WIN 2008 - BEST WAY TO UNINSTALL GPO DEPLOY SOFTWARE

Ive successfully installed some software via GPO as a test!

What is the recommended way to remove the software ?

No expert appears to be able to answer this one and 'youtub' only shows installing software and mentions about 'add/remove programs', surely that can't be the preferred method?

It took me 3 weeks to resolve how to install and I hope I can resolve how to install today if anyone is listening!!

please please
mikey250Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
OveConnect With a Mentor Commented:
you may simply remove the msi-file from your gpo.
When removing the msi-file inside your gpo you're asked if the software should be removed from the clients or if it may remain on the clients. There you may simply select "remove"

Ove
0
 
mikey250Author Commented:
Hi Ove,  Ok, yes I realise this as I added it in there, but if there was a whole host of apps to be installed and rather than deleting all I thought there was a way of selecting 'Disabled' to do this or something!!!

So when I selected 'Computer configurations - Disabled' - what does this do then?
0
 
mikey250Author Commented:
Hi Ove, software has simply been removed from GPO although GPO still there obviously unless I delete that too, but software is still located on host pc!!!!!!!!

Yes when I removed software from GPO on server it gave me 2 options and I selected to uninstall it.

I also ran a: gpupdate /force and rebooted server and host pc, still to no avail!!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
mikey250Author Commented:
This Win 2008 GPO is a complete joke!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Ive now removed completely the GPO, ran: gpupdate /force and also rebooted the server fully while host pc was switched off but still host pc holds software!!!!!!!!!!!!!
0
 
OveConnect With a Mentor Commented:
the normal way you described in your 2nd answer (ID: 36509042): remove the msi-software-installation-packets from the gpo but don't delete the gpo itself. Then - normally the client pc's should uninstall the software after the next reboot.

Due to the fact that you know have deleted the whole GPO we don't have any chance to use this normal feature of uninstallation.

The only solution i do NOW see is to create a MSI-Packet which uninstalls your software.

There is a tool available for free which helps you in such cases. Unfortunately this is only available in german language - so documentation (which is SIMPLE) is only available in german language.
The tool is named "Silent2MSI" and is available here:
http://www.realschule-ehingen.de/index.php?menuid=77&reporeid=88
With this tool you are able to put the uninstallation-code into a MSI-package which you may distribute via GPO :-)

The only configuration needed for this procedure is ONE line inside the s2m.ini under the following line :
[install]
msiexec /x {Package | ProductCode}

*********************************************
For help of msiexec read:
To uninstall a product
Syntax
msiexec /x {Package | ProductCode}

Parameters
/x
uninstalls a product.
Package
Name of the Windows Installer package file.
ProductCode
Globally unique identifier (GUID) of the Windows Installer package.
Remarks
Windows Installer command-line options are not case-sensitive.

For more information about the Windows Installer command-line options, see Related Topics.

Examples
To remove or uninstall a package, type:

msiexec /x Example.msi
*********************************************

So if this is an option for you i may provide you further help for this problem :-)

Ove
0
 
mikey250Author Commented:
Ok well what I will do as this is just a test server, I will just access 'Add/Remove programs' and delete that way.
- Once done i will create another gpo and install like before - Then get back to you if that is ok in about 10 mins and then I wouldn't mind trying out your 2nd suggestion?
0
 
OveConnect With a Mentor Commented:
you might test the "normal" way.
- Install msi via gpo
- remove msi from gpo
- reboot (maybe try gpupdate /force on the client)
- may be 2nd / 3rd reboot needed before updated gpo is applied
- gpresult (see if the new gpo (without msi) is applied

If the automatic uninstallation isn't working you should try to find the reason for that...

Have a look into the event-logs of the client.

Ove
0
 
mikey250Author Commented:
Hi Ove,  I have always done as you say: As per previous thread I have already uninstalled software from host pc and re-created a fresh GPO again ensuring all 'domain users' is added within GPO tabs etc then carried out the following:

install msi via gpo
removed msi from gpo - As you suggested earlier so I installed back as per previous thread
Ive checked Eventviewer on host pc - Which shows a GPO error so I do a: gpupdate /force on client which corrects GPO.   I then reboot host pc but still software not installed.

I think I will have to reboot my server at least 3 times before switching host pc back on, as always when Im messing about it always does eventually install software, BUT CAN NEVER FIGURE OUT HOW I DID IT!!!!!!!!!!!!!!!

I have looked in the Software specific GPO and clicked on 'Details tab' which shows a report and everything looks ok as glanced at this before!!!!!!!!

I have just ran: gpresult /r - and scrolling down Ive noticed it states:

RSOP data for Domain name\Administrator on Servername : logging mode:
- Connected over slow link? - No - Even though I have also selected this option in GPO\Edit activating instead of default 500 but changed anyway to 1000. - So this does not make sense to me?

