Installing files and updates using GPO

[GriTZ-TeCH]

Hi! I have a network which is composed of around 100 PCs and I am alone in
charge of administering it. Its lately becoming a real pain to update
programs and install software into each PC, running around with the CD
media. I am sure Microsoft had catered to have this procedure automated by
using GPO but dont know how to use it.

Can you please describe how this is done? I have heard about .msi extensions
but cant make anything out of it.

Thanks.

 

[Florian Frommherz [MVP]]

Howdie!

Hi! I have a network which is composed of around 100 PCs and I am alone in
charge of administering it. Its lately becoming a real pain to update
programs and install software into each PC, running around with the CD
media. I am sure Microsoft had catered to have this procedure automated by
using GPO but dont know how to use it.

Group Policy Software Installation only works for MSI installer
packages. You need the software you want to install on the clients in an
MSI format. Check whether your software is on the media .. setup.MSI or
pro11.MSI (for Office 2003 for example). Go copy the media to a server
share the client machines can access it. Make sure you give
"authenticated users" permission to read files on the share.

Use Group Policy Software Installation (preferrably
Computerconfiguration\Software Installation) to _assingn_ the software
to the clients. Link the GPO with the software installation to a computerOU.

If the Software you use comes as an .exe, you'll need to look for a more
advanced way to deploy the software. There are a few (not necessarily
cheap) solutions out there.

If it just about copying some files to a client's local directory like
C:\Program Files\some app\... - you can use a computer start up script
and copy the files off a share to the client's local folders.

Cheers,
Florian

 

[MLtt]

Hi
I have problem...
Did exactly like documented in
http://www.windowsdevcenter.com/pub...ow-to-deploy-software-using-group-policy.html

However when users logon from the workstations nothing happened. Instead of
using the new GPO, I edited the Default Domain Policy and it worked fine for
this. I want to use the new GPO ...I linked it and also typed gpupdate
/force after....still nothing happens when users logon from the workstations
contained in the OU with the GPO attached to it.

What could I be missing?

Howdie!

Hi! I have a network which is composed of around 100 PCs and I am alone
in charge of administering it. Its lately becoming a real pain to update
programs and install software into each PC, running around with the CD
media. I am sure Microsoft had catered to have this procedure automated
by using GPO but dont know how to use it.

Group Policy Software Installation only works for MSI installer packages.
You need the software you want to install on the clients in an MSI format.
Check whether your software is on the media .. setup.MSI or pro11.MSI (for
Office 2003 for example). Go copy the media to a server share the client
machines can access it. Make sure you give "authenticated users"
permission to read files on the share.

Use Group Policy Software Installation (preferrably
Computerconfiguration\Software Installation) to _assingn_ the software to
the clients. Link the GPO with the software installation to a computerOU.

If the Software you use comes as an .exe, you'll need to look for a more
advanced way to deploy the software. There are a few (not necessarily
cheap) solutions out there.

If it just about copying some files to a client's local directory like
C:\Program Files\some app\... - you can use a computer start up script and
copy the files off a share to the client's local folders.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

 

[Florian Frommherz [MVP]]

Howdie!

Did exactly like documented in
http://www.windowsdevcenter.com/pub...ow-to-deploy-software-using-group-policy.html

However when users logon from the workstations nothing happened. Instead
of using the new GPO, I edited the Default Domain Policy and it worked
fine for this. I want to use the new GPO ...I linked it and also typed
gpupdate /force after....still nothing happens when users logon from the
workstations contained in the OU with the GPO attached to it.

So you have used the Computer Configuration\Software Installation and linked
the policy to an OU machine accounts are in, correct? Have you rebooted the
machine? Software Installation only takes place during "foreground
refreshes" (reboot/user logon -- not during normal Windows operation). When
issuing rsop.msc on a client - is the Software Installation policy shown in
the summary? Where did you put files of the installation package at? What
are the share permissions? Is there an error message in the event log?

