Deployment from Network Share

Remote Installer supports two deployment kinds, those are local and network. The deployment kind is detected automatically depending on path to the setup file. When a UNC path is used, the installer is launched from a network share, whereas it is copied to each remote Machine before performing the installation when an absolute local path is used. In any case, the user account used for deployment should have sufficient privileges to perform all deployment steps. The account used is configured within the deployment account settings. You can either configure Remote Installer to use the account that can access the network share and has administrative privileges on a remote Machine or configure the access to the network share so as to grant access to a Local System account if you choose to use it for deployment. Let us take a closer look at both approaches.

Using an administrative user account

Using an administrative user account is the preferred method for performing remote deployment. You can either use the domain administrator credentials or create a special user account that will be used only for performing remote deployment. The requirement to that account is that it should have administrative privileges on each target Machine and be able to access the network share with the installations repository.

In case you have not provided the network administrator credentials during the initial program configuration or within the Credentials view, the current user account is implicitly used for deployments. Even if the current user account is the administrative one, it is strongly recommended that the administrative credentials be defined explicitly since only the minimum necessary information on a connecting user is passed to a remote Machine by the operating system when performing network authentication. Otherwise, the following limitations arise: the process run as an implicitly retrieved user account won't be able to authenticate for accessing network shares unless a domain environment is used and both the user and computer accounts are trusted for Kerberos delegation.

The account used for deployment is the same as the one used for connecting to a remote Machine. It is provided in the Credentials view. You can provide a single account for the entire network or specific accounts for groups or individual Machines Pic 1.

Providing credentials for a domain and a workgroup

Pic 1. Providing credentials for a domain and a workgroup

Within a domain environment, it is sufficient to use any user account that is a member of the Domain Administrators group. Inside a workgroup environment, there are no user accounts shared between Machines, so it is required that each Machine should to have an account that is a member of the local Administrators group with the same credentials as specified to be able to use the described approach.

In the provided example for the domain environment settings, it is supposed that the installer@wintoolkit.local is a domain administrator account within the wintoolkit domain, and for the workgroup environment settings, the .\installer notation means that for each Machine its local user is used. Thus, target Machines and the Machine containing a network share with the installations repository must have the local installer user that belongs to the Administrators group.

In case your configuration is meant to run deployments as the user currently logged on to a remote Machine, you should configure the network share to allow access for that user.

Using the Local System account

The approach of using the Local System account to perform deployments from network shares can be used only within a domain environment. Such an account has extensive privileges on the local computer and acts as a computer on the network, so the network share should be configured so as to allow access for each target computer.

Configuring a network share to allow access for domain Machines

Pic 2. Configuring a network share to allow access for domain Machines

To reach the goal, you should grant access for the Domain Computers group. Optionally, you can grant access to Everyone, if applicable. To configure the share permissions, you should open the share properties, switch to the Sharing tab and press the Permissions button.

As you can see, the ability to deploy from a network share depends on the environment configuration. Now that you have been introduced to the approaches used to enable this option under different environments, you should be able to use this feature without any difficulties.