Group Policy - Issues deploying software packages through GPO
Hello everyone,
I am having issues successfully deploying MSI packages through group policy. I have set my computer account up in its own test OU in my domain, but yet the software will not deploy. Example, I'm trying to deploy AVG Anti-Virus and make sure it
is installed on each and every PC in my domain. As for the GPO, I set it up as an assigned package and pointed to the location of the package with the UNC file path (visible to both the DC and my computer that is part of the affected OU)
On the domain controller, I get these messages in application event logs:
Beginning a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
Ending a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
This shows up when I refresh GP on my computer. I run gpresult /h GPReport.html and get the following message:
Software Installation failed due to the error listed below.
Fatal error during installation.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between
The software is in a share on the domain controller that is visible from my computer, and permissions are set where "Everyone" has read access. I have tested the package on my computer and it installs
correctly if I do it manually, so it's a good package.
I'm at a loss. I am admitedly very new to GP management, but I'm pretty sure I have covered all my bases here. I humbly ask for any and all help that you all can provide.
Thank you all very much, have a great weekend!
> Magnolia_Schools.exe
What's that???
> \\hs-dc2\software\avg\installavg.msi
> <file://\\hs-dc2\software\avg\installavg.msi> /qb addeploy=1
/qb ADDEPLOY=1
Uppercase matters (:
A bissle "Experience", a bissle GMV... Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
I should have explained, my apologies. The InstallAVG.msi is the package I have GP deploying. it is a package that AVG wrote for us that goes in, uninstalls the two previous antivirus softwares we have on our network if it is present, and
then wraps it to run magnolia_schools.exe which installs the AV software. I am uninstalling AVG now and will try reinstalling with
\\hs-dc2\software\avg\installavg.msi /qb ADDEPLOY=1 and report back.
also, the only logs I found that were around the time of the install attempt were such as these:
1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
Does that tell you anything?
I will say this, if this means anything...now that AVG is installed, the event logs are changing from an error %%1603 to this:
Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
The removal of the assignment of application exe2msiSetupPackage from policy Install AVG failed. The error was : %%2
So it acts like it's at least seeing that the package is installed...and reacting differently, correct?
Thanks so much
Similar Messages
-
Getting error when trying to download deployed software package
Hello all, I have been struggling with this for almost two weeks and am about to give up. The error I'm getting is when a client tries to download a deployed software package. The software shows up in IE browser (servername\cmapplicationcatalog),
but when I click install it errors out saying can't install or request software. I am not a network guru and did not setup SCCM but need a little (maybe a lot) guidance. I have looked at log files till my eyes are ready to fall out but just not
sure what I am looking for.
In ccmmessaging.log, I see this error "No reply message from Server. Server may be temporarily down or a transient network error" and this after "http://servername/ccm_system/request failed
with 0x8000000a"
Here comes the weird part, I had this working, successfully deployed twice to two clients. The next day I came in to work and it was broke. I have no clue what could have changed over night to cause
this issue. If someone could maybe lend a hand troubleshooting, I would be most grateful.
Many thanks in advance!!
RobHi,
Please review the link below, here is a useful article for you.
Tips and Tricks for Deploying the Application Catalog in System Center 2012 Configuration Manager
http://blogs.technet.com/b/configmgrteam/archive/2012/07/05/tips-and-tricks-for-deploying-the-application-catalog-in-system-center-2012-configuration-manager.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Issues deploying CC packages using SCCM.
Getting the following error while deploying CC Photoshop/InDesign packages (Device based licensing) through SCCM - "Windows cannot open this program because it has been prevented by a software restriction policy".
The installation goes fine when I click OK on this error. But when the shortcut is launched, a "Sign In Required" window appears, which should not be the case, as I've build the packages using Device licensing option in Creative Cloud Packager. There is no issue, when I install these packages manually on the machine, seems to be an issue SCCM as it installs with SYSTEM account. Exactly not sure what is causing it, struggling to resolve it, have to deploy it to users within strict timeline.
Can you please look into this and assist? Kindly let me know in case you need more info on this issue.
Thanks in advance....Have you seen our SCCM deployment guide?
Creative Cloud Help | Deploying Adobe packages with SCCM -
Hi All,
Am facing plenty of issues in Group policies.. Like when i run this command "gpresult /v" i could see the same policy applied in as thrice in applied group policy.. and that policy is default domain policy.. also trying to add one of intranet site
in Internet Group policy maintenance policy but its not reflected to users.. even i forced the policy.. Please advice me on this.
i have given the gpresult fyr.. some have a quick look and advice me accordingly.
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 3/6/2014 at 9:20:31 AM
RSOP data for OURDOMAIN\venkat2r on INBRLT141 : Logging Mode
OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\venkat2r
Connected over a slow link?: No
USER SETTINGS
Last time Group Policy was applied: 3/6/2014 at 9:07:33 AM
Group Policy was applied from: INCHDC01.OURDOMAIN.com
Group Policy slow link threshold: 500 kbps
Domain Name: OURDOMAIN
Domain Type: WindowsNT 4
Applied Group Policy Objects
ourdomain_Policy_Customized
Global_Wallpaper
ourdomain_Policy_Customized
ourdomain_Policy_Customized
The following GPOs were not applied because they were filtered out
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
High Mandatory Level
The user has the following security privileges
Resultant Set Of Policies for User
Software Installations
N/A
Logon Scripts
N/A
Logoff Scripts
N/A
Public Key Policies
N/A
Administrative Templates
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn
Value: 1, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut
Value: 54, 0, 48, 0, 48, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper
Value: 67, 0, 58, 0, 92, 0, 87, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 92, 0, 87, 0, 101, 0, 98, 0, 92, 0, 87, 0, 97, 0, 108, 0, 108, 0, 112, 0, 97, 0, 112, 0, 101, 0,
114, 0, 92, 0, 69, 0, 109, 0, 101, 0, 114, 0, 105, 0, 111, 0, 46, 0, 106, 0, 112, 0, 103, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
Value: 1, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Internet Explorer\Main\Start Page
Value: 104, 0, 116, 0, 116, 0, 112, 0, 58, 0, 47, 0, 47, 0, 115, 0, 116, 0, 97, 0, 114, 0, 46, 0, 101, 0, 109, 0, 101, 0, 114, 0, 105, 0, 111, 0, 99, 0, 111, 0, 114, 0, 112, 0, 46,
0, 99, 0, 111, 0, 109, 0, 47, 0, 83, 0, 105, 0, 110, 0, 103, 0, 97, 0, 112, 0, 111, 0, 114, 0, 101, 0, 47, 0, 100, 0, 101, 0, 102, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 97, 0, 115, 0, 112, 0, 120, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure
Value: 49, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
Value: 1, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab
Value: 1, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\System\WallpaperStyle
Value: 52, 0, 0, 0
State: Enabled
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: ourdomain_Policy_Customized
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: ourdomain
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: No
Use same Proxy: No
Internet Explorer URLs
GPO: ourdomain_Policy_Customized
Home page URL: http://star.OURDOMAIN.com/Singapore/default.aspx
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: ourdomain_Policy_Customized
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: Yes
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: ourdomain_Policy_Customized
Import the current Program Settings: No
Thanks, Venkatesh. "Hardwork Never Fails"Hi,
Before going further, I have to admit that I made a mistake and Paul is right.
>>But i am not able to change the security settings in IE like adding sites in Trusted sites its grayed out.
If we don’t want to allow users to change this setting, we can configure this setting via native policy and the following blog can be referred to as reference.
Internet Explorer 10 – Add Sites To The Trusted Sites Zone With Group Policy
http://johnfail.wordpress.com/2013/11/07/internet-explorer-10-add-sites-to-the-trusted-sites-zone-with-group-policy/
If we want to allow users to change this setting, we can configure this setting via GPP Registry.
Regarding this point, the following thread can be referred to for more information.
Add Trusted Sites Via GPO but still allow users to add trusted sites
http://community.spiceworks.com/topic/326140-add-trusted-sites-via-gpo-but-still-allow-users-to-add-trusted-sites
Best regards,
Frank Shen -
I have two Domain Controllers Main ( Main DC ) and Second DC.
the date of some policies is not out of date....
please check these files to know the problem.
dcdiag.txt output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine ASMDC, is a Directory Server.
Home Server = ASMDC
* Connecting to directory service on server ASMDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... ASMDC passed test Connectivity
Testing server: Default-First-Site-Name\BSMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... BSMDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Advertising
The DC ASMDC is advertising itself as a DC and having a DS.
The DC ASMDC is advertising as an LDAP server
The DC ASMDC is advertising as having a writeable directory
The DC ASMDC is advertising as a Key Distribution Center
The DC ASMDC is advertising as a time server
The DS ASMDC is advertising as a GC.
......................... ASMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... ASMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... ASMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ASMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... ASMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... ASMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC ASMDC on DC ASMDC.
