Keep UAC on, and the only issue is potentially an update not working.
Lets see if we can at least come up with a workaround for that.
Could you by policy the day before upgrading the server make them all local admins for the day? Are your users that high a risk group?
What if you put in a start up script, and tell them that they need to not hibernate but shutdown and restart on the morning after upgrade. Tell them a week in advance, then if it fails, and you have to attend, at least they were warned.
Do they use SIMS all day every day, you could initiate the upgrade while they are logged on somewhere, assuming the connection is good enough and they aren't needing SIMs.
There must be a way to do at least part of it, without sacrificing your network config.
Are you intending on moving to the latest version, as it's still unavailable so you have time to plan.
Hi vikpaw. Thanks for the suggestions.
I'd really love to leave UAC on. The solution can't give them local administrator, as I want to keep a strict policy that they are not local admins of their computer at any time. I'm more concerned about the installation of software that replaces the software we install by policy. I know that this happens currently with the XP laptops where they are local admins, and with a strict policy under Windows 7, there will be no way that our users can replace components of the build, or install products such as VNC which I'd object to. If users are told to shut down and not hibernate, I think that more than half wouldn't follow the instructions to be honest, and a mess would ensue. I know that my messages go unread at the best of times, and then a lot would forget anyway. We have a lot of machines and few staff, so to be rushing around the morning after an upgrade fixing computers is not ideal.
I was looking at WPKG | Open Source Software Deployment and Distribution yesterday to deploy. I had a quick look, but it looks like this product might have issues with Windows 7. Might be worth investigating though.
I've also contacted our support to see whether Solus 3 will do the job, and if so I asked them when we can have it.
I don't think SOLUS 3 will get around a hibernating machine because the machine and therefore the service is effectively off. So you still need to combat how to wake the machine and then run an update. While the machine is on, you could use it to update the machine, but now you have to get staff to leave the machine on, and not access sims, whilst connected to your network for long enough to upgrade SIMS, which is almost the same issue as before.
You're between a rock and a hard drive.
Sorry to be a bit green, but I don't know much about Solus 3. It was mentioned earlier in this thread that it is a service so the install does not happen under the user context but one of an admin equivalent (I think), so if I could use Solus 3, presumably it gets around permissions issues. However, if Solus 3 is a push technology, so you have to wait for the computer to be on-line and then push the update, then I can't see this working at all. If in some way once the Solus 3 service is on the network and can see the update, then it can pull the update down in some fashion, then that might work as long as the user doesn't have time to use SIMS.NET and mess things up in the meantime.
The thing is, this really shouldn't be difficult I feel. UAC has been around for years, and so has the idea of hibernating laptops. Using these technologies is good practice, as is not giving users local admin.
If with SOLUS 3 the computers have to be on the network at the time of update, then surely laptops can't be used with SIMS.NET?
If Capita expect that their users are not allowed to hibernate if using SOLUS 3, be local admins or not use UAC if not using SOLUS 3, and on top of this unless you use SOLUS 3 have the network admins open up permissions on the local computer to allow for updates - well, I hold my head in my hands in despair.
On top of this, on our SIMS server all SIMS users have modify access to all files on the SIMS share, and our help line inform us that that's the way it has to be. Surely this can't be the case?
I'd love to know the thinking behind all of this. Excuse the rant!
Check out the docs for SOLUS 3 on SupportNet. I don't use it, because it just wasn't up to it a few versions ago, and i dont have the time. I think the service pings the server to check if it needs updating, but you can push it out as well. My only concern, especially with laptops is that you don't just want it to initiate randomly.
I thought the idea was that all machines were upgraded over night. If you get it working, it should be okay, but you still have to deploy the agent, and then authorise the machines to take the upgrade. Someone that is using it now will be able to answer in more detail. I would hope you can authorised it all on your console and then when they come online, they will say, hey, i need to upgrade.
Sorry, i might have confused things with my earlier comment. My only concern with updating laptops is, if it takes a while, or they are roaming it can break the update. This is why for laptops i have a program that runs instead of the normal SIMS icon, and it checks if an upgrade is needed, then gives the user the choice to plug in to ethernet or delay until later. I can imagine it only getting worse if it starts doing it, when they haven't even initiated SIMS and are just walking across the building. Just my view. Desktops are a lot easier though.
I think they have to be on the network for update, i can't remember if its supposed to deliver the files in advance, or if that was the server side of updates.
Thanks. I don't have a SupportNet account yet, but have registered, so hopefully will get the creds tomorrow so I can take a look at the documentation.