assigning MSI using group policy

I had a similar problem with upgrading from Acrobat Reader 8.1.1 to 9. Version 8.1.1 had been installed by GPO msi, so I simply added version 9. However, only some machines did it correctly - many machines did not. I'd get the same "installing assigned app" message, but when I looked in event viewer, there was an error in uninstalling the old version, so version 9 only half-installed.

First, check the event logs on this machine. Also check Add/Remove programs to see if that thinks it is installed. If there are errors in event viewer, you can install and run Windows Installer CleanUp Utility which you can use to forcibly remove the old version of Flash. You can then reboot and let GPO try to install Flash 10 again, and once you log in, have a look and see if it's installed properly this time.

Download it here: http://support.microsoft.com/kb/290301

i'll try it later this evening. it seems this GP method of pushing out apps is very limited. If i have several hundred computers, i have to login to each one to verify the installation was actually successful, it doesn't report?

thanks for reply

In my experience it's not the best, no. Having said that, I have installed UPHC service to hundreds of machines via GPO and not one failed. But Adobe Reader and Adobe Flash has always given me problems. Whether that's a fault with the Adobe MSI's or just a coincidence, I don't know.

Instead of using GPO, I now install the apps using msiexec (Windows Installer command line tool) within the logon script (it just means rebooting all PC's, getting them to logon and then once all have installed, removing the msiexec line from the logon script to prevent it installing again).

More about msiexec commands here:
http://technet.microsoft.com/en-us/library/cc759262.aspx

> it doesn't report?

it does not. SMS does. But in most cases, if you do it right, it gets installed everywhere without a problem.

First look into the event log, and maybe into the machine %temp% folder (usually \windows\temp) for a file MSI*.log.

I'm getting event 102. The install of application Adobe Flash Player 10 ActiveX from policy MSI failed.  The error was : The installation source for this product is not available.  Verify that the source exists and that you can access it.

event 108: Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : The installation source for this product is not available.  Verify that the source exists and that you can access it.

event 1085: The Group Policy client-side extension Software Installation failed to execute. Please look for any errors reported earlier by that extension.

the security/share settigns have been given to the AD group "domain computers" which the test pc is a member. and the GPO is being applied to "domain computers."  what am i missing? thanks

try to give permissions to domain users as well. I know that the assignment is per computer, but still.

will try tomorrow

sorry, not to Domain Users but to Authenticated Users.

> The installation source for this product is not available.

I assume you definitely have the correct source path stipulated within the GPO?

tried domain users and authenticated users no help.

everything i've read says  the domain computer group is sufficient and that group has read/execute and has the policy being applied...

yesthe path is correct.. \\server\share\file.msi

nothing in add/remove programs

also tried windows installer cleanup utility

same proble, it says it is installing on boot, buy i get the same event log errors and flash version 7 is still the version

look in the security event log on the server, maybe enable object access audit on the server for this directory - see http://technet.microsoft.com/en-us/library/cc787268.aspx - or run filemon. The purpose is to see whether the workstation is trying to get the file, and what happens.

also, is the server real, or hosted on vmware or such?

But have you uninstalled Flash 7 (and run Windows Installer cleanup after to make sure it's gone) and then rebooted and seen if version 10 installs fine? Just want to rule out it's not 7 refusing to uninstall prior to 10 installing.

it is a snap server, i don't think i can setup auditing to my knowledge...

yes, uninstalled flash 7, ran cleanup, rebooted, it says it is installing 10 but doesn't, so actually 7 is gone, and i have no version installed now...

one possibility is that this is not a full self-contained msi, but should be accompanied by external files, like in administrative installation.

Can you copy this msi to a local directory and run from there; will it work?

yes, the MSI installs all by itself with no problems or external files

I think the only way is to monitor what file it's trying to get and what fails. If you can't do it on server side, then another way is to use sysinternals' process monitor and initiate boot logging.

probably going to look at using something other the group policy. it simply isnt working, everything is set correctly, and it gives no useful information to try to resolve the problem.

i realize i can't access the MSI file, but why? all security is set for domain computers to read/execute. this system sucks.

another option for deploying is to do a remote push to all clients. This is what we currently use instead of depending of group policy for software installs. Just download psexec and drop in your System32 folder, then create a text file with all the computers listed on each line (i usually do a export from AD), then run the command below.
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

I have been able to deploy flash with this method with no problems.

psexec @computerlist.txt -u domain\Admin -p Password msiexec /i "\\Software\Installation Software\Flash\install_flash_player_active_x.msi" /qn

I would do a test deploy on your own machine to ensure it works.. This way you can at least rule out whether it's an issue with Group Policy itself or perhaps an issue with the security rights of the network folder, where you've placed the flash MSI. Check event logs after this runs on your machine.

psexec \\computer1,computer2 -u domain\Admin -p Password msiexec /i "\\Software\Installation Software\Flash\install_flash_player_active_x.msi" /qn

Also note that there's 2 diff installs.. the plugin and activex.. activex for IE and plugin for Mozilla.

The only other thing to check is to ensure that you have the proper msi to do a mass deploy.. Adobe has this thing with ensuring you fill out a request and license info to get the distributable version of the install. It usually takes a couple days before you get a reply from Adobe with a link of where to download the distributable MSI.

> Adobe has this thing with ensuring you fill out a request and license info to get the distributable version of the instalL

on the other hand, you might even not that this thing and license exist if you go straight to their anonymous ftp.

i followed the licensing steps given by adobe, and was sent an email linking me to the download for the distributable MSI package.

it is not a licensing issue.

i am going to setup a standard windows share and attempt to install the MSI from there, bypassing the snap server...not sure what difference it will make as the security settings are set correctly just like the other hundered shares we have...

i am also using the active x package for IE....everything is correct....GP sucks

sneaky... =)

> GP sucks

We have here dozens of applications, all distributed by GP, including Flash, Reader, MS Office, other 3rd parties, our own stuff, repackaged stuff... all works fine. There was certain learning curve with mistakes and revelations, but not harder than I guess any other technique would be.

ok so can you close this question or do i?

the points don't actually cost me anything right? I just pay a yearly fee.

1. you do. The above is only comment :-)
2. right

glad you got it solved =)