asked on GPO Startup script not working
I have a install.bat file that is in a GPO and installs a software. When I click on the .bat file from a remote computer it installs fine, but the GPO wont work. I have the permissions on the share as the Everyone group with full control and ntfs permissions are authenticated users read\write. the gpo is enabled and linked to the OU with the laptops in it. There are no errors or anything in the application and system logs of the server or the client.
Any suggestions?
Thanks.
Inside the .bat file:
msiexec /package "\\Server\Install\Install Software.msi"
This bat file is in the Computer Configuration>Windows Settings>Startup. If I click on "Show files..." I see the .bat file in the SysVol>policies>guid>machi
Any suggestions?
Thanks.
Inside the .bat file:
msiexec /package "\\Server\Install\Install Software.msi"
This bat file is in the Computer Configuration>Windows Settings>Startup. If I click on "Show files..." I see the .bat file in the SysVol>policies>guid>machi
Active DirectoryWindows Server 2008Networking
Last Comment
tolinrome
ASKER
I was following the documentation of the vendor and thats the way they mention to do it. I'll try what you suggested, thanks.
ASKER
Check this out from the vendor. Still cant get it to work the way you suggested also. Actually thats how I initially did it also but I went according to the documentation, either way I cant get it to work.
http://www.websense.com/content/support/library/web/hosted/admin_guide/endpoint_gpo.aspx
http://www.websense.com/content/support/library/web/hosted/admin_guide/endpoint_gpo.aspx
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
I see why they have you doing the BAT file installation now, you can not provide command line arguments with group policy software installation.
I do notice in your script you do not have the second part of the command line WSCONTEXT=xxxx you may or may not need this depending on your setup.
Did you create the share permissions and set everyone to have access to it? I believe computer startup scripts run as local system and you need to make sure the shared folder has permissions that will allow that to open the file.
What I would reccomend trying is this. Use the steps below and PSEXEC to open a command prompt as SYSTEM then attempt to browse to your shared folder. If you can get to it then you know it is accessible by the GPO. If not you need to alter your permissions.
http://blogs.technet.com/b/askds/archive/2008/10/22/getting-a-cmd-prompt-as-system-in-windows-vista-and-windows-server-2008.aspx
I do notice in your script you do not have the second part of the command line WSCONTEXT=xxxx you may or may not need this depending on your setup.
Did you create the share permissions and set everyone to have access to it? I believe computer startup scripts run as local system and you need to make sure the shared folder has permissions that will allow that to open the file.
What I would reccomend trying is this. Use the steps below and PSEXEC to open a command prompt as SYSTEM then attempt to browse to your shared folder. If you can get to it then you know it is accessible by the GPO. If not you need to alter your permissions.
http://blogs.technet.com/b/askds/archive/2008/10/22/getting-a-cmd-prompt-as-system-in-windows-vista-and-windows-server-2008.aspx
ASKER
ok, I got the command prompt open as SYSTEM, but how then do I "browse" to the shared folder in the command prompt?
When in the system command prompt map a drive.
NET USE L: \\server\path
If the drive maps switch to L: and try browsing the tree until you get to your folder.
NET USE L: \\server\path
If the drive maps switch to L: and try browsing the tree until you get to your folder.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
I did exactly that and it said "The command completed successfully". But there is no L: drive anywhere.
ASKER
ok got it to work, so it is accessible by the GPO.
ASKER
I didnt put the .bat file in the SysVol where "Show files...". Not sure if there is a need too.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
I thought that the sysvol is only for bat files you want to run from profile scripts. If it is still not working, what is the gpupdate / results?
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
With the file being an MSI you can skip the BAT and use group policy software installation in order to push it out.
http://support.microsoft.com/kb/816102
You will want to use the publish option instead of assign.