MSOffice2k3 deployment thru GPO for computer
I seem to be having some difficulties getting MS Office to install via GPO when assigned to a computer.
Here is what I have:
-Created a OU for my LAN computers (high-speed office deployment over the network).
-Created a security group MSOffice
-Put the Computer account in the LAN OU and the security group.
-Created the gpo called MSOffice, with the msi of the office, and the mst of a mst file created with the Office 2k3 ORK.
-For the properties of the GPO I Unchecked apply GPO to authenicated users. Added the MSOffice Security group to the GPO and gave it read and apply gpo permission.
-Under the software in the gpo, I have set the security of the item to read for the MSOffice security group.
Using gpupdate and "gpresult /scope computer /v" from an XP Pro computer I can see that the MSOffice GPO is under "Applied Group Policy Objects", but under the "software Installations" section, all that is there is "N/A".
Any ideas on why the software isn't getting applied to the computer account? No errors on the Event viewer, permissions on the UNC path (share and file permissions) to the install directory are wide open.
Thanks,
David Troesch
Here is what I have:
-Created a OU for my LAN computers (high-speed office deployment over the network).
-Created a security group MSOffice
-Put the Computer account in the LAN OU and the security group.
-Created the gpo called MSOffice, with the msi of the office, and the mst of a mst file created with the Office 2k3 ORK.
-For the properties of the GPO I Unchecked apply GPO to authenicated users. Added the MSOffice Security group to the GPO and gave it read and apply gpo permission.
-Under the software in the gpo, I have set the security of the item to read for the MSOffice security group.
Using gpupdate and "gpresult /scope computer /v" from an XP Pro computer I can see that the MSOffice GPO is under "Applied Group Policy Objects", but under the "software Installations" section, all that is there is "N/A".
Any ideas on why the software isn't getting applied to the computer account? No errors on the Event viewer, permissions on the UNC path (share and file permissions) to the install directory are wide open.
Thanks,
David Troesch
0 Comments
[ + ] Show comments
Answers (7)
Please log in to answer
Posted by:
A-Baum
20 years ago
Seems like you're doing too many steps to get this done. To be honest I did it the same way until I realized there was a simple way to do it. Here is how I do it.
I created an OU specifically for software pushes. I created the Office install GPO in that group. When I want to push the software to a machine, I move that machine into the OU, and have the user reboot. (allow a few minutes for replication if applicable) When the user reboots, before they even get to the ctrl-alt-del box, they will see a box saying "Installing Microsoft Office 2003 Professional...".
You don't need security groups at all. The GPO push uses the local machine account to run the install before a user logs in, so it's pointless to add a user to a group since it never gets that far. If you follow the above steps, you should see good results. However I'm a little concerned you see nothing in the event viewer. When you add a machine to the GPO with policy in it, you will see an event viewer item under the Application portion of EV. The first thing you should see is an SceCli entry. When you open it and see "Security policy in the Group policy objects are applied successfully."
Now if you see that you're on your way.
Don't forget that pushing software via a GPO only works for windows 2000 SP3 and higher. If you're 2k SP2, nothing will happen.
Try these steps and post back your results.
I created an OU specifically for software pushes. I created the Office install GPO in that group. When I want to push the software to a machine, I move that machine into the OU, and have the user reboot. (allow a few minutes for replication if applicable) When the user reboots, before they even get to the ctrl-alt-del box, they will see a box saying "Installing Microsoft Office 2003 Professional...".
You don't need security groups at all. The GPO push uses the local machine account to run the install before a user logs in, so it's pointless to add a user to a group since it never gets that far. If you follow the above steps, you should see good results. However I'm a little concerned you see nothing in the event viewer. When you add a machine to the GPO with policy in it, you will see an event viewer item under the Application portion of EV. The first thing you should see is an SceCli entry. When you open it and see "Security policy in the Group policy objects are applied successfully."
Now if you see that you're on your way.
Don't forget that pushing software via a GPO only works for windows 2000 SP3 and higher. If you're 2k SP2, nothing will happen.
Try these steps and post back your results.
Posted by:
cdupuis
20 years ago
Be sure not to set the "uninstall this application if it falls out of the scope of management" option or when you move the machine back out of that OU it will uninstall it the next time the machine is rebooted.
Posted by:
JasonB
20 years ago
I'm having exactly the same problem, except that I see the message that the policy applied successfully, gpresult sees other items set in the policy, but Office 2k3 doesn't install.
Posted by:
cdupuis
20 years ago
Check for application management entries in your event log ont eh target system, that covers the install via GP and should report back specific application installations regardless of how many are assigned in the GPO.
Posted by:
silversword
20 years ago
Checking the Application Event viewer, a new Error, event ID 1054:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
--------------
So now I'm on to troubleshooting either SP2 problem, or something else.
ping, and dns resolution of the server are working fine from the client. Something must have changed on the client on how it's looking for/finding the dc.
Firewalls have been disabled, maybe I need to roll back my system see what that does. Hopefully I've got the application installation mechanism fixed at this point though.
Thanks everyone,
David Troesch
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
--------------
So now I'm on to troubleshooting either SP2 problem, or something else.
ping, and dns resolution of the server are working fine from the client. Something must have changed on the client on how it's looking for/finding the dc.
Firewalls have been disabled, maybe I need to roll back my system see what that does. Hopefully I've got the application installation mechanism fixed at this point though.
Thanks everyone,
David Troesch
Posted by:
cdupuis
20 years ago
Check to see if it will deploy to a windows 2000 box, just build a clean machine and join it to your domain, and try to deploy office 2k3 to it. That will confirm that your GPO is working.
Posted by:
JasonB
20 years ago
Found my problem, it was the "detect slow link" setting as the policy was trying to apply from a server over a 256k connection, but the app files resided in the office where the pc's are.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.