In addition to random 1603's on MSI apps we are now seeing apps that
have post distribution scripts (using Novell login script not cmd, vbs,
etc) run as the user not as the system. I've come to this conclusion
because most of our post distrib scripts run cacls to adjust NTFS
permissions using as an example:

#cacls "C:\Program Files\Paws" /t /e /c /p users:c

Instead of hiding the dos box it pops up and they get access denied
errors on every file/folder that calcs touches. Doing a verify usually
corrects this as the DOS box doesn't pop up (appears to be running as
system again) and permissions are applied correctly. This is similar to
our 1603 MSI errors. If they rerun the app after the 1603 it works fine.

<RANT>We now get dozens to hundreds of calls a day concerning LDAP
Contextless login, 1603 errors, and apps that don't work because of
permissions. Basically our TCO for 4.90/Zen6.5 has gone through the
roof. Thing is this stuff appeared to work in testing.</RANT>