* SPN found :LDAP/ASMDC.buc.edu/buc.edu
* SPN found :LDAP/ASMDC.buc.edu
* SPN found :LDAP/ASMDC
* SPN found :LDAP/ASMDC.buc.edu/BUC
* SPN found :LDAP/5e88f85b-15a6-4ff5-b0fd-6df748df06fd._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e88f85b-15a6-4ff5-b0fd-6df748df06fd/buc.edu
* SPN found :HOST/ASMDC.buc.edu/buc.edu
* SPN found :HOST/ASMDC.buc.edu
* SPN found :HOST/ASMDC
* SPN found :HOST/ASMDC.buc.edu/BUC
* SPN found :GC/ASMDC.buc.edu/buc.edu
......................... ASMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ASMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... ASMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ASMDC\netlogon
Verified share \\ASMDC\sysvol
......................... ASMDC passed test NetLogons
Starting test: ObjectsReplicated
ASMDC is in domain DC=buc,DC=edu
Checking for CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... ASMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... ASMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7604 to 8103
* rIDPreviousAllocationPool is 7604 to 8103
* rIDNextRID: 7640
......................... ASMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ASMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x825A0024
Time Generated: 08/21/2014 00:22:16
Event String:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system
time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources.
Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
An Warning Event occurred. EventID: 0x8000000E
Time Generated: 08/21/2014 00:32:29
Event String:
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential BUC.EDU\administrator.
An Error Event occurred. EventID: 0x00000422
Time Generated: 08/21/2014 00:32:29
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\buc.edu\sysvol\buc.edu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not
successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... ASMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=ASMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... ASMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\BSMDC
Starting test: Advertising
The DC BSMDC is advertising itself as a DC and having a DS.
The DC BSMDC is advertising as an LDAP server
The DC BSMDC is advertising as having a writeable directory
The DC BSMDC is advertising as a Key Distribution Center
The DC BSMDC is advertising as a time server
The DS BSMDC is advertising as a GC.
......................... BSMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... BSMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... BSMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BSMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... BSMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... BSMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC BSMDC on DC BSMDC.
* SPN found :LDAP/BSMDC.buc.edu/buc.edu
* SPN found :LDAP/BSMDC.buc.edu
* SPN found :LDAP/BSMDC
* SPN found :LDAP/BSMDC.buc.edu/BUC
* SPN found :LDAP/93561cab-4fb3-421f-9a67-af6b4c280eca._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/93561cab-4fb3-421f-9a67-af6b4c280eca/buc.edu
* SPN found :HOST/BSMDC.buc.edu/buc.edu
* SPN found :HOST/BSMDC.buc.edu
* SPN found :HOST/BSMDC
* SPN found :HOST/BSMDC.buc.edu/BUC
* SPN found :GC/BSMDC.buc.edu/buc.edu
......................... BSMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BSMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... BSMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BSMDC\netlogon
Verified share \\BSMDC\sysvol
......................... BSMDC passed test NetLogons
Starting test: ObjectsReplicated
BSMDC is in domain DC=buc,DC=edu
Checking for CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... BSMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... BSMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8104 to 8603
* rIDPreviousAllocationPool is 8104 to 8603
* rIDNextRID: 8106
......................... BSMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BSMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:15
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver SolidPDF XChange required for printer SolidPDF XChange is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!net_pc5!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:19
Event String:
Driver Send To Microsoft OneNote Driver required for printer !!BUCLAPTOP1!Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:20
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/20/2014 23:52:20
Event String:
The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 2) were deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) will be deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) was deleted, and users will no longer be able to print to this printer. No user action is required.
To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click
the Advanced tab, and then clear the Log spooler information events check box.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:22
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 (Copy 1) is unknown. Contact the administrator to install the driver before you log in again.
......................... BSMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=BSMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... BSMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : buc
Starting test: CheckSDRefDom
......................... buc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... buc passed test CrossRefValidation
Running enterprise tests on : buc.edu
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
PDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
KDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
......................... buc.edu passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... buc.edu passed test Intersite
====================================================================
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\ASMDC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5e88f85b-15a6-4ff5-b0fd-6df748df06fd
DSA invocationID: 1355f657-cd24-4ad4-b890-f04f5c624acd
==== INBOUND NEIGHBORS ======================================
DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:43:56 was successful.
CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:41:11 was successful.
CN=Schema,CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
DC=DomainDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:45:39 was successful.
DC=ForestDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
Regards and thanks in advance
MhiarHi,
Based on the description, the Sysvol is replicated by FRS service.
>>some policies at the main DC are not updated like same policies in second DC.
In this case, we can do a non-authoritative restore on the main DC.
To do so:
Click Start, and then click
Run.
In the
Open box, type cmd and then press ENTER.
In the
Command box, type net stop ntfrs.
Click Start, and then click
Run.
In the
Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click
BurFlags.
In the
Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the
Command box.
In the
Command box, type net start ntfrs.
Quit the
Command box.
Regarding reinitializing File Replication Service replica sets, the following article can be referred to for more information.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Best regards,
Frank Shen -
Urgent Group Policy Issue - not applying despite saying it does
Thank you for this urgent help. Auditors checking this out tomorrow morning.
We have a GPO that sets the eventlog audit settings for success or failure security events. The scope is set to Authenticated Users.
When I run the group policy wizard in GPMC it shows the settings applying to one of our servers in that OU.
When I run gpresult/z from that server it shows the policy applying to that server.
But when I go into gpedit.msc the security audit settings are all set to "not defined" and they are grayed out so I can't edit them manually.
As a test I set the GPO to deny applying to that server. I ran gpudpate/force on the system and then gpresult and it shows the GPO now not applying. But the settings are still set to not defined and still not editable. they are not being set by any other GPO.
In the event logs I only see three GPO errors but they are unrelated. A separate GPO is having issues creating user accounts. No other GPOs apply.
Quick help would be fantastic.
Server runs on Windows Server 2008 R2 (I can edit GPO but not the domain ones and I don't have access to the domain controllers).OK, After several hours I figured it out. Turns out there's bugs and odd functionality.
If someone ever tested the 'advanced audit settings' (which I did in the same GPO at some point) then it sets a registry key to disable the use of the older basic audit settings. But when you stop using those advanced settings in your GPO it doesn't remove
that registry bit. So I used the GPO to undo that setting. This was the first step. This is found Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > "Audit: Force audit policy subcategory
settings (Windows Vista or later) to override audit policy category settings" to DISABLED.
Even though this is done, sometimes the GPO files on the domain controllers don't remove the old audit settings. So in the comments of another thread I found out you may have to go to
\\domain-fqdn\SYSVOL\domain-fqdn\Policies\{your-policy-id-where-this-setting-was-originally-set}\Machine\Microsoft\Windows NT\ and delete the Audit folder which is left behind due to some odd bug. If you don't do this even after doing the next step the
next gpupdate will bring that security setting above back down.
Next you have to reset your audit settings on your PC to the defaults. Unfortunately there is no way to do this. Auditpol /clear does not accomplish this. The only way to do this is to take the audit settings from another working system, export them and
then 'restore' those same settings to the affected server. To do this:
1. On 'working system' run cmd.exe as administrator and export the audit settings to a folder like this:
auditpol /backup /file:c:\working-auditpol-settings.txt
2. Copy that file to the broken system such as the C:\ drive and run this on the broken system:
auditpol /restore /file:c:\working-auditpol-settings.txt
Open GPEDIT.MSC and verify the audit settings are back to normal. Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy
Then run gpupdate/force on the formerly broken system. Close gpedit.msc and reopen and verify the settings were not overwritten. If you skipped the sysvol audit folder deletion step they may come back.
Hope this helps someone. -
Deploy software package error / sce2007 sp1
I am trying to deploy IE10 thru SCE2007 SP1 which is on a WIndows Server 2003 Standard.
Unfortunally when importing the package (exe or msi made with IEAK10) there is a error at the end of importing:
Verification of file signature failed for file: \\sceserver\updateservicepackages\number\number.CAB.
Another package is also giving this error. The file is not 500 MB it is 25 MB in size so thats not the problem. There is enough space on the server.
Could it be that sce or sceserver needs updates? Or am i missing something? In a group policy there are things arranged for certificates so that is also not the problem..
Today i have done this with no result:
Click File, click Add/Remove Snap-in, click Add, click Certificates, click Add, select Computer
account, and then click Next.
3. Select
Another computer, type the name of the update server or click Browse to find the update server computer, click Finish, click Close, and then click OK.
4. Expand
Certificates (update server name), expand WSUS, and then click Certificates.
5. In
the results pane, right-click the desired certificate, click All Tasks, and then click Export.
6. In
the Certificate Export Wizard, use the default settings to create an export file with the name and location specified in the wizard. This file must be available to the update server before proceeding to the next step.
7. Right-click
Trusted Publishers, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.
8. If
a self-signed certificate is used, such as WSUS Publishers Self-signed, right-click Trusted Root Certification Authorities, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.
freddieAfter above i have seen in the mmc console certificates that the certificates are: This certificate has an nonvalid digital signature, both certificates. The size is 512 so after reading some internet documentation it seems that these certificates must
be 2048 bits?
