We currently have a custom application that we use that was wrote in AutoIT script that allows us to run installations as SYSTEM (access to HKLM), but it presents a dialog box to the user allowing them to delay, etc. It’s basically a lightweight version of the toolkit here. We then make it a dependency of the application we are wanting to deploy. We used AutoIT because we can switch between SYSTEM and USER context on the fly to present dialog boxes, then switch to SYSTEM to access HKLM etc.
My question is can I use this toolkit to run the installation has SYSTEM - Required - Only when a user is logged on (SCCM 2012) ; and it still display the dialog boxes to the current logged on user?
Not quite related to PSAD but based on your statement, I assume your users do not have local admin rights, correct?
If that’s the case, what are you using for privilege management?
Does your installer allow for silent installation as it is? If so, this is not a problem at all even if user is not local admin. There’s a couple of approaches to this. What you want to do is break out of session 0 to present system context for user. ServiceUI.exe (and ServiceUIx64.exe) lets you do this. For example have a look at Paul’s post in this thread (<-- theres a hyperlink here) which helps you on the way. One option in SCCM is ticking the checkbox ‘Allow users to view and interact…’ under User Experience in the Deploy Type properties. (Though I am not entirely satisfied with this feature in CM - mainly because it prevents the application from working with OSD task sequence.)
Be aware though that if you’re planning on adding user specific things (appdata, HKCU) you’ll have to take it some step(s) further. The toolkit has functions to help you out with this, such as Invoke-HKCURegistrySettingsForAllUsers, Get-UserProfiles and Execute-ProcessAsUser.