The client software is easily deployed via Active Directory and Group Policy, but there’s a problem where the Outlook integration installer requires elevation, even though the only changes that are being made are restricted to the user’s profile. This is obviously ridiculous in a corporate environment, as new user setups require the user to be made a local administrator for their first login just to install Shoretel’s Outlook integration.
I lived with this as an inconvenience over the last few years, but the time has now come to plan for a replacement of our Melbourne office’s out-dated Ericsson PABX system. This issue, then, will be a show-stopper as we’re not going to make 80+ users local administrators – even temporarily.
Last week, I sat down to think about the problem and remembered something I’d read about “shimming” applications in Vista & Windows 7. This then led me to wonder if I could create a shim that stops UAC from being triggered by the Shoretel Outlook integration installer – %programfiles%\Shoreline Communications\ShoreWare Client\UninstWrpr.exe
The above process will obviously break any functionality within UninstWrpr.exe that does actually require elevated privileges, but that’s not a concern to me. I went ahead and created a new Security Database using Microsoft’s Application Compatibility Toolkit, and set up the shim as per one of the technet documents. I installed the resulting sdb file on a test machine using the inbuilt sdbinst.exe command, and voila! The Outlook integration installed without a single UAC prompt, and worked properly to boot.
The only part of the process left, is to figure out how to deploy the shim to the client machines. For the sake of brevity, I’ll detail the entire process in a new post shortly.