In my personal life, I have zero run modes. On a good day, I manage a brisk amble, and that's only with a favorable wind at my back. PDQ Deploy, on the other hand, has four run modes. But why does it need so many, and when should you utilize each one? Let's find out.
What are run modes?
Run modes in PDQ Deploy allow you to designate which account or account type to utilize when deploying a package.
All applications are unique in design and scope. They each require varying levels of access to system components and services. To meet the needs of the variety of applications available, PDQ Deploy provides several different run modes to ensure packages have the permissions necessary to install successfully across systems.
The four different run modes of PDQ Deploy
While most applications can be deployed using the default run mode in PDQ Deploy, you may come across situations that require different levels of system access depending on the application and its uses.
Here's an overview of the various run modes available in PDQ Deploy and some tips to help you decide which run mode is best for your deployment.
Deploy User
Deploy User is the default run mode in PDQ Deploy. This run mode is your bread and butter solution for 99% of your deployments.
Deploy User utilizes credentials configured in the PDQ Deploy console. These credentials should have administrator access to the deploy console and the machines you manage. With administrative access, Deploy User can ensure applications are deployed silently, removing user interaction.
Keeping Deploy User configured as your default run mode is highly recommended.
Deploy User (Interactive)
Deploy User (Interactive) is similar to Deploy User, with one significant difference: Deploy User (Interactive) allows you to deploy applications that may require user interaction.
Deploy User (Interactive) is an excellent option for applications that don't have a silent installation switch or require user input to complete the configuration. This run mode allows installations to run using the administrative Deploy User credentials while enabling end users to complete any on-screen prompts. With interactive deployments, it's important to inform your users that they may receive a prompt to complete an application installation.
Occasionally, you may come across an application that requires an interactive environment but doesn't actually prompt for user input. While these situations are rare, a couple of examples of applications that require Deploy User (Interactive) mode are Microsoft Office and Autodesk applications. These installations don't require additional user input, but they won't successfully deploy unless you use Deploy User (Interactive) because they require an interactive desktop. If you run into problems with a deployment, try changing your run mode to Deploy User (Interactive) even if you know the deployment is silent.
Local System
The Local System run mode utilizes the host's local system account to do all the heavy lifting for a deployment. While the connection to the target host and file copies are still handled by the Deploy User credentials, the local system account is used to launch the runner service and complete the deployment tasks. The benefit of utilizing the local system account is that you gain unrestricted access to the target system.
Now, you may be wondering why you wouldn't just use this mode for all of your deployments. For one, very few packages require this level of system access. The Principle of Least Privilege suggests that only the minimum level of privileges necessary to complete a task should ever be used. Additionally, the Local System run mode doesn't have access to network resources. If a package requires files from a network share or a script refers to a UNC path and you've used the Local System run mode, the deployment will most likely fail.
Logged on User
The last of the four run modes available in PDQ Deploy is the Logged on User run mode. Similar to the Deploy User (Interactive) mode, the Logged on User run mode attempts to run packages in an interactive session.
This run mode is unique in that it uses the credentials of the currently logged-on user to start the runner service, providing access to user-specific environments such as the HKEY_CURRENT_USER registry hive or the user's %APPDATA% folder.
If you deploy a package using this run mode to a computer and no current user is logged on, the package falls back to the Local System run mode. To avoid deploying packages to machines that do not have a user currently logged on, use the Logged On State condition in the Conditions tab of a package and set it to Only run if a user is logged on (including Locked and Disconnected).
Where to configure run modes in PDQ Deploy
Choosing the correct run mode for your deployments is critical. That's why we give users the ability to configure this setting at the console, package, and step level, ensuring admins have the tools they need to get the job done.
Here's where to configure the run mode options in PDQ Deploy.
Console level
Starting at the broadest level, the preferences menu allows you to configure the run mode at the console level. This is your default system run mode. All packages and steps use this run mode by default unless you manually change the run mode at the package or step level.
PDQ Deploy is configured to use the Deploy User run mode by default. While you can change this setting, it's highly recommended to leave Deploy User as the default run mode unless you have a specific use case that requires a different configuration.
Here's where to find the setting:
In PDQ Deploy, click Options > Preferences.
Click Deployments.
Here you'll find the Run packages as setting with a drop-down menu next to it with the different run mode options.
Package level
The next location you can configure the run mode setting is at the package level.
Here's where to find the setting:
Double-click on a package in PDQ Deploy to open it.
Ensure you have the Properties menu item selected.
Click the Options tab. Here you'll find the Run As setting with a drop-down box where you can change the run mode.
Step level
Last but not least, you can change the run mode at the step level. Often, if a package requires a different run mode than the default, it's only necessary for one specific package step. Configuring this setting at the step level gives you the most control over your package and deployments.
Here's where to find the setting:
Double-click on a package in PDQ Deploy to open it.
Select any of the available package steps.
Click on the Options tab. Here you'll find the Run As setting with a drop-down box where you can change the run mode.
You can find an example of this configuration in our Dropbox package available in the package library. The actual installation step utilizes the Deploy User run mode, while the step that starts the Dropbox.exe utilizes the Logged on User run mode.
Wrapping up
As I mentioned, the Deploy User run mode is sufficient for the vast majority of your deployments. I always recommend using this run mode as the default when building packages. If a deployment fails using the default run mode, then try changing it up. Maybe the application needs an interactive session or access to the user-specific directories or registries. Regardless, the options are there to ensure you have everything you need to manage your IT assets.
For those of you not taking advantage of the power of PDQ Deploy, what are you waiting for? Find out for yourself how PDQ Deploy and PDQ Inventory can help you become the hero of your IT department. Download a 14-day free trial now, and you'll only have to live with the regret of not trying it out sooner.