Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Group Policy

Posted on 2013-05-30
9
Medium Priority
?
578 Views
Last Modified: 2013-08-16
I am using Server 2000.  I created a GPO object to deploy Office 2003 with a transform file.  The group policy is not executing and installing from the .MSI from a network share.  

How do I do this?  I only want to test on users and their virtual machines and not deploy through all the organization yet.
0
Comment
Question by:Robert Mohr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 5

Expert Comment

by:Coffinated
ID: 39209310
Server 2000?! It is time to upgrade.

It has been a while, but you may need an Office 2003 resource kit

http://office.microsoft.com/en-us/office-2003-resource-kit/using-group-policy-to-deploy-office-HA001140201.aspx

Make sure that the following setting is enabled,

Computer Configuration\Administrative Templates\System\Logon\ Always wait for the network at computer startup and logon.

Steps in a nutshell

1. Create a shared folder in the local system drive and give administrator full access and everyone read only access.
2. Copy all the contents of the Office 2003 setup to a folder there.
3. Using Custom Installation Wizard in Office 2003 resource kit create a file with any name and save in the shared folder created in first step

Once you've installed windows resource kit tools, you can find a menu called the Custom Installation Wizard in start menu. Invoke it, and when prompted, point it to the .MSI for Office Version (PRO11.MSI for Office 2003). An .MST file (Windows Installer transform) will be generated. Save it in the same place as your installation point. This file is an answer file for installation.

4. Create a new Group Policy object, and Assign/Publish a new Software Package (Assign it to the computer configuration). Point the GPO to the .MSI of Office version PRO11.msi for the Office 2003. In Modifications tab browse for the MST file created in the previous step.
5. Disable the User Configuration settings in the GPO, as they won't be used (Installing software per computer here).

6. Reboot one of the system which falls in the scope of above given GPO and see how it actually works.

7. In case if your client consist of Windows XP Pro you will have make sure that the following setting is enabled,
Computer Configuration\Administrative Templates\System\Logon\ Always wait for the network at computer startup and logon
0
 
LVL 3

Expert Comment

by:GlobalStrata
ID: 39212854
Yeah, upgrade needed since this OS is not longer supported by Microsoft which means you are no longer getting security updates.

If you are having issues applying a software installation via GPO, I would suggest enabling software installation Log to see what is happening.  Do you see the GPO Processing?  To see if it is processing, enable the UserEnv.log.  You can see how to enable the logs using the following: http://technet.microsoft.com/en-us/library/cc775423(v=WS.10).aspx

Gladys Rodriguez
http://blogs.technet.com/b/mspfe/
0
 

Author Comment

by:Robert Mohr
ID: 39216594
Coffinated -
Yes, I know, Server 2000 NEEDS to be removed/upgraded.  Working on it...

I followed all of your steps and on the specific machine I receive this warning on the end user machine that I am testing the GPO.

The processing of Group Policy failed. Windows attempted to read the file \\unitedshockwave.com\SysVol\unitedshockwave.com\Policies\{CCF6A1B3-2916-4AFA-B247-3E39D259F1DF}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved....
When going to that specific file path, the long string starting with {CCF6A1B..., it is not listed in that folder.  Any thoughts on the issue?  WE'RE SO CLOSE!

GlobalStrata -
I enabled the log and I don't believe it is showing me information that is helping me deduce the issue.  I might not be reading it correctly however.  
Thoughts?
0
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

 
LVL 3

Accepted Solution

by:
GlobalStrata earned 1000 total points
ID: 39220652
Are you seeing that path if you check on all Domain Controller Sysvol Folder?  If the answer is no, then you are having Sysvol Replication issues.  

If the answer is yes, then my suggestion is to delete that GPO, create a new one and put the settings in the new one.  It seems that there was some type of corruption that happened.  You may want to check if Antivirus is scanning your Sysvol.  It is recommended for Sysvol not to be scanned.

Just a quick background.  When you create a GPO, information is saved in two locations:

1. Active Directory Users and Computers > System (Need to enable Advanced View to see) > Policies > GUID.  This is called the Group Policy Container.  It contains attribute information such as version, Display Name and others.

2. Sysvol > Domain > Policies > GUID.  This is called Group Policy Template and contains the actual GPO Settings.

This means that for Group Policy to work correctly, both Active Directory and Sysvol Replication must work correctly.  There is a possibility for one of the components explained above to not exist.  Usually this happen when there are some type of communication, scanner locking files or some other weird issue.  In your case, it seem that the GPT may be missing.

Gladys Rodriguez
http://blogs.technet.com/b/mspfe/
0
 
LVL 79

Expert Comment

by:arnold
ID: 39220969
Are you deploying as a user or a computer GPO?
If the GUID not showing up, that means you have an error in the GPO that prevents its rollout into sysvol.

It might be a permission related issue.
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 39221173
Globalstrata is pointing in the right direction. If you get that error in event logs it means its not been replicated to all DC's.

start with dcdiag and the eventlogs to spot the issues with replication then your GPO will start working
0
 
LVL 40

Expert Comment

by:Vadim Rapp
ID: 39221853
Delete this group policy, then create new. You can start with publishing or assigning some trivial MSI package. In group policy editor, run "group policy results wizard" and see if your policy and package become visible to the machine.

Troubleshooting is best to start from clean workstation, such as clean virtual machine, which you can restore to the original state by one click. Otherwise you never know whether the problems are on domain controller or on the workstation.

> Yes, I know, Server 2000 NEEDS to be removed/upgraded.  

Only if you have real reasons, such as there are things you can't do with it, applications you need to install on it but incompatible, and such. If your dc is not on the perimeter of your network, then you probably don't face any security risks, while Microsoft security patches has a long history of being 99% publicity stunts, ruining core functionality of the affected systems left and right. There are lots of non-security patches whose description starts with "After you apply security patch xxx, you experience.....", however, unlike security patches, these are not pushed to anybody, you have to learn about them, find them, and request them from Microsoft. Which is kinda paradox, since the probability to be affected by the security vulnerability is usually negligent, while the probability to be affected by the pushed security patch with known defect is 100%. For that reason, on my own domain windowsupdate is not automatic, and I personally approve through WSUS only few selected fixes that do have impact - practically all non-security ones. As a bottom line, I couldn't care less whether my O/S is "supported" by Microsoft, or not, and the only reason to upgrade becomes, for example, new Exchange Server that needs newer server o/s.
0
 

Author Comment

by:Robert Mohr
ID: 39275806
Anti-virus is not scanning SYSVOL.
I deleted the GPO, created a new one and still received that same error.
I'm abandoning this and chalking it up to Server 2000.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question