Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Deploying software through startup/login script in Group Policy

Posted on 2009-02-24
10
Medium Priority
?
4,272 Views
Last Modified: 2012-05-06
I am trying to deploy software by using either startup or login script in Group policy. But I cant get it to work. Feels I am missing out on something basic here. The command I am running in a ".bat"-file is as follow=

msiexec /i \\SERVER1\programs\dtb.msi ALLUSERS=1 /qb

I can run the .bat file manually and the install runs without problems. How ever it doesnt seem to work with Group Policy. I can see (using "gpresult /v") that the computer client sees the GP and that it applies it with no error messages.

I have read some similar threads out there that mention problems with permissions when using Group Policy, startup script for a computer. But since I am having the same problem with both user and computer based, I would think it is something else. It doesnt work either (using GP login) when I log in as an administrator - and no errormessage pops up, and I cant see anything in the event viewer. And still, as I mentioned, GPresult shows that the script is beeing applied.

Is there something missing in the script?

And also it would be nice if you could give me an example of a basic bulletproof script -.bat/.cmd that you use deploying software with GP!

I am currently testing on one DC and a Vista machine.
0
Comment
Question by:andre_st
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 23720995
Is there a reason why you're not using the built in Software Installation policy in Group Policy? This would be preferrable to using a script.

If you running it as a startup script, it will run in the context of SYSTEM (machinename$), login will run in the context of the user.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 23721002
You can avoid problems with permissions by utilising software deployment rather than trying to run installs via logon scripts see http://support.microsoft.com/kb/324750
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 1000 total points
ID: 23721011
Take a look thru these steps I created and helped some other members with...

AD-msi-deploy-how-to.pdf
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:bluntTony
ID: 23721037
Check this link out: support.microsoft.com/kb/816102
0
 

Author Comment

by:andre_st
ID: 23721721
Thanks for all the quick replies - I am well aware of the possibility of the "software installation" function in GP. The reason I need to get the startup or logon installation, using script to work - is that I work for a company who is a reseller/distributor for many different softwares. And our clients use many different methods of deploying software in theire network. So therefore I need to evaluate and test the many possibilites one has of deploying software.

Besides that - My experience with software installation in GP, is that it can be a bit cumbersome. By that I mean that Group Policy does not always update itself like it should, resulting in the need to restart the computer 2-3 time before it works...
0
 
LVL 70

Expert Comment

by:KCTS
ID: 23721757
Its far more reliable than a logon script - use the correct tool for the job :-)
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 1000 total points
ID: 23721879
Wholly agree with KCTS. With regards to the reboot 2-3 time issues, you can resolve this by setting the following policy, although it will mean that machines do wait for a full refresh before logging in, rather than continuing after a timeout and continuing with a background refresh:

Computer Config/Admin Templates/System/Logon - Always wait for the network at computer startup and logon.

If the processing times out before a full update, then certain policies which are subsequently applied during the background refresh will not apply until the next login/startup. The above policy addresses this and forces a full refresh before continuing. It might not be a good idea to use all the time, but can be used to force the application of certain polices at a particular time, then turn off again afterwards.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 23721892
Did you take a look at the last page of the PDF I posted?  It describes what you have to do to fix the software deployment issues.
0
 

Author Comment

by:andre_st
ID: 23722576
Nappy_d: yes, I immediately began trying out your advice in the pdf on using group policy to force "always wait for network" during startup/login. I added the "always wait for network" policy, both locally and in the domain policy (just to be safe ;-).  

And, YES, it seems to be working rather well now :-)

I managed to install all except one software this way, trying both user and computer based deployment. In the end I discovered though that this one program which was failing...actually got installed, except for all the shortcuts. (which is usually never a problem with this software...)

I havent got a clue why the shortcuts werent created, but that seems to me like another matter - which isnt necessaraly related to the script and deployment method?

Thanks alot for the help all - in the future, it will be very nice to dont have to update or restart the computer several times to update the GP!

0
 
LVL 32

Expert Comment

by:nappy_d
ID: 23722992
If you want shortcuts created on the desktop etc, you will need to create an MSI package that specifies these options.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question