Computer settings:
- Group policy slow link threshold: 500 kbps - But I thought above was set and not as it states here?
- Domain type: Windows 2000 - My OS is Windows 2008 only no others attached - ?

The following GPOs were not appliedbecause they were filtered out:

Software:
- Filtering: Not Applied (Empty)
Local Gp Policy
- Filtering: Not Applied (Empty)
Software Users
Filtering: Denied (Security)

I do not know why this above says what it does as NOT the case as I have successfully installed yesturday.  I am going to switch off host pc and reboot server 3 times or so!!!!!!!

And get back to you as these results above are a mess!!!!!!!!!!
0
 
OveConnect With a Mentor Commented:
Hi!

one moment :-)

A GPO consists of two parts (computer-configuration and user-configuration).
In which part did you add your msi-package as "softwareinstallation" ?

Normally i do install Software inside the computer-part. And then you will not have to add "Domain-Users" but "Domain-Computers" - or (better) create a new group inside your active-directory named "Softwareinstallation-XYZ" (with XYZ being the name of your software). And then add the Domaincomputers/Computeraccounts which should get the software as "members" of the group.
Then add this new group to your GPO instead of "Domain-Users".
Via this way you're able to granulary add software only to special computers - and not to everybody inside your environment. But if you're planning to install software to EVERY computer inside the AD-OrganisationUnit then you should add "Domain-computers" to your GPO.

And:
If you added the softwareinstallation inside the user-part of your gpo then you should be aware that "Domain-Administrators" are normally exept from overtaking the gpo by default. So gpo's are normally NOT applied when logging in as administrator. This behaviour is for security-reasons.

Ove

0
 
mikey250Author Commented:
Software was added in Computer configuration only!

Ok Not Domain Users but Domain Controller - Ok I will remove Domain users and add Domain Controller!!

In AD I created a group and I then added the Domain Users in that group - but does the name of the AD Gp need to be the exact name although I presume no so presumably what I have done is ok ?

Note:  The only reason why I added as 'Domain Users' was just for the purposes of knowing how to successfully install the software which has worked last week once, but since removing from Add/remove programs on Host pc, I then created a new GPO etc but for some reason cant get it to install again, so Ive obviously missed something...!!!

You use the word 'granular' so if you mean it 'ENSURES' it works then OK

If I wish to add software to all users within AD then I should add Domain computers - OK

I created a Domain user account instead of using Admin account to install - because as you suggest gpo's are normally NOT applied when logging in as administrator.

I will try in an hour or so today!!

Thanks for your comments.

Ive done what I did before when installing software BUT NOT SURE WHERE I HAVE GONE WRONG!!!!!!!!!!  As in Eventviewer on server it showing for example, even after 6-7 restarts of server and then I restarted completely host pc but still no software installed.

Software:
- Filtering: Not Applied (Empty)
Local Gp Policy
- Filtering: Not Applied (Empty)
Software Users
Filtering: Denied (Security)

Why are the above changing Denied to Allow etc ?????????
0
 
OveCommented:
you're mixing up things...so we should start from the beginning.

Do you want to install software to clients, or domain-controllers ?

Above you're talking about domain-controllers...that puzzles me...

So..slow from the beginning :-)

Ove
0
 
mikey250Author Commented:
Hi Ove,

Yes I wish to install to software clients hence created a user domain account.......hence adding domain users only just to test!!!

No I am referring to domain users..!!
0
 
mikey250Author Commented:
Dont forget I have already done it twice before over the last couple of weeks, but in between doing 'gpupdate /force' on server, then restarting host pc still did not allow install this time round!!!!!!!
0
 
OveCommented:
ok...did you put the Computer-Account(s) of your client(s) into a new added OrganizationUnint inside Active Directory, or are they still located under "computers" inside the "Domain Users and Computers" mmc ?

Ove
0
 
mikey250Author Commented:
What if i send images of AD and then GPO stage by stage?
0
 
OveCommented:
yep..pls do so

Ove
0
 
mikey250Author Commented:
I decided not to create an OU for the time being just created a 'group'

I then created in AD Users folder a 'group folder'...
I then created in AD Users folder a user account...
I then added the user account to the 'group folder...
I have not added this into the Computer container where the host pc is sitting..
0
 
mikey250Author Commented:
Just switching server back on..
0
 
mikey250Author Commented:
My 3 days has run out as was going to add the 'product keys' I have but now it states 'restricted access'......:(

There was a reason for leaving it for the 3 days as I appeared to be losing services/stopping hence nightmare with GPO.  I should have done it this morning.... Unless you know how to allow me to try these product keys i have?

I did not want to have to use - 'slmgr.vbs -rearm'........
0
 
OveCommented:
?
Why not add your product key now ?
Do you only want a TEST-Server without activation ?

Ove
0
 
mikey250Author Commented:
Hi I would normally do start, right click 'computers', properties and in there I would be able to click to change 'product key' if the 2 I have work, but it says now access restricted so dont know how now...

Ive just done 'slmgr.vbs -rearm' thinking this would resolve this after the reboot but it did not but Im hoping this command will not stop intermitantly services so Im trying to hurry up now and send you the pics..

Yes this is just for test purposes so I practically know what to do..
0
 
mikey250Author Commented:
Hi Ove,  apologies for taking so long had problems copying them and putting in Winzip see attache images!

thanks!!!!!!!!!!!!!
gpo-images.zip
0
 
yo_beeConnect With a Mentor Director of ITCommented:
You can run a script also if for whatever reason removing the MSI from the GPO (Not the GPO completely) does not work.

You will need to find the Installer Hash  and run MSIEXEC /X "{IdentifyingNumber}" /qb

Put that in a startup script or shutdown  and you should be successful.

To find the hash run WMIC CMD from a computer that has the installed program.

c:\wmic
Type Product  
This will give you a list of all applications installed on the computer.
Find the application and scroll to the right and when you he the Product hash Mark it and paste it into your startup script.



Example: msiexec /x "{9842DA33-4DCD-4AFC-8C4B-29AC751E50AC}" /qb
 
0
 
OveCommented:
so..
0
 
OveConnect With a Mentor Commented:
so...

pic1.docx: your client MICK-PC should NOT be a member of "Domain-Users"...only "Domain Computers"
pic4.docx: your gpo's do not need to be "Enforced: Yes"...it should be "Enforce: No"
pic9.docx: remove "Domain-Users" and add "Domain Computers"

then - on reboot - MICK-PC should install your Word Viewer Application.
Then - if you remove die word-viewer.msi (pic11.docx) then it should be uninstalled from MICK-PC on the next reboot(s).

Ove
0
 
mikey250Author Commented:
Hi yo_bee, I would like to get this GPO working normally without scripts first of all so at least I know the basic way.  Scripts is something I wish to know more about at a later date but thanks!
0
 
mikey250Author Commented:
Hi Ove,  I made those changes and rebooted server 4 times and checked 'Eventviewer', but still the 'software' added is still showing as denied.   Ive double checked to see Ive made your changes and they are still there!! I will come back to this tomorrow morning!!! Not sure if you will be up at that time!!!

I will keep at it anyway as not giving up til I know at least one way of doing things before I even move onto 'Scripting'!!!

Most appreciated for your time anyway!!!!!!!!!!!!!!!!!!!

0
 
OveCommented:
we#ll get it up and running - even if it takes some time :-)

Ove
0
 
mikey250Author Commented:
Morning Ove,  just switching on server now to have another look and check of all settings but at least you appear to be happy after looking at my images and providing I made those changes of yours you suggested yesturday!

Is it the case that depending on changes and confusion within the system/cache or whatever that it may take a series amount of rebooting or should I just leave the server onto adjust itself and untangle itself?

I presume the 'Eventviewer' should actually state: allowed and not Denied?
0
 
mikey250Author Commented:
I would like to know why this command does not work on the server:  'gpupdate /target:mick-pc | jfoster' - ?
0
 
mikey250Author Commented:
Hi Ove,  I wanted to check as I have had the internet connected last Friday which is a 'Netgear router', which is also acting as a DHCP Server.

I have also configured my Server as a Win 2008 server and added the 'Reservation Mac Address' within the DHCP, so can this be an issue?

By the way I have completely deleted the user account GPO etc and 'shutdown' server.
Ive now switched server back on and checked 'Eventviewer' and GPO's have now gone as the only one showing by default 'Local Gp Policy' Not Applied!!

Im going to start again as per the images I sent you, ensuring the issues you pointed out are also added as below:

pic1.docx: your client MICK-PC should NOT be a member of "Domain-Users"...only "Domain Computers"
pic4.docx: your gpo's do not need to be "Enforced: Yes"...it should be "Enforce: No"
pic9.docx: remove "Domain-Users" and add "Domain Computers"

Then reboot if neccessary and then check Server 'Eventviewer' to ensure GPO's have been applied, once I get to this point before switching host pc on I will come back to this site and see if you have responded otherwise or not thats if your awake as it is Sunday rest day!!
0
 
OveConnect With a Mentor Commented:
your postings are a little bit puzzling to me :-)
there is a well known slogan: 99% of all active-directory-problems have their reason in DNS-errors/-problems.
So..do you only have ONE DHCP-server inside your environment, or several?
Are the DNS-info's on all dhcp-servers the same? -> pointing to the domain-controller, which has to be dns-server ?

What is the ip-address of your domain-controller?
Pls post a "ipconfig /all" of your client MICK-PC

Ove
0
 
mikey250Author Commented:
Hi Ova im back!!
0
 
mikey250Author Commented:
Originally my setup was the following:

- 1 x Win Server/DC/Dns/Dhcp integrated with SP2 only
- 1 x switch
- 1 x host pc for testing

Note: I had my new internet connection added last Friday with my Local ISP!

So it is now the following:

- 1 x Netgear router - which was running as the 'Master' but I did not realise, but have since 'Disabled' this allowing the 'Below' server to be the 'Master'
- 1 x Win Server/DC/Dns/Dhcp integrated with SP2 only
- 1 x switch
- 1 x host pc for testing

Note: I have since removed 'Dhcp and Dns' entries after the above changes so everything is ok as far as 'Dhcp & Dns' are!!

Note: I have since deleted 'OLD' GPO from both AD & GPO Server and 'RECREATED' NEW ONES ADDING AN OU' aswell, then carried out the below:

1. I have been making changes to the GPO on the server and not doing: gpupdate /force ACTUALLY ON THE SERVER
2. After changes on server above I switch host pc on and logged on with 'normal domain user acount' then ran: gpupdate /force.

The eventviewer on the 'Server' stopped showing the 'OLD' GPO, and showed the 'NEW' GPO, but it has gone back to showing the 'OLD GPO'!!!!!!!!!!!!!

May I point out I sucessfully 'Prohibited the control panel' on host pc - in my 1st GPO!

I then created a 2nd GPO specifically under: Computer configuration!!

I think that the way Ive configured AD on both User account for 'prohibit of control panel' and the way Ive configured the 'GPO Software' for Domain Controller has caused this issue also, Im not sure when or when not to use 'gpupdate /force' or with what account I should be using on the host pc???
0
 
mikey250Author Commented:
No errors in DNS!!!
0
 
mikey250Author Commented:
I think Ive lost services intermitantly as on saving an image so that I can give to you it wont let me select a folder for it to go in!
0
 
mikey250Author Commented:
As I think some services dont work and it wont let me actually save images although it did before as one instance.  I think I am going to have to do a clean re-install as you maybe busy anyway and at least do No 1 below but leave No2 until you return hopefully!!

1. I can with no problems 'prohibit the control panel with 1 x GPO!!!!!!!

2. I appear to become stuck when it comes to installing GPO Software the correct way!!!
0
 
OveConnect With a Mentor Commented:
due to the fact that it's all TEST-environment you should make a reinstall and then come back to your initial question here: "BEST WAY TO UNINSTALL GPO DEPLOY SOFTWARE".

We can't make a fully online-support for the whole active-directory-usage and gpo-usage :-)

Pls prepare your environment to come back to the initial question ...that would make things much easier for us :-)

Ove
0
 
mikey250Author Commented:
Morning Ove,  Yes I re-installed lastnight but will do this morning create a 'DC'!!!

What I wish to know is once a 'DC', within GPO server am I supposed to create 2 GPO's:

qns1. 1 x GPO for the user configuration where the 'redirection folder' goes?
qns2. 1 x GPO for the software to go ie - computer configuration?
qns3. Or is both above in same GPO?
0
 
OveConnect With a Mentor Commented:
i would create two GPO's

Ove
0
 
mikey250Author Commented:
GOOD Ive been thinking about this all night and could not get to sleep as been repeating this for 3 weeks 7 days a week belive it or not!!!!!!

I will come back to you soon as just woke up and need to have breakfast and cup of tea.!!!!! If thats ok!!!?
0
 
mikey250Author Commented:
Hi Im back now!!
0
 
OveCommented:
remember: this is NOT twitter :-)
So pls do only post technical facts and not the ongoing life ;-)

Ove
0
 
mikey250Author Commented:
Hi Ove,  As Ive reinstalled a clean OS as a Win 2008 DC/Dns/Dhcp integrated with SP2 ive also done the following:

My Netgear router also has the ability to act as the DHCP Server which I have disabled!! It was using the class C reserved address but my DC server is now master with a static ip address:

Server
ip: 192.168.0.10
sm: 255.255.255.0
dg: 192.168.0.1
dns: 192.168.0.1

Im not sure if I should use the 'dns' from the image attached as the correct way of doing things ie public primary/secondary dns?
netgear-gui-settings.docx
0
 
mikey250Author Commented:
Hi Ove,  correction on previous thread my dns is: 192.168.0.10 not 192.168.0.1..!!
0
 
mikey250Author Commented:
Hi Ove,  I just thought I wouldn't need my default gateway in this situation would ie due to my server getting its internet access via the Netgear router anyway?
0
 
OveConnect With a Mentor Commented:
if your network is small (only some machines) you do NOT need DHCP.
Simply give all machines static-ip-addresses.

If machines should get internet-access you have to add the gateway-address (of your netgear-router) as default-gateway on the clients (and your server).

The DC must be DNS-server. Pls set the address of the DC into your client(s) as DNS-server.

