SCCM 2012 OSD - Application Installation using local administrator account instead of SYSTEM account

I sometimes have problems to install applications using the default SYSTEM credentials that SCCM OSD uses. In my tests I have seen that the vendor supplied installation package does in fact support an unattended installation and it works perfectly when installed using a typical user that has membership in the Administrators group. However some packages will not install properly using the SYSTEM account for whatever reason. Granted I could argue and attempt to push the vendor to deal with the shortcoming OR repackage the application completely but I have situations where either of these solutions require large amounts of effort. We arent talking about your typical software packages with a single MSI file that just needs a transform or slight modification; this is more like a huge suite of products that takes 30 minutes to install.

I do prefer to keep these software packages as Applications in SCCM rather than Packages because of the extra features that come along with it.

I would like to consider doing something like a RUN AS during my SCCM OSD task sequence. If I create a local user, add the user to the local Administrators group then I could maybe do something like:

PsExec.exe accepteula u AdminUser p AdminPassword C:\Temp\AppToInstall\Setup.exe /commandlineswitch1 /commandlineswitch2

My thought process is that this would allow the application to install under an administrators credentials, just not the SYSTEM account DURING the OSD deployment process.

I understand that this is not ideal but it may be a compromise that some administrators would be willing to live with on specific situations.

Has anyone attempted to have an SCCM application install during a task sequence while running under an account other than SYSTEM? If so how did you achieve it? Would love to hear comments and input from the community about how this might be achievable AND/OR how the problem about software not installing under the SYSTEM credentials has been solved.

Thanks in advance for any help!!

February 5th, 2014 10:24pm


I normally use the "Run Command Line" step instead as you have the option to run the command line using a user account. Then I use a domain service account which can be added to the local administrators group using a step before like "net localgroup administrators contoso\user1 /add "

Then you don't have any usernames/passwords stored in clear text in the SCCM log files as well.

It have used this in many scenarios, it works great.


Free Windows Admin Tool Kit Click here and download it now
February 6th, 2014 2:24am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics