Microsoft 2008 R2 Group Policy Objects

techgenious
techgenious used Ask the Experts™
on
I have packaged a MSI. from a .EXE

I now want to deploy the MSI via group policy to all computers I have in a specific OU.

What is the best practice in deploying this MSI via GPO?
I want to deploy to computers not users, and want no interaction from the user.
I want to install automatically via GPO.

How do I go about doing that?

Should I use assigned or Published?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If you read through this thread it should answer your questions. Let me know if I can help further.

"You can assign it to a computer or publish it to a user. When published to a user the software is not installed but made available through add and remove programs."

http://www.petri.co.il/forums/showthread.php?t=23146
Top Expert 2012
Commented:
Some points to consider:
You can only assign when sending it to the computer - and this is what you want to do because it results in an MSI "Per-Machine" install which is much more manageable than per-user.
The targeted machines will need to reboot to have the software deployed.  Unlike other GPOs, software installs happen ONLY at reboot for Machine targeted and at logon for User targeted.
You will need to deploy from an UNC - if you use a drive letter, GPO converts it to a UNC.  There are no drive letters available at the time machine targeted installs happen
Turn on MSI logging because there is no feedback from each system as to whether you the package completes successfully.  For XP machines you will need to enable the Windows Installer Logging policy and set it to voicewarmupx. (details: http://technet.microsoft.com/en-us/library/cc737858(v=ws.10).aspx)  For Windows 7 you can put the property "MsiLogging" in the package and set it to voicewarmupx

Author

Commented:
So when I 'assign' to a computer, your saying the computer either has to be rebooted & have the user logon.

Is there anyway to just deploy the MSI via assigned to a computer, and have it automatially install, without rebooting the machine and the user logging into the server.

My other question when I packaged this MSI, and tested it installing it manually, I had to press > Next > Next > Next,,,, etc.....

Will this install automatically via GPO?   If not what do I need to install this package without user intervention?

I am just learning this GPO stuff.

thanks
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Top Expert 2012

Commented:
When you assign to the computer (which you should) you would have to REBOOT the computer - that is the only way to deploy a computer assigned package.

GPO will automatically add the "/QN" switch when deploying.

There is no way to schedule distributions - GPO software deployment was intended as a very small shop method of software distribution.  When it was introduced (Windows 2000) Microsoft removed SMS (now SCCM) from their small company offering called "Back Office" at the time (now SBS).  SMS was overkill for small organizations up to 500 seats.

A very good alternative that is what GPO should have been (and was generally assumed to be) is SpecOps Deploy (http://www.specopssoft.com/products/specops-deploy).  SpecOps does everything through Group Policy (both for Admin and for servicing clients), but has some status reportings, can send EXEs and many, many other things.

There are also some cheap and free cloud alternatives.  Microsoft Intune is cheap and can also give you access to MDOP (app-v) without an MS support agreement:
http://www.pcworld.com/businesscenter/article/242081/its_like_microsoft_is_giving_windows_intune_20_away_for_free.html
http://www.microsoft.com/en-us/windows/windowsintune/faq/default.aspx

ManageEngine has an affordable pricing model: http://www.manageengine.com/products/desktop-central/windows-software-installation.html

BruteSoft has a free license for up to 10, then $1/month per machine - cheaper if you subscribe a year: https://www.brutesoft.com/#pricing

Author

Commented:
I understand the computer has to be rebooted in order to install the package.

Now let me think outside the box:

what about a powershell script or a batch file to run the installation of the MSI package?
FYI:  I'm real green at GPO's.
Top Expert 2012

Commented:
That would cause the first part of your MSI to run in the context of the user credentials.  

If they are not administrators so that they can answer the UAC prompt, the package will not install successfully.

GPO installs using the system account - so this is a non-issue in that case.
Top Expert 2012

Commented:
Forgot to mention that if the desktop is XP, they still need to be administrators.

Author

Commented:
The MSI package installed I get this message, but it did not start the service.


Application 'C:\Program Files (x86)\Ocs Inventory Agent\OcsSystray.exe' (pid 2348) cannot be restarted - Application SID does not match Conductor SID..

Event ID:  10010

I do not see much on this when I do a search
Top Expert 2012

Commented:
Sounds like the package triggered a reboot which was denied by OcsSystray.exe and that the package was relying on a restart to start the service.

Author

Commented:
Can you put that in English >  GPO requires a reboot because it is assigned > computer.
So I rebooted the machine.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial