Credentials for Deployment Installer

Vrogers · ‎10-23-2019

I'm in the process of creating a deployment installer to update Google Chrome to v78. I've read and understand that it's required to have username/password information with read&execute privileges entered in order to deploy an installer. It's been highly advised that it not be an admin username/password. So, would a domain username that's setup specifically for the purpose of being used for the deployment installer that just has access to the installer share files work? That's what I'm getting from it.

(Edited the Subject line, formerly read "Scanning Creditials" I was in a hurry and clearly wasn't thinking when I titled it, my apologies.)

Vrogers · ‎10-24-2019

After messing around with it for the better part of a day I've finally got it figured out. So far, the deployment is working the hand full of endpoints that I'm pushing it out too. Thanks for the help!

Vrogers · ‎10-24-2019

Just to make sure that I'm following correctly... You're able to use an account that is local to only the lansweeper server, and not a standard domain account? Can the username vary from the .\lsshare? Our path differs from what I've read from others, I'm guessing that's irrelevant? On the server, our path is Program Files(x86)\Lansweeper\PackageShare. There are three files in PackageShare, Images, Installers and Scripts. You can continue to the file 'Installers' and it's empty. Does it really matter where I place the deployment installer, whether I drop it in 'PackageShare' or continue and place it in the 'Installer' file? As long as I enter the correct path when setting up the deployment, of course?

CyberCitizen · ‎10-28-2019

Vince wrote:
Just to make sure that I'm following correctly... You're able to use an account that is local to only the lansweeper server, and not a standard domain account? Can the username vary from the .\lsshare? Our path differs from what I've read from others, I'm guessing that's irrelevant? On the server, our path is Program Files(x86)\Lansweeper\PackageShare. There are three files in PackageShare, Images, Installers and Scripts. You can continue to the file 'Installers' and it's empty. Does it really matter where I place the deployment installer, whether I drop it in 'PackageShare' or continue and place it in the 'Installer' file? As long as I enter the correct path when setting up the deployment, of course?

Hi Vince,

Sorry I have been afk for a bit, weekend here etc.

The share password is the one that is not secure and could be captured which is why we use a local account on our file server for that share only. The deployment account still needs to have admin rights on the end user machines most of our deployments are done under the scanning credentials account.

Yes you can use the default Lansweeper PackageShare it creates on your Lansweeper server. In our case we have the packages hosted in a different location on our file server which you can specify in the settings the Package Share path.

Glad you got it working etc.

CyberCitizen · ‎10-24-2019

There is the share account (eg an account used that accesses the package shares).

Then there is also the scanning account which needs admin rights on the machine its scanning. Most use a domain admin account as it needs to be able to connect to your remote machines from the server and run the necessary WMI queries.

In our environment, we have a local account on the file server which only has access to that location as a share. So that account can't be used anywhere else.

Default Package Share \\FILESERVER\Apps$
Share Username .\lsshare

Then we have the scanning credentials which is a domain admin service account.

For security reasons it is best to provide a user with only read-execute rights on the shared folder.
Keep in mind that using an administrator account is a severe security risk! This password will be accessible to all users. (referring to the share account).

Credentials for Deployment Installer

New to Lansweeper?

Try Lansweeper For Free