But for your gpo-scenario you do not need internet-access...so you can safely ignore all the internet stuff. Simply give ip-addresses (static or dhcp - doesn't matter) to your client(s).

Ove
0
 
mikey250Author Commented:
Hi Ove,  I will create another thread for your extra comments as dont agree!

Just for purposes of practically knowing what to do is all it is about so I will continue with the DHCP server..

I will go back now to the GPO Software issue as also attached what I have done so far as dont wont to jump ahead of your direction!!!!!!!!!!!!!
images.zip
0
 
yo_beeDirector of ITCommented:
@Ove
Why would you ever use Static IP for a client machine.
You are asking for more admin work then needed.
If DHCP is setup with the proper Options you should not have to worry.

Option name:
003 Router <Netgear IP>
006 DNS <all DNS Servers>


I to not agree with OVE.
0
 
mikey250Author Commented:
Hi yo_bee I was going to create another thread around that as it I wish to delve in a little deep so I understand that scenario! I will keep this thread though relating to the main thread of this issue I have once 'Ove' hopefully gets back to me so I can once and for all know exactly what to do to install GPO Software, which I have successfully done but dont know how so trying to find the exact steps I need instead of 100 to get to same goal!!
0
 
mikey250Author Commented:
Hi yo_bee, in 'Ove' defence it was reference to a really small LAN, so I suppose why not add static ip addresses which in turn stops the configuration of dhcp in turn saves on server resources!!!
0
 
yo_beeDirector of ITCommented:
Small , Mid, Large DHCP is a better way to go.
It is easier to manage and maintain.  
0
 
mikey250Author Commented:
Hi Ove, Im still puzzled as when configuring a GPO for the 'Redirection of folder' and 2nd the GPO for software deploy Im puzzled as when or when not to add either 'Domain computers or Domain Users or specific user or all in AD or GPO?

0
 
mikey250Author Commented:
Hi yo_bee I have not added that new thread but will do!!!
0
 
OveConnect With a Mentor Commented:
let's focus on the gpo used to install and uninstall software via msi-files.

ToDo:
1.) create a OrganisationUnit for your Hardware (Clients).
2.) Move your client (computer-account) into that OU
2b.) btw. the computeraccount is created when joing to domain with the client
3.) Create a GPO inside that Hardware-OU with a softwareinstallation of an msi-packet inside the computerpart of the gpo
4.) Add "Domaincomputers" to the Securityfiltering of the gpo
5.) reboot your client (or issue "gpupdate /force" some times) , maybe also do reboot twice
6.) Your Software should be installed on the next reboot
To uninstall the software do the following:
1.) remove the msi-packet from your gpo
2.) when asked answer : uninstall software from clients
3.) reboot your client (or issue "gpupdate /force" some times) , maybe also do reboot twice
4.) Your Software should be UNinstalled on the next reboot

Pls try this...

Ove
0
 
OveCommented:
see this two images from my site:
 gpo01
 gpo02
0
 
yo_beeConnect With a Mentor Director of ITCommented:
Here is a link to another thread I added some comments to.  It is relivant to your question about Folder Redirection.
http://www.experts-exchange.com/Storage/Backup_Restore/Q_27044543.html.  I copied and pasted the Snippet of my comment about it below.
Hope this helps with addressing that part of the question.    

 
ID:35786402                 Author:          yo_beeDate:05/18/11 11:20 AM      Assisted Solution  

Yes.
Windows 7 Forlder Redirection  GPO setting is more manageable.
There is a setting under  Users Configuration > Policies > Folder Redirection
This is were you make the setting.
What happens is the registry on the clients computer is modifies to point to a UNC rather than a local location on the c:\

This setting will give the users access to their Desktop, Docuement, Favorites..etc.  


http://technet.microsoft.com/en-us/library/cc753996.aspx
http://technet.microsoft.com/en-us/library/cc732275.aspx
http://technet.microsoft.com/en-us/library/cc771969.aspx 

Mind you if you are running Active Directory 2003 you will need to download and install RSAT on your Windows 7 machine and add the GPM feature or run this from a Windows Server 2008 GPM feature enable.

If you do not you will not get the added options that are offered with the ADMX

   

http://technet.microsoft.com/en-us/library/cc771969.aspx 

Mind you if you are running Active Directory 2003 you will need to download and install RSAT on your Windows 7 machine and add the GPM feature or run this from a Windows Server 2008 GPM feature enable.

If you do not you will not get the added options that are offered with the ADMX
   

0
 
mikey250Author Commented:
im in process of following your 1 - 6 instructions Ive just had to log back onto internet to get the extract commands to convert my wordviewer.exe to .msc.

Ive always been able to add 'Redirection folder' and 'prohibit control panel.

It is when creating the 2nd GPO for the software it dont work

Ive have stumbled upon a query that confuses me in GPO server!!!!!!!!!!!!

Within AD OU - the folder Ive created called 'Group1' is just known as a 'Group'?

In the GPO Server does the GPO have to be the same name as the 'Group' in AD, Im assuming not?
0
 
OveConnect With a Mentor Commented:
Within "Active Directory Users and Computers" you have to create e new "Organisational Unit" - not a new group!
To apply gpo's to ALL computers inside your OU add "DomainComputers" (compare gpo01.png above).

Ove
0
 
mikey250Author Commented:
Hi Ove,  Ive always told you Ive already created an OU!!!
0
 
mikey250Author Commented:
Then I created a user account and put inside OU as per your instruction!!
0
 
OveCommented:
pls provide new screenshots.

Ove
0
 
mikey250Author Commented:
What about rights/permissions on AD and GPO?  I did set this later to Full access but has not made no difference.  Rebooted pc 3 times and run gpupdate /force - which is ok in Eventviewer but no software installed!!
0
 
mikey250Author Commented:
Hi Ove, I will send what you want step by step!!
pic1a.docx
pic2a.docx
0
 
OveCommented:
pls provide screenshots from the Group Policy Management Console showing the OU "Computer" with the attached GPOs
and show all tabs of your gpo used for the softwareinstallation

Ove
0
 
mikey250Author Commented:
Hi Ove,  see attached images that you requested so far!
images-gpo.zip
0
 
OveConnect With a Mentor Commented:
to make your GPO work on your MICK-PC you'll have to move the computeraccount MICK-PC from "Computers" to your OU "HR3". Only then the GPO1 will apply to MICK-PC.

pic10a.docx: Select "Uninstall the applications when they fall out of the scope of management"


Ove
0
 
mikey250Author Commented:
Hi Ove, Request completed, see attached!  -  Procedures just done in following order:

1. Moved Computer to OU - closed AD and rechecked - All good
2. Opened GPO Server and ticked boxes x 2 on left window properties and right window properties for 'Uninstall the apps when they fall out of scope of management
3. logged onto host pc with user account still no software installed
4. Ran - gpupdate /force - on host pc
5. Restarted host pc 'twice' and logged on with user account still no software
6. Shutdown host pc and restarted Server
7. Opened 'Eventviewer' on host pc for and 'App issue'
8.  Gp policy ok, but in Eventviewer 'Application' shows issues with GPO Software referencing 1612
9.  No changes appear to affect Server Eventviewer.
pc-moved-to-OU.zip
0
 
OveConnect With a Mentor Commented:
pls check the info from here:
http://www.minasi.com/forum/topic.asp?TOPIC_ID=26294

Ove
0
 
mikey250Author Commented:
Hi Ive looked at the url's you mentioned and yes I have read simular info but wanted to stick with your guidance as I have installed GPO Software a week ago twice but couldnt remember how I did it except that I may have gave admin rights instead of user rights and this worked successfully without the need for these extra additions.

As I have now input these images I am going to reboot server in following order:

- Restart host pc
- run: gpupdate /force but if this does not work
- I will then restart host pc twice
- Then check host pc Eventviewer again

Gp-policy-refresh-interval.docx
GP-slow-link-detection.docx
Network-directories-to-sync-at-l.docx
User-configuration-extra-setting.docx
0
 
mikey250Author Commented:
Hi Ove, I have not done anything to the host pc yet, but sending the last change as image now before I do in a few mins!!
Always-wait-for-network-at-pc-st.docx
0
 
OveCommented:
pls disable all other gpo's - and do only user GPO1 for testing of software-installation.

Ove
0
 
mikey250Author Commented:
Hi Ive added the last images at end of process again.  You sent one url about: appmgmt.log

This url mentions about application management, but I dont think it is refferring to my particular error as the error I get states: 1612..!

http://support.microsoft.com/kb/315809

I will though now remove the 1 other GPO I have running which happens to ONLY run the 'redirection folder' for roaming profiles and that is it!!
host-pc-gp-policy-ok.docx
host-pc-eventviewer-1.docx
host-pc-eventviewer-2.docx
host-pc-eventviewer-3.docx
host-pc-eventviewer-4.docx
0
 
mikey250Author Commented:
Ive done the following on the host pc

- restarted host pc once
- ran: gpupdate /force
- restarted pc twice but still no software
0
 
mikey250Author Commented:
Hi Ove,  I deleted the 'USER' for the 'Redirection folder' can create another next time.  Im assuming to 'Disable' a GPO I should untick 'Link Enabled' ?

