Jeff Huston at myITforum.com

I'm hoping to provide some scenario based prescriptive guidance for deploying SMS packages to end users.  You should see a few of these over the coming weeks as I add more scenarios.  I'm going to start with a bunch of the less obvious ones so that you can benefit faster.

Scenario: Deploy a software upgrade from a given file share, but that software installation must be run from that particular file share (i.e., poorly written software that still uses a shared executable).

Solution 1: If the user is an administrator, run the program as the user.  Target a batch file or other command that is on the share.  This will force the network connection to the file share to be done as the user.

Solution 2: If the user is not an administrator, then you must run as the SYSTEM account.  Because the SYSTEM account will not have access to the network file share (by default), you need to configure SMS to use the Advanced Client Network Connection Account.  First, grant that account access to the file share.  Then, configure the program to run as the local system context but to execute a batch file or command from the particular share.  When running, the client will first attempt to connect as SYSTEM.  Once that fails, it will then attempt to connect using the Network Connection account and then proceed to run the executable (still as SYSTEM - only the network connection's credentials are changed).

NOTE: In order for the network connection account to be attempted, the package cannot contain any source files - it must be considered a script instead of an installation.  Second, the program's command must be a UNC path to a batch file or executable.  Doing otherwise will not cause the SMS client to try to connect with the network connection account.

That's it for the first installment.  More as I come up with them.