Deploy Agent via GPO excluding existing installations.
In our organization, we deployed the Kace Agent in multiple ways. We used the agent provisioning, then we started using a login script that ran with admin credentials. Now I would like to strictly use a GPO to push out the agent. However, I'd prefer not to send out the client again if a machine already has it. My understanding is that a "assign software" GPO will not run if the registry key already exists for that GPO. (HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt) under that, there will be a key with a unique ID specific to the GPO.
Anyway what I'm trying to accomplish is, creating an offline script that runs that adds the required key to the registry and apply the script to all computers. That way obviously if the client has the agent installed it will add that registry key. Then when I deploy via a GPO any missing will get it.
Has anyone done anything like this? Are there limitations, or anything I'm missing?
Answers (1)
So looking into this more, I setup a GPO that assigns the software to a test OU. I put a couple of VM's in that test OU and noticed that the key that's created by the GPO is the same for both XP and Win7. A copy is below:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{84bd573c-ca4f-4e1d-b08b-73cdf50579c3}]
"Deployment Name"="Dell KACE Agent"
"GPO Name"="Deploy DELL Kace Agent"
"GPO ID"="{9471b32d-a83e-409b-b211-72886767164f}"
"Product ID"="{c80e28a9-0620-48d7-a015-099636fa6fcb}"
"SupportUrl"="http://www.kace.com"
"AssignCount"=dword:00000001
"Revision"=dword:00000000
"Install UI"=dword:00000005
"AppState"=dword:00000009
I went ahead and deleted the key, and magically it re-installs on reboot (even if I didn't ununstall the kace agent). Of course if I leave the key, nothing happens on Reboot.
I went ahead and created an offline kscript that add's all the keys/values above, I ran it on some test computers and it looks like it works fine. I'll need to expand the test group I think but it looks like it should work.
Comments:
-
Great Work, Thanks! - Mobzy 11 years ago