4 Replies Latest reply on May 19, 2020 3:48 AM by AaronWhittaker

    Corporate laptops and Workspace One.

    trlhrn Lurker

      Corporate laptops and Workspace One. We want to enroll our corporate laptops in the Workspace One. But when the user launches an AirwatchAgent.msi installation requests ad admin privileges to complete the installation. How we can get around this because our employees haven't administrator rights on the corporate laptops.

        • 1. Re: Corporate laptops and Workspace One.
          AaronWhittaker Novice

          Do you have anything already in place for application deployments such as SCCM?

           

          If not you could deploy it via group policy.

           

          Or you could write a script that runs the MSI as an administrative account so all the user needs to do is run that script and it will elevate itself.

           

          We install it during the build (MDT), if it needs to be installed after the fact its a manual job for on site support who run a script.

          • 3. Re: Corporate laptops and Workspace One.
            trlhrn Lurker

            Hi.

            We haven't SCCM.

            In our casу employees are out of the office. so we must install this without SCCM, GPO, etc.

            • 4. Re: Corporate laptops and Workspace One.
              AaronWhittaker Novice

              I assume that you have a local admin account on the devices? If you do then you can send the users a script that will run the MSI as that account, here is something that I quickly wrote up that should work (its untested but in theory should do what you want, or at least give you a starting place). Just fill in the bits at the top with your information and give it a test. It will download the latest version of the client from the VMWare servers and then run the MSI as the admin account and attempt to enroll using the enrollment account you specify. The only issue is that your admin password will be in plain text. You could get around that be encrypting it.

               

              See how you go

               

              $servername = "##Server FQDN##"
              $OGID = "##OGID##"
              $AdminUser = "##ADMINUSER##"
              $AdminPassword = "##ADMINPASSWORD##"
              $StagingUsername = "##staging username##"
              $StagingPassword = "##staging password##"
              
              $credentials = New-Object System.Management.Automation.PSCredential ("$AdminUser", $(ConvertTo-SecureString "$AdminPassword" -AsPlainText -Force) )
              
              $proxy = [System.Net.WebProxy]::GetDefaultProxy().Address.OriginalString
              $tempFile = "$env:Temp\AirwatchAgent.msi"
              
              if ($Proxy) {
                  Invoke-WebRequest -OutFile ($tempFile) -Uri "https://storage.googleapis.com/getwsone-com-prod/downloads/AirwatchAgent.msi" -Proxy $proxy
              } else {
                  Invoke-WebRequest -OutFile ($tempFile) -Uri "https://storage.googleapis.com/getwsone-com-prod/downloads/AirwatchAgent.msi"
              }
              
              Start-Process msiexec.exe -Wait -ArgumentList "/I $tempFile IMAGE=N ENROLL=Y SERVER=$servername LGName=$OGID USERNAME=$StagingUsername PASSWORD=$StagingPassword ASSIGNTOLOGGEDINUSER=Y DOWNLOADWSBUNDLE=True /Log $Env:Temp\Workspaceoneinstall.log" -Credential $credentials