Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


May 1998

Package Command Manager Service


From the May 1998 Edition
of Windows IT Pro
Tom Amrhein
Feature
InstantDoc #3058
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Systems Administration Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Download the Code Here

Simplifying SMS's application installation across a network

The Package Command Manager (PCM) service that comes with Systems Management Server (SMS) 1.2 helps administrators distribute applications. Unlike the interactive PCM application, which also comes with SMS, the PCM service does not require end users to participate in the installation process. Previous versions of the service had limited functionality because they ran only on SMS logon servers and distributed applications only to SMS site servers. However, the version that ships with SMS Service Pack 2 (SP2) extends the PCM service's reach to user desktops--the service can now run on and distribute applications to any Windows NT workstation or server. Administrators can use the upgraded PCM service to automatically install and upgrade applications on workstations and servers without any user intervention.

Create a PCM Service Account
You need to install the PCM service on every NT workstation and server that you want the service to install software on. You don't need to install the PCM service on SMS logon servers; the SMS Hierarchy Manager automatically installs the service on these machines.

To install the PCM service on machines across your network, you must create an account for the service in NT's User Manager for Domains. This account must be able to connect to the SMS logon server, and it must have administrator rights on every computer you want the PCM service to install software on. You can ensure that the account has both privileges by placing it in the Domain Admins global group, which is a default member of each workstation's local Administrator group. The PCM service account must have domain and local administrator rights, so you can use the PCM service only in a domain (not a workgroup) environment.

Creating a PCM service account opens up a security risk for unwitting administrators. For each service, NT's Service Control Manager makes a Registry entry that includes only the service name, service account name, and executable name. The PCM service associates the pcmsvc32.exe executable with the service account you create. On a system with a PCM service account, clever users who have local administrator rights can stop the service and replace pcmsvc32.exe with their own executable. The substituted executable takes on the rights of a domain administrator application, giving the users open access to most of the domain. For example, they can write an application that deletes files in a directory that only domain administrators can access. To prevent such a security risk, install the PCM service only on workstations where users can't stop services.

Configure an Initialization File
To install the PCM service, you must use a service installation utility. Microsoft Systems Management Server Resource Kit and SMS SP2 include Rservice, a command-line utility that can install, start, and stop services on many remote computers at once.

The Rservice utility requires an initialization file to run. SMS SP2 includes a sample file, pcmx86.ini, which you can modify to meet your needs. Listing 1 shows a modified version of the sample file. The SMS resource kit's documentation explains the initialization file's syntax. The initialization file is a standard .ini file, with one entry on each line and comment lines that begin with a semicolon.

Domain name section. The initialization file must include a domain name section that lists each domain that you want to install the PCM service on. You follow each domain name with acronyms for the types of machines you want to install the service on in that domain: NTWD for an NT workstation, NTSD for an NT server, NTPDC for a Primary Domain Controller (PDC), and NTBDC for a Backup Domain Controller (BDC). For each machine acronym you list for a domain, the initialization file automatically installs the PCM service on every computer of that type in that domain.

You can also specify a list of machines that you want to install the PCM service on, using the Listed option. If you follow the domain name with the =listed entry, Rservice will install the PCM service only on machines you list in the file's machine list section. With this option, you can list a subset of specific machines in the named domain. If you want to install the PCM service on most, but not all, computers of a certain type in a domain, you can use the exclude parameter in the machine list section to exclude particular machines from the installation.

You can use the * character to select multiple machines that match a name. For example, you can enter 

HQ*=include

to include all machines that have names beginning with the letters HQ.

The sample initialization file in Listing 1 shows entries for installing Rservice on a whole class of machines (excluding a machine named demoserver) and a list of specific machines. An actual initialization file would contain only one of these entries.

Other initialization file sections. Your initialization file must include several sections after the domain name section. The format for entries in these sections is 

<computer_or_file_name>=<parameter>

Because all computers that you install the PCM service on will use the same installation parameters, you can use the * character to specify all computers.

The service account section provides the name of the service account that you created for the PCM service. If you will use this account to distribute applications to machines in multiple domains, you must specify in the service account section the name of the domain that the account resides in. Listing 1 shows a PCM service account called pcm_service that resides in the central domain.

The installation directory section specifies the directory where you want to place pcmsvc32.exe on each of the machines that you're installing the PCM service on. I don't recommend installing the PCM service in the C:\ms\sms\bin directory, which is where you typically install SMS components. When SMS upgrades client files, the SMS logon script automatically updates every client computer. However, the logon script will skip a client and not upgrade its files if the client's C:\ms\sms directory is open. NT starts services before users can log on, so the PCM service starts before the SMS logon script can run. Therefore, if the PCM service executable is in the same directory as the other SMS client components, the SMS logon script will never update the components. Placing the PCM service executable in a different directory avoids these conflicts. The default directory for PCM service installation is C:\pcmsvc\x86.bin. However, to minimize the number of SMS directories off the root directory, I typically install the service in the C:\ms\sms\pcm directory.

The source directory section specifies the installation source directory for pcmsvc32.exe files. SMS services already use this executable for site server communication; list the same pcmsvc32.exe file that SMS uses. SMS installs this file in the site.srv directory under the SMS main directory. List the universal naming convention (UNC) path to this file. In Listing 1, the PCM service's installation source directory is an SMS site.srv directory on the E drive of the smsserv computer.

The access permissions section specifies permissions for the directory you list in the installation directory section. You can list multiple types of permissions, but you need to separate them with a space. Your permissions choices include read, delete, and full. You must give the PCM service account at least read permission for the installation directory. In Listing 1, administrators have full permission, and the PCM service account has read permission for the C:\ms\sms\pcm directory.

The Registry settings section specifies Registry entries that Rservice will create during the PCM service's installation. You don't need to create entries for the NT Service Control Manager; Rservice makes these entries. However, you can define additional parameters for the PCM service in the Registry settings section of the initialization file. If you are defining multiple Registry entries for the PCM service on one set of computers, place all entries on one line with the following format: 

*=key:<registry_path> <type>:<name>=<value>

Your Registry path entry must include the appropriate abbreviation for the Registry hive. Abbreviate Registry keys by the first letters of their names (e.g., HKLM for HKEY_LOCAL_MACHINE). If your name or value entries contain spaces, you must enclose the entries in quotation marks. In Listing 1, the Registry settings section enables logging of the PCM service events on the local machine and sets the log file path.

If you enter yes in the automatic start section, as Listing 1 does, the PCM service will start when the system boots. Do not change the default entries in your initialization file's service name or executable file sections. These entries must be the same for every PCM service installation.

   Previous  [1]  2  Next 


Top Viewed ArticlesView all articles
No Jobs, No Excitement at Apple's Last Macworld Keynote

Apple CEO Steve Jobs made the right move in skipping out on his company's last appearance at Macworld: In a Tuesday keynote address at the conference, Apple had no interesting new products to sell, opting instead to spend mind-numbing amounts of time on ...

Where is Microsoft NetMeeting in Windows XP?

...

The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management
Related Events Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Cloud Computing Forum: Integrating Software, Server and Storage as a Service into Your Enterprise IT Delivery Model

Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.


Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Empower Your Processes with PowerShell 201
Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

New Release: Windows IT Pro Master CD
13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2009 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing