are distributed as an .msi, such as UltraEdit. Before I used the CLI, I tried to install it from a trusted (local) directory by double clicking the .msi. My Trusted Directory however did not have any effect because an .msi file is run by msiexec.exe, which offcourse is not stored in this trusted local directory. Application Control thus still blocked the installation.
No comments:
Post a Comment