The following information is provided as a work around; it
has undergone limited testing against a Windows 2000 Service Pack 2 (SP2) clean
environment. Be careful if you implement this work around because of the
limited support available. You must not modify these scripts. If you do not
follow the original scripts, issues may occur that will prevent the
installation from completing. Microsoft Product Support Services does not
support a modified script.
It can be a costly task for enterprise
customers to deploy Internet Explorer in a large corporate environment because
the setup of Internet Explorer requires at least one administrator logon for
each client computer. However, many users may not be able to access their
clients to perform the Internet Explorer setup if they are denied administrator
privileges because of corporate security policy. If users are denied the
administrator privilege, the administrator must physically access each client
to complete the Internet Explorer installation. The installation costs can
increase substantially as the number of clients
increases.
Administrators who use the Software Installation component
of Group Policy can use the Internet Explorer 6 Service Pack 1 (SP1) Setup MSI
Wrapper (Ie6sp1gp.exe and Ie6sp1gp.msi) to work around the administrator logon
instead of using the workaround that is described in this article.
For administrators who use Microsoft Systems
Management Server (SMS) to manage their networks, the following article
describes a method to use SMS to work around the administrator logon instead of
using the workaround described in this article:
223371 Installing Internet Explorer 5 to Windows NT 4.0 Using SMS 1.2
For additional information about the User
Rights Deployment feature, click the article number below to view the article
in the Microsoft Knowledge Base:
260090 Users Without Administrator Privileges Can Complete Internet Explorer Installation After Reboot
The following two methods demonstrate how to deploy
Internet Explorer without the need for local administrator logon.
Method 1
- Use IEAK to build a URD-enabled package.
- Create a computer startup script to start the Ie5setup.exe
(Internet Explorer 5.5 SP2) or Ie6setup.exe (Internet Explorer 6 SP1)
program.
- In the Group Policy object (GPO), assign the startup script
to the clients.
The following is a sample startup script for Internet Explorer
6 SP1:
on error resume next
set wshShell=wscript.CreateObject("wscript.shell")
bld=wshShell.RegRead("HKLM\Software\Microsoft\Internet Explorer\Build")
if bld<>"6.0.2800.1106" then
wshShell.run "\\server\iesetup\check\flat\win32\en\ie6setup.exe /q", 1, True
end if
if err.number<>0 then
wscript.echo "Error[" & err.number & "]:" & err.description
end if
NOTE: If you are installing Internet Explorer 5.5 SP2 instead of
Internet Explorer 6 SP1, use "54807.2300" for the build number.
For
additional information about how to determine the Internet Explorer build
number, click the following article number to view the article in the Microsoft
Knowledge Base:
164539
How to Determine Which Version of Internet Explorer Is Installed
Method 2
- Use IEAK to build a URD-disabled package.
- Copy the Ie55urd.exe and Ie5.msi files into the
package.
- Create a Microsoft Installer (MSI) wrapper for the
Ie5setup.exe or Ie6setup.exe program.
- Create a shutdown script to start the Ie55urd.exe program
(the sample script).
- In the GPO, assign the MSI wrapper of the Ie5setup.exe or
Ie6setup.exe program to the clients.
- In the GPO, assign the shutdown script to the
clients.
The following is a sample shutdown script for Internet Explorer
6 SP1:
on error resume next
set wshShell=wscript.CreateObject("wscript.shell")
clrStub=wshShell.RegRead("HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrandClearStubs")
if err.number=0 then 'Just finished IE6setup
wshShell.run "\\server\iesetup\check\flat\win32\en\ie55urd.exe",1, True
end if
These methods may fail if you have set a group policy
(User\Administrative Templates\System\Logon) to prevent users (not
administrators) from running the RunOnce key.