Should the 'GPO1' also be placed under 'ITSOLUTION.CO.UK - ?
host-pc-gp-policy-ok.docx
host-pc-eventviewer-1.docx
host-pc-eventviewer-2.docx
host-pc-eventviewer-3.docx
host-pc-eventviewer-4.docx
gpo-1-only.docx
0
 
mikey250Author Commented:
Hi Ove,  I will return tomorrow as had enough today!!!!!!!!!! thankyou for your patience!!!!!
0
 
mikey250Author Commented:
Hi Ove,  I was just wondering when I 'Edit' computer configuration just for 'Deploy software', is that all I touch, or do I also access User configuration in same GPO for all those other changes I made specifically, but only in the 'GPO USER' for the 'Redirection folder' etc?
0
 
mikey250Author Commented:
All I have done specific to:

Computer configuration - Added software and not made any other changes anywhere in this GPO...
User configuration - Added 'Redirection folder and those other network settings I sent earlier to do with logging on and off and roaming sync etc..

And nothing else
0
 
OveConnect With a Mentor Commented:
Strange problems on newly installed machines :-O
The location of the GPO1 under "HR3" is absolutely OK.

So...at the moment neither the software is being installed nor uninstalled to your MICK-PC, right ?

I think due to the complexity of your problems it might be better to read some more basic "Getting started literature" - even if that sounds boring to you.

I think http://en.wikipedia.org/wiki/Group_Policy might be a good starting point - especially the link at the bottom: http://technet.microsoft.com/en-us/library/hh147307(WS.10).aspx (Group Policy for Beginners).

Sorry that was unable to help you - maybe another EE member might point you to the right direction.

Hope you'll get better help!

Ove
0
 
mikey250Author Commented:
Morning Ove,  Yes that is correct no software installed on Desktop or when I click 'Start', which is where I have seen it before when I think I made everything 'admin'.....

I have been reading boring literature and although you sent me those extra links to do with 'Sync logon/logoff' etc I already had those details but wanted to follow your lead!!!! As last time I successfully installed the software I did not have to input any of those extras!!

Im reading those 'Urls' now but may take sometime so was gonna leave this 'thread' open for sometime???

Thankyou for your help anyway at least I know Im on the right track!!!!!!!!!!!!!!!!! Im thinking of giving 'full access' completely everywhere or installing by 'Admin' and then checking!!

There maybe something stuck in the 'Registry' that needs to be removed due to previous changes!!
0
 
mikey250Author Commented:
Hi just a note for my thread as still reading the 'url's sent previously:  

So, what happens if multiple GPOs contain the same setting? This is where order of precedence comes into play. In general, the order in which Group Policy applies GPOs determines precedence. The order is site, domain, OU, and child OUs. As a result, GPOs in child OUs have a higher precedence than GPOs linked to parent OUs, which have a higher precedence than GPOs linked to the domain, which have a higher precedence than GPOs linked to the site. An easy way to think of this is that Group Policy applies GPOs from the top down, overwriting settings along the way. In more advanced scenarios, however, you can override the order of precedence.

You can also have—within a single OU—multiple GPOs that contain the same setting. Like before, the order in which Group Policy applies GPOs determines the order of precedence. In Figure 2, you see two GPOs linked to the domain corp.contoso.com: Windows Firewall Settings and Default Domain Policy. Group Policy applies GPOs with a lower link order after applying GPOs with a higher link order. In this case, it will apply Windows Firewall Settings after Default Domain Policy. Just remember that a link order of 1 is first priority, and a link order of 2 is second priority. You can change the link order for a container by clicking the up and down arrows as shown by callout number 2 in Figure 2.
0
 
yo_beeDirector of ITCommented:
@Mikey
Are you just putting the path for the MSI for office?

i.e  \\Server1\software\<ofice2003>.msi
0
 
mikey250Author Commented:
Hi yo_bee, when I locate the path it is the 'network path ie - \\servername\software\wordviewer\wordview.msi - for example.

Ive just done a clean re-install of Win 2008 and back on domain integrated with SP2 and done a clean install of my Win 7 host pc with the first lot of detected updates...

Ive now done the following in this order:

- Created OU
- Created  - 'user account' in OU and completed profile tab path ie - \\servername\profile\%username%
- Created - c:\profile - and gave 'Full access in Shared & Security tab'
- Software has been converted from '.exe to a .msi'
- Created - c:\software - and copied software to folder - Then gave 'Full access in Shared & Security tab'

My intention is now to do the following in this order:

- Join Win 7 host pc to domain
- Switch Win 7 host pc off
- Log back onto server and 'Move' Win 7 host pc into 'OU' previously created as above
- Will then add 'Domain computer' to 'Member of' tab in 'user account' - I think...........!!
- Will open GPO Server and see that automatically the 'OU' previously created has appeared, so will right click and select Create a GPO in this domain and link it here..
- I will then right click GPO/Edit and install software
- Switch host pc on and if not installed
- run on host pc - 'gpupdate or gpupdate /force'
- reboot and logon twice without running 'gpupdate or gpupdate /force' again

Will see what happens
0
 
yo_beeConnect With a Mentor Director of ITCommented:
I saw that you has Office 2003 in one of the packages.  That might be failing due to a lack of answers (i.e. product key, whether excel is installed...etc..)
When you try wordview.msi  are there any other prompts that are asked other then the standard agreement to EULA, NEXT, NEXT, NEXT when you install this manually?
Sometime the MSI will need product Keys or what not entered.