Cheers,
Florian

 

[MLtt]

gpresult /v yields this part:


Resultant Set Of Policies for Computer:
----------------------------------------

Software Installations
----------------------
GPO: My Software Distribution
Name: Windows Defender
Version: 1.1
Deployment State: Assigned
Source: C:\Documents and
Settings\Administrator.SERVER-F\Desktop\SETUP_FILES\WindowsDefender.msi
AutoInstall: True
Origin: Applied Application


Is the source path the problem? also how come I change the .MSI file to
another one (MBSA) and its still showing the old path?

I think the problem is somewhere here...

Howdie!

Did exactly like documented in
http://www.windowsdevcenter.com/pub...ow-to-deploy-software-using-group-policy.html

However when users logon from the workstations nothing happened. Instead
of using the new GPO, I edited the Default Domain Policy and it worked
fine for this. I want to use the new GPO ...I linked it and also typed
gpupdate /force after....still nothing happens when users logon from the
workstations contained in the OU with the GPO attached to it.

So you have used the Computer Configuration\Software Installation and
linked the policy to an OU machine accounts are in, correct? Have you
rebooted the machine? Software Installation only takes place during
"foreground refreshes" (reboot/user logon -- not during normal Windows
operation). When issuing rsop.msc on a client - is the Software
Installation policy shown in the summary? Where did you put files of the
installation package at? What are the share permissions? Is there an error
message in the event log?

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

 

[Florian Frommherz [MVP]]

Howdie!

Source: C:\Documents and
Settings\Administrator.SERVER-F\Desktop\SETUP_FILES\WindowsDefender.msi
AutoInstall: True
Origin: Applied Application


Is the source path the problem? also how come I change the .MSI file to
another one (MBSA) and its still showing the old path?

Yes -- you need to put the MSI file on a share on a server so that every
workstation can access it. Make sure then that you browse the MSI file then
using \\server\share UNC paths rather than using C:\...

Cheers,
Florian

 

[MLtt]

Stupid me...the folder was not even accepting connections as NTFS
wasblocking access. However I still have a problem. When running gpupdate /v
it is still showing the old path....how can I force the client to pull the
latest version of the GPO? From the server side I ran gpupdate /force and
rebooted but to no avail.

Its still showing the Windows Defender path, not the MBSA path I just set
with the full UNC \\server-f\setup_files\MBSA.msi

any idea?

Thanks for your help

Howdie!

Source: C:\Documents and
Settings\Administrator.SERVER-F\Desktop\SETUP_FILES\WindowsDefender.msi
AutoInstall: True
Origin: Applied Application


Is the source path the problem? also how come I change the .MSI file to
another one (MBSA) and its still showing the old path?

Yes -- you need to put the MSI file on a share on a server so that every
workstation can access it. Make sure then that you browse the MSI file
then using \\server\share UNC paths rather than using C:\...

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

 

[Florian Frommherz [MVP]]

Howdie!

Its still showing the Windows Defender path, not the MBSA path I just set
with the full UNC \\server-f\setup_files\MBSA.msi

You need to create a new GPO with Software Installation -- it doesn't
support changing the path of the MSI after it has been deployed.

cheers,
Florian

 

[MLtt]

Hey Florian
In fact a new GPO worked but had to run gpupdate /force from client to pull
latest updates. Now I have new problem. Windows defender installed without
problems but then a windows pops up saying "Application failed to
initliaize: 0x80070005. Access is denied"

Any ideas?

Howdie!

Its still showing the Windows Defender path, not the MBSA path I just set
with the full UNC \\server-f\setup_files\MBSA.msi

You need to create a new GPO with Software Installation -- it doesn't
support changing the path of the MSI after it has been deployed.

cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

 

[MLtt]

I used the Windows Deployment Workbench but just when I update the
deployment point and error is returned. The below is the log:


Starting: rmdir "C:\DOCUME~1\georgev\Local Settings\Temp\PE20_mount.x86" /s
/q >> "C:\DOCUME~1\georgev\Local Settings\Temp\DeployUpdates_x86.log" 2>&1


Exit code = 1


Starting: rmdir "C:\DOCUME~1\georgev\Local Settings\Temp\PE20_Ramdisk" /s /q

Exit code = 1

Share \\PC-Central\Distribution$ already exists.

Starting: copy "C:\Program Files\Windows AIK\Tools\PETools\x86\bootmgr"
"C:\Distribution\\Boot\x86\bootmgr" /y >> "C:\DOCUME~1\georgev\Local
Settings\Temp\DeployUpdates_x86.log" 2>&1

Exit code = 1

Starting: mkdir "C:\Distribution\\Boot\x86\Boot" >>
"C:\DOCUME~1\georgev\Local Settings\Temp\DeployUpdates_x86.log" 2>&1

Exit code = 1

Starting: xcopy "C:\Program Files\Windows AIK\Tools\PETools\x86\Boot"
"C:\Distribution\\Boot\x86\Boot" /s /e /i /y >> "C:\DOCUME~1\georgev\Local
Settings\Temp\DeployUpdates_x86.log" 2>&1

Exit code = 1

Starting: xcopy "C:\Program Files\Microsoft Deployment
Toolkit\Bin\x86\msxml6*.*" "C:\Distribution\\Servicing\x86" /y /d >>
"C:\DOCUME~1\georgev\Local Settings\Temp\DeployUpdates_x86.log" 2>&1


Exit code = 1


Starting: copy "C:\Program Files\Windows AIK\Tools\PETools\x86\bootmgr"
"C:\Distribution\Boot\x86\bootmgr" /y >> "C:\DOCUME~1\georgev\Local
Settings\Temp\DeployUpdates_x86.log" 2>&1

Exit code = 1

Starting: mkdir "C:\Distribution\Boot\x86\Boot" >>
"C:\DOCUME~1\georgev\Local Settings\Temp\DeployUpdates_x86.log" 2>&1

Exit code = 1

Starting: xcopy "C:\Program Files\Windows AIK\Tools\PETools\x86\Boot"
"C:\Distribution\Boot\x86\Boot" /s /e /i /y >> "C:\DOCUME~1\georgev\Local
Settings\Temp\DeployUpdates_x86.log" 2>&1

Exit code = 1

Starting: xcopy "C:\Program Files\Microsoft Deployment
Toolkit\Bin\x86\msxml6*.*" "C:\Distribution\Servicing\x86" /y /d >>
"C:\DOCUME~1\georgev\Local Settings\Temp\DeployUpdates_x86.log" 2>&1


Exit code = 1

Copying C:\Program Files\Windows AIK\Tools\PETools\x86\WINPE.WIM to
C:\DOCUME~1\georgev\Local Settings\Temp\winpe.wimMounting image to
C:\DOCUME~1\georgev\Local Settings\Temp\PE20_mount.x86Installing optional
components.
Starting: "C:\Program Files\Windows AIK\Tools\PETools\peimg.exe"
"C:\DOCUME~1\georgev\Local Settings\Temp\PE20_mount.x86\windows"
/install=*Scripting* /quiet >> "C:\DOCUME~1\georgev\Local
Settings\Temp\DeployUpdates_x86.log" 2>&1

Exit code = 1
Exception occurred generating Windows PE image:
System.Exception: PEIMG failed, rc = 1. See C:\DOCUME~1\georgev\Local
Settings\Temp\DeployUpdates_x86.log for more information.
at Microsoft.BDD.ConfigManager.PEManager.Generate()


What might be the problem please?

Howdie!

Its still showing the Windows Defender path, not the MBSA path I just set
with the full UNC \\server-f\setup_files\MBSA.msi

You need to create a new GPO with Software Installation -- it doesn't
support changing the path of the MSI after it has been deployed.

cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste