We had a problem with the sametime meeting room not being able to load on our configuration restricted windows 2000 workstations and laptops. Our admins did restrict the c:\winnt folder to users, and power users rights were not given to any one.
We went into details to find out how the meeting room client and the java client is installed. We found out that:
- a java applet is downloaded to "c:\winnt\downloaded program files" and "c:\winnt\java"
- Entries are written to the registry to "HKEY_LOCAL_MACHINE\software\windows\code storage database"
We sought help in IBM support center to find a way to deploy the sametime java applet without having to unlock the whole win2k configuration.
We had a a good feedback from the IBM support who provided a 2.5 secure desktop install, the only little bug was that you had to be an administrator to install it! so a remote install for everyone could be forgotten.
We tried to make an SMS script with admin rights with the install, but it did not work and IBM did not provide a silent install option anyway.
We finally broke down the install process of the secure desktop distribution and spotted the registry keys and folders to let sametime install itself without letting the users having all rights on the c:\winnt folder.
Here's what you have to do:
- Unlock the registry key HKEY_LOCAL_MACHINE\software\windows\code storage database to allow USERS to write to it.
(see technet note:
http://support.microsoft.com/default.aspx?scid=kb;en-us;273855)
- The "c:\winnt\downloaded program files" AND "C:\winnt\JAVA\" folders' security has to allow USERS to WRITE to the directory (no need for full control) (use "attrib -s" to unlock downloaded program files folder)
We have tested this in our environment, but it might not work elsewhere.