OFFICE 2003 has Custom Installation Tool that you can download
http://office.microsoft.com/en-us/office-2003-resource-kit/custom-installation-wizard-HA001140170.aspx

This will create an answer file for Office 2003.  
0
 
mikey250Author Commented:
Hi yo_bee I have actually installed this 'office 2003' before on same host pc but not sure exactly what I did thats why repeating to find exact procedure although struggling now!!!!

I have a blank Win 7 OS currently with no Office or Office 2010, just like before.  Once Ive proved I understand the process then I was going to delve into other ideas!!!!

Appreciated for the url you sent!!

Not joined domain yet as took a break!!!
0
 
yo_beeDirector of ITCommented:
The tough this with Office 2007/2010 is that there is no MSI files for install.
You need to run the install from the setup.exe file.  This proposes an issue when trying to push via GPO.
Note: Office 2007/2010 come with the Custom Installation Wizard (Office Custom Tool) so yo can create the various transform files.
you run Setup.exe /Admin to gain access to the utility.

FYI You will probably need to push this out with a script unless you are able to create a custom MSI file for deployment.

0
 
mikey250Author Commented:
I copied 'office 2003 .exe' to c:\ then did - c:\wordview_en-us.exe /extract:c:\word-view - enter and this changed it to a .msi

Not sure what you mean by your comments

Not using office 2007/2010 yet anyway!!!! Trying to understand how to practically do install via GPO first of all

You need to run the install from the setup.exe - Dont understand what you mean here although I presume you mean my 'wordviewer.exe on server !!!!!

Note: office 2007/2010 comes with the CIW - I will try this later but wish to install this Office 2003 as been on this for 3 weeks 7 days a week, but due to getting it installed twice before this why not give up and used other ideas!!!!!!!!!!!!!

yet!!
0
 
yo_beeDirector of ITCommented:
I was just stating examples since I do not have actual application to reference.
I saw some of your screenshots and OFFICE 2003 was in that.  Office 2003 runs via MSI and not EXE.

With regards to Office 2007/2010 I saw that you mentioned it in the previous posts so I figured I would add my insight on that as well.
Really not more then that.

You will need to download the CIW for 2003 and configure this so Office can be pushed.
0
 
mikey250Author Commented:
Hi yo_bee I got it to work in the end but what I did for every extra configuration I added starting from the software - rights/permissions and going back one by one to the GPO - rights/permissions and back to AD rights and permissions and last of all going back to:  c:\software - rights and permissions I was able to: install software onto pc and then remove about 10 times until I was left with the bare bones of what allowed me to install it anyway.

On doing so I switched between Computer configuration to install software and remove
& User configuration to install software and remove

All appeared to be ok which was excellent!! But eventually I did get to a point when removing stuff regarding the user or domain computer reference rights/permissions ie instead of 'full access I changed it to 'read' for example and somewhere along the line I could not reinstall the software at 'Computer configuration'!!

Although on the host pc in 'Eventviewer' it did state some 'Bit service issue and after looking on the internet it stated to 'restart' the service, so I opened up the Computer configuration and located this 'Bit service' and did so and then I ran 'gpupdate /force' on the server and restarted the host pc which eventually detected that changes were made and mentioned about the 'software to be installed' was detected and would take another reboot, but even after a few more reboots and doing: gpupdate /force or gpupdate /wait:0' for example on the host pc it still did not install.

So I have not made no more changes since, but on looking in the 'Eventviewer' eventually it states that there was an issue with it.

Im not sure if I can even do: gpupdate /force or even gpupdate /wait:0 for example one by one before restarting the host pc as Im assuming this may cause even more problems and reboots making me appear to be going round in circles!!!!!!!!!!!

It ok I will leave it at that as learning this AD isn't straight forward and can be configuration in various ways dependant upon the scenario from what I've heard.


0
 
mikey250Author Commented:
Hi yo_bee,  I got it to work in the end but what I did for every extra configuration I added starting from the software - rights/permissions and going back one by one to the GPO - rights/permissions and back to AD rights and permissions and last of all going back to:  c:\software - rights and permissions I was able to: install software onto pc and then remove about 10 times until I was left with the bare bones of what allowed me to install it anyway.

What I mean't by above comment was that I changed privileges etc instead of 'full access' for everthing!!!
0
 
mikey250Author Commented:
Sound advice but have been having intermitant issues which looks as though have been cause of my problem.  Although resolved now and no more issues so far with OS and no more intermitant issues!!
0
All Courses

From novice to tech pro — start learning today.