Avatar of techgenious
Flag for United States of America asked on

Microsoft 2008 R2 Group Policy Objects

I have packaged a MSI. from a .EXE

I now want to deploy the MSI via group policy to all computers I have in a specific OU.

What is the best practice in deploying this MSI via GPO?
I want to deploy to computers not users, and want no interaction from the user.
I want to install automatically via GPO.

How do I go about doing that?

Should I use assigned or Published?

Windows Server 2008

Avatar of undefined
Last Comment

8/22/2022 - Mon

If you read through this thread it should answer your questions. Let me know if I can help further.

"You can assign it to a computer or publish it to a user. When published to a user the software is not installed but made available through add and remove programs."


Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

So when I 'assign' to a computer, your saying the computer either has to be rebooted & have the user logon.

Is there anyway to just deploy the MSI via assigned to a computer, and have it automatially install, without rebooting the machine and the user logging into the server.

My other question when I packaged this MSI, and tested it installing it manually, I had to press > Next > Next > Next,,,, etc.....

Will this install automatically via GPO?   If not what do I need to install this package without user intervention?

I am just learning this GPO stuff.


When you assign to the computer (which you should) you would have to REBOOT the computer - that is the only way to deploy a computer assigned package.

GPO will automatically add the "/QN" switch when deploying.

There is no way to schedule distributions - GPO software deployment was intended as a very small shop method of software distribution.  When it was introduced (Windows 2000) Microsoft removed SMS (now SCCM) from their small company offering called "Back Office" at the time (now SBS).  SMS was overkill for small organizations up to 500 seats.

A very good alternative that is what GPO should have been (and was generally assumed to be) is SpecOps Deploy (http://www.specopssoft.com/products/specops-deploy).  SpecOps does everything through Group Policy (both for Admin and for servicing clients), but has some status reportings, can send EXEs and many, many other things.

There are also some cheap and free cloud alternatives.  Microsoft Intune is cheap and can also give you access to MDOP (app-v) without an MS support agreement:

ManageEngine has an affordable pricing model: http://www.manageengine.com/products/desktop-central/windows-software-installation.html

BruteSoft has a free license for up to 10, then $1/month per machine - cheaper if you subscribe a year: https://www.brutesoft.com/#pricing
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes

I understand the computer has to be rebooted in order to install the package.

Now let me think outside the box:

what about a powershell script or a batch file to run the installation of the MSI package?
FYI:  I'm real green at GPO's.

That would cause the first part of your MSI to run in the context of the user credentials.  

If they are not administrators so that they can answer the UAC prompt, the package will not install successfully.

GPO installs using the system account - so this is a non-issue in that case.

Forgot to mention that if the desktop is XP, they still need to be administrators.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

The MSI package installed I get this message, but it did not start the service.

Application 'C:\Program Files (x86)\Ocs Inventory Agent\OcsSystray.exe' (pid 2348) cannot be restarted - Application SID does not match Conductor SID..

Event ID:  10010

I do not see much on this when I do a search

Sounds like the package triggered a reboot which was denied by OcsSystray.exe and that the package was relying on a restart to start the service.

Can you put that in English >  GPO requires a reboot because it is assigned > computer.
So I rebooted the machine.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy