How do I deploy an MSI to VPN clients

I have an MSI that I built and made to work on a land using a GPO that is assigned to the whole domain.  However, most of my users are remote and only VPN into our network to retrieve some files and get out.  None of the remote users logon using Dial-up (VPN).  We are using a Win2K3 server as our VPN server.  How do I get this MSI to load to a person that just casually VPNs into our system?
ace350Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ace350Author Commented:
I am not real familure with scripting and I just started with GPOs.  I have been told that I can do this, yet I cannot figure out how.
xcromxCommented:
Whats the scope of you VPN client..Meaning are you sure your VPN client can get to that IP address..You want them on the same subnet..
I have seen it where stuff does not work because your servers and applications can not see the VPN clients..
ace350Author Commented:
It is set up where when a user VPNs into our network they are on the same subnet as if they were sitting in there office.  We only have one subnet for users.  I have been able to get this to work on our network without going through VPN.
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Jeremy_WileyCommented:
You are probably having an issue with because of Group Policy slow link detection.
When a slow link is detected (your VPN links) some Group Policies are not applied...and software deployment is one of them. You can turn it off however, or chage the default for what is considered a slow link. By default it is like 500k if you changed it to a lower value you might not have a problem.

How a Slow Link Is Detected for Processing User Profiles and Group Policy
http://support.microsoft.com/?id=227260

Default Behavior for Group Policy Extensions with Slow Link
http://support.microsoft.com/kb/227369/EN-US/

Let me know how it goes.
-JW
ace350Author Commented:
Still no luck.  I am trying to log onto the computer as if I am going to work offline.  Then I connect to our company VPN.  AND NOTHING.  I do not even see anything within the Event Viewer that would indicate that anything failed or even tried to load.  The exact same computer will accept the GPO when booted on the network, just not when authentication is over VPN.  There has got to be someone out there that has had to pass an MSI to a VPN user.
Jeremy_WileyCommented:
Are you publishing or assigning?
See the link to consider the login type, you mentioned this above.

http://expertanswercenter.techtarget.com/eac/knowledgebaseAnswer/0,295199,sid63_gci1053831,00.html

Secondly you could use gpupdate to force the GP down.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/refrgp.mspx?mfr=true


Basically what you have is a situation where your guys login not using the VPN to establish connectivity to the domain to check the credentials, as such group policy application is skipped and either you have to wait for the background refresh (like 90 minutes by default) or force them down using gpupdate, slow link settings must still be correct otherwise software deployment will not happen over a slow link.

Good Luck Again
-JW
ace350Author Commented:
In the event vewer, I do not see any activity until I do a 'gpupdate'.  Then I get the message that the GP has been updated; and no program is loaded (even after a reboot).  Then I tried to do a 'gpupdate /force' and it told me that I have to reboot.  I was so sure that was the good sign that I was looking for, but still no luck.  I do not understand how I can take this same machine and put it on our network and it works fine (by the book) but not while VPNed in.  I also shortened the refresh rate for the GPO.
dcliveCommented:
Publish the applications (so users can then "install" it themselves).

The issue you're seeing is due to the fact that GPOs only install assigned software at bootup.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MereteCommented:
my two cents worth
Have you set up a folder only for share? When each user logs on, their My Documents is redirected to that folder.
check the settings of this folder by right clicking on the My Documents shared folder:
 go to the Sharing tab, click on Offline Settings. If it is set to  >>Files or programs from the share will not be available offline << 
dis-able this and allow it to be shared off line.
Hope this helps you.
Merete


dcliveCommented:
How is where My Documents is pointed to related to the OP's question?
MereteCommented:
@dclive

Comment from ace350
Date: 04/28/2006 09:47AM EST
Still no luck.  I am trying to log onto the computer as if I am going to work offline <<<<
dcliveCommented:
Yes.  That means he's doing a cached login to the Windows desktop - he's not authenticating with a domain controller for the login, because he's offline, so there is no chance for the GPO to deploy applications (again, assigned applications only install at first bootup, and only if the network is already present.)  

This issue has nothing to do with offline folders.  The issue is that the assigned application from the GPO cannot find the link to the document because no network is present at the time it looks for the .MSI file(s).
Jeremy_WileyCommented:
dclive and I both have a similar opinion. You’re going to need to publish these apps and disable slow links (ie set it to "0"). Or if your dead set on assigning the app, switch to dial-up connectivity for domain authentication during initial login.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.