Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71643

Windows silent install behaves different than graphical install

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • packaging
    • - Windows 10 VM (Hyper-V VM)
      - Jenkins 2.401.2

      hi,

      I'm trying to install Jenkins on Windows from commandline for a different
      user. My usecase is, that Jenkins should be executed as a normal user (Service account) and i want to use a different user (Administrator) to do the installation for security reasons.

      In the attached log file the admin is called 'Developer' and the normal user is called 'DeveloperNonadmin'

      Expectation: The following command works when executed from an elevated shell:
      msiexec /i D:\path\to\jenkins.msi /quiet /lv! D:\path\to\logfile.log SERVICE_USERNAME=<username> SERVICE_PASSWORD=<password> INSTALLDIR=D:\Jenkins PORT=8080

      Actual behaviour:
      The command only works when i have installed Jenkins for the service account by manually executing the GUI version of the installer. So my workaround is that i install Jenkins via the GUI installer, then uninstall it, then run my script that executes this command and does the customization afterwards.

      Conclusion:
      The graphical installer does soemthing that the silent installation does not do.

       

      PS: i've chosen _unsorted as components because i don't know which component this actually is

        1. logfile-1.log
          107 kB

          [JENKINS-71643] Windows silent install behaves different than graphical install

          Jonas added a comment - - edited

          I got an update on this and an easier workaround:

          For a silent install, the Installer has to be launched from an elevated shell, which means that it is completely executed as an admin user. This also means, that the 'INSTALLDIR' is created for this admin user and that the service account does not have the permissions to access this directory. The consequence is, that the service account is unable to start Jenkins, even if the the directory is something like D:\Jenkins.
           
          My workaround for this is that, before starting the installer, i 
          1. Create the install directory
          2. Then i assign the service account full control over that directory: icacls.exe "D:\Jenkins" /grant "DeveloperNonadmin:(OI)(CI)(F)"
           
          This command assigns

          Jonas added a comment - - edited I got an update on this and an easier workaround: For a silent install, the Installer has to be launched from an elevated shell, which means that it is completely executed as an admin user. This also means, that the 'INSTALLDIR' is created for this admin user and that the service account does not have the permissions to access this directory. The consequence is, that the service account is unable to start Jenkins, even if the the directory is something like D:\Jenkins.   My workaround for this is that, before starting the installer, i  1. Create the install directory 2. Then i assign the service account full control over that directory: icacls.exe "D:\Jenkins" /grant "DeveloperNonadmin:(OI)(CI)(F)"   This command assigns Full access (F) for all objects in that direcotry (OI) and for all subdirectories (CI) refer to https://4sysops.com/archives/icacls-list-set-grant-remove-and-deny-permissions/#rtoc-9 for further reference   So the root-cause seems that the installer is not assigning the permissions for the install directory to the service account.

          Alex Earl added a comment -

          Thanks for the debug, I'll look into this. I have never really tried the silent install method, so its probably something I should look at testing somehow

          Alex Earl added a comment - Thanks for the debug, I'll look into this. I have never really tried the silent install method, so its probably something I should look at testing somehow

            slide_o_mix Alex Earl
            johnnydoesstuff Jonas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: