.MSI Software Installation

[Guest]

When deploying a .MSI software package to a group using group policy in AD
everything seems to work. When an object is added to the group the software
is deployed to that object.

If I create a group policy software installation, and include two or more
packages in one deployment I cannot seem to deploy them in any particular
order. So if I was to deploy Office 2000 then Outlook 2003 as an upgrade it
may install the Outlook 2003 first then ignore the rest of Office 2000
because it has performed the upgrade first.

Any ideas?

 

[Herb Martin]

When deploying a .MSI software package to a group using group policy in AD
everything seems to work. When an object is added to the group the software
is deployed to that object.

If I create a group policy software installation, and include two or more
packages in one deployment I cannot seem to deploy them in any particular
order. So if I was to deploy Office 2000 then Outlook 2003 as an upgrade it
may install the Outlook 2003 first then ignore the rest of Office 2000
because it has performed the upgrade first.

Have you tried using the "upgrades/replaces" (or other conditional
installs)?

I don't have the dialog box in front of me but there is a facility for
the specific issue you meantion where Outlook 2003 "upgrades"
Office 2000, 2002 etc.

 

[Ryan Hanisco]

Basildon,

If you are concerned about the order of the applications' deployment, you
would be best to create a separate GPO for each application and order the
GPOs to get the desired effect. Generally this is the way to go as it gives
you more granular control of deployment through permissions filtering and
GPO order. Just remember that GPOs higher in the list apply first.

Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

 

[Guest]

Thanks for your help.

---------------------------

 

[Guest]

Thanks, this is the only way I have made it work successfully.

--------------------------

 

[Cary Shultz [A.D. MVP]]

Basildon,

First of all you do not deploy software via GPO to groups. You deploy
software to containers ( well, in the case of a Site-level or Domain-level
deployment....most people are deploying software to the OU-level, however ).
Period! And the user account object or the computer account object must
reside directly in the container to which the GPO is linked in order for it
to be eligible to receive that GPO.

Secondly, you can control this by way of the Security Group Filtering
feature. Normally, when you create a GPO the security Group 'Authenticated
Users' is given the READ and APPLY GROUP POLICY rights. You could remove
this security group from the Security tab on the GPO and replace it with a
Security Group of your creating. You would need to make sure that the user
account objects or the computer account objects that you want to be affected
by this specific GPO are indeed members of this security group. Then, give
this security group the READ and APPLY GROUP POLICY rights. However, and I
repeat, the user account object or the computer account object M*U*S*T
directly reside in the OU (assuming that this is being done at the
OU-level ) in order for it to fall under the SOM of that GPO. NOTE: SOM
means Scope of Management.

Now, to your specific question. I have never tried to install multiple
software applications via one GPO. I will have to play with this to get a
handle on how it does ( not ) work.

There was also a post awhile back on this exact scenario. I think that it
might have been in the Group Policy newsgroup. You might want to do a
search for it. This is not as easy as it sounds......

HTH,

Cary