How to avoid automated service detection message while deploying any software in ITCM Client?
The ITCM agent is running as the Local System account, in the services space -- session 0. As of Windows Vista and forward, Microsoft has implemented a concept called, "session 0 isolation", to prevent services from exploiting user elevation privileges.
Previous to Windows Vista, the first logged on user also ran inside session 0, alongside system services. This made it possible for services to take advantage of user privileges, and it also made it possible for the logged in user to interact with any service that created some interactive GUI.
From Windows Vista and forward, now session 0 is reserved only for system services, which Microsoft is asserting, to be unattended and non-interactive services. Microsoft has essentially drawn a line, on the basis of security concerns/exploits.
What's happening to you is that your ITCM agent, running inside session 0, when it's running your software job, is intending to interact with the user. That is to say your installation is not silent, wanting to display some graphical GUI to the user-- possibly requiring some interaction, or possibly because some window is not properly suppressed.
So what kind of software package are you delivering? Is it anything that requires user interaction to complete installation? Or perhaps is there some unattended install that is no suppressing it's GUI?
When ever a service inside session 0 attempts to interact with the user, that's when you will receive the "Interactive Services Detection" message inside the logged in user session. If you click on the message, interactive services is taking you to the session 0 desktop, allowing you to view only the message/GUI that some service is intending to display to you, whether it requires input or not.
Thus, please share more details about the package you are delivering, and perhaps the procedure/command line you are using to deliver it.
Brian Fontana, CA Support
I found a nice solution to this. We are using Batch scripts for software package procedures.
This is not state of the art but it works nicely. If you use Batch scripts you are triggering this behavior.
This can be easily avoided if you utilize silentCMD.
Retrieving data ...