MSI Installer default TEMP path triggering TRAPS notifications

Reply
L1 Bithead

MSI Installer default TEMP path triggering TRAPS notifications

Hello Folks,

 

Long time lurker, first time poster.

 

Thought I'd share something I've come across with our TRAPS 4.1 deployment and some pesky "Media Control" restriction notifications and a solution that may be helpful for others.

 

We're running our TRAPS install pretty much as it comes out of the box, not wanting to put in too many overrides just yet while I come up to speed with the system.

 

Some of our physical servers have USB drives attached to them, with the USB drives being used as backup destinations for data that we need quick access to.

 

I've noticed that when our servers that have these drives auto-patch overnight that TRAPS flags "attempted execution of executable from restricted location" on files such as "I:\8bb0d569f43ccb2c60051475\Setup.exe".  Now the MSI installer uses temporary file storage on whichever attached disk has the largest amount of free space, which in the case of these servers the USB drives.  And I assume that TRAPS is classing this as removable storage or such and flagging the issue.

 

Rather than code up a TRAPS exception for this, I've done some digging around on the interwebs and have come across an article that explains how to configure the Windows MSI installer to use a fixed drive for MSI temporary file storage:

 

https://serverfault.com/questions/372789/keep-windows-installer-from-using-largest-drive-for-tempora...

 

It's a registry change, so it can be delivered on a server by server basis or by group policy if required.

 

It appears to have stopped the TRAPS notifications as the files are running from an authorised location (non-removable media) and we have our temp MSI files being written to a pre-determined drive, something the control-freak in me appreciates.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!