We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Microsoft Fix It 50287 Will not deploy from Group Policy

forthphaze
forthphaze asked
on
Medium Priority
4,340 Views
Last Modified: 2012-06-27
Is anyone else having any issues getting the Microsoft Fix It MSI package to deploy via Group Policy?  

http://support.microsoft.com/kb/972890

I know the GPO is working properly, as other software packages install, I just tested by uninstalling the Office 2007 Compatibility Pack and rebooted, and the policy reinstalled that package.  However, the MS Fix It MSI will not run.  The MSI package is in a shared folder, and authenticated users have proper permissions to access the installation.

Comment
Watch Question

Iain MacMillanIT Regional Manager - UK

Commented:
how many systems do you normally deploy to - might be a good idea to look at using WSUS server services to deploy your patches, saves cluttering up your GPO, and slowing down your system boot/start-up times.
no wsus patch available at this time Iainix. Zero day security issue.

forthphase, we're having problems too. Won't deploy.  
Network Administrator
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
What is the error you get when installing the MSI package?  

When I attempt to role this out, I get the following in event logger.

"The assignment of application Microsoft Fix it 50287 from policy Update for Workstations failed.  The error was : Fatal error during installation. "

Author

Commented:
Worked perfectly, thanks.  I'm still curious as to why the MSI won't run via GP though..
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
Try the following switches(in a .bat)

set SEE_MASK_NOZONECHECKS=1
MicrosoftFixit50287.msi /passive /quiet /norestart set SEE_MASK_NOZONECHECKS=0
Keep up the good work guys.  I haven't been around here in a couple years, but reference expertsexchange all the time.

Here's where I've been lately and what I have to say about this zero day and how to protect yourself.
http://community.spiceworks.com/topic/71312?page=1#entry-181505.  Essentially I block NTFS access to msvidctl.dll...otherwise when the patch comes out you'll have to create another registry file to reverse the entries you introduced.  Some video playback functionality may fail otherwise.

@IainNIX:This is a ZERO DAY which means no patch.  No patch... no wsus.

Commented:
Just a comment:

Pushing thru group policy worked fine for me.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.