The quiestion is i do not know anything about certificates. Years ago 2 certificates are made by some company. WSUS self signed certificates. Both are deployed by group policy.
Quiestion is how to make these certifications valid / 2048 bit etc? Can i change them, make new ones?
freddie -
Windows 7 DNS and Group Policy Issues
Hi,
We have several suites of Windows 7 domain connected PC's.
In one of the suites I have been called into look at 3 different PC's where the users have not got mapped drives, desktop backgrounds, internet connectivity - because their group policies have not applied.
When I look at the error logs I find DNS 1014 errors, and Group Policy 1054 errors.
I have looked at the logs on the switches, and there is nothing on them - Could a pupil pulling the network cable out cause these errors?... Possibly they could have put it back in before I got back in the room.
The user logs off of the PC and back on again and are fine, as are the users that logon after them.
We have 2 DC's/DNS servers, which I would have thought would be able to cope with the load here.
Please let me know what you think the likely cause could be.Hello John555444,
What is your current situation?
Is this issue resolved?
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
Group Policy issue - Bandwidth detection failed
Hi
We have a major issue affecting multiple users (>100) where they are unable to login to the machine.It looks like core windows services do not start such as DHCPClient, EventLog, UserProfileService.
Looking at the events on the pc I can see the following events:
Event 6314
Group policy bandwidth estimation failed. Group policy processing will continue. Assuming fast link.
Event 6323
Group Policy dependency (Network Location Awareness) did not start. As a result, network related features of Group Policy such as bandwidth estimation and response to network changes will not work.
I can see the NLA service started but I am worried alot more machines will become unusable. A change was made to group policy regarding searching items in the start menu
User Configuration\Administrative Templates\Start Menu and Taskbar
Do not search files
Enabled
Do not search Internet
Enabled
Remove Games link from Start Menu
Enabled
Remove Help menu from Start Menu
Enabled
Remove Music icon from Start Menu
Enabled
Remove Network Connections from Start Menu
Enabled
Remove Network icon from Start Menu
Enabled
Remove Run menu from Start Menu
Disabled
Remove the networking icon
Enabled
Remove the volume control icon
Disabled
Remove user's folders from the Start Menu
Enabled
The clients are mostly Vista SP2 with some Windows 7. DCs are Server 2008.
Any help in resolving this much appreciated.Hi,
>>Group Policy dependency (Network Location Awareness) did not start. As a result, network related features of Group Policy such as bandwidth estimation and response to network changes will not work.
Network Location Awareness service is a needed service for processing group policy settings since Windows Vista. It helps check the network location of the computers and helps detect slow link when processing group policy settings.
Before going further, does this happen to all clients in our environment? Please check our network configuration and make sure that the clients are able to correctly communicate with DCs. Besides, we can try to reinstall network
adapters to see if it helps. Moreover, please further check event logs to see if some other error events were logged.
Here, we can also try to clean boot our clients to troubleshoot if this is caused by some third party services or applications.
Regarding how to perform clean boot, the following article can be referred to for more information.
How to perform a clean boot in Windows
http://support.microsoft.com/kb/929135
In addition, if everything goes clean, we can try to delay the application of Group Policy at startup by following the procedure described in the Resolution section in the article below to see if it helps.
Windows 7 Clients intermittently fail to apply group policy at startup
http://support.microsoft.com/kb/2421599
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Deploying software packages to linux
Hello,
Apparantly it is possible to use in SCCM 2012 to do the following things with Linux clients:
-deploy software to linux using packages (not applications)
-install program updates
-install OS updates
Nowhere I can find more about this. I'm currently writing a thesis about SCCM and like to write some more about Linux. I've found about installing sccm agent on linux en running the service on linux, but nothing about deploying packges to linux... Does anyone
have some examples of these 3 things? It would be much appreciated.
kind regardsHi,
In addtion, please refer to the following video:
Supporting Linux, Unix and Mac Clients with System Center 2012 Configuration Manager SP1
http://blogs.technet.com/b/keithmayer/archive/2012/10/30/supporting-linux-unix-and-mac-clients-with-system-center-2012-configuration-manager-sp1.aspx#.UO3hIWbKzq5
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Deploy software packages and applications (roles) to rolebased assets
Hi everybody,
I'm new to SCCM and I need some advice about how to deploy software suites (fixed lists of software packages and applications) automatically to our rolebased assets. Rolebased assets are assets that have predefined software suites or 'roles'. Combinations
of several roles on a single machine are possible. We currently use Altiris NS for our software deployments. The system I have there is as follows.
- regkey on the local machine defining the role(s) for that asset (values are streamed from our CMDB into the local registry)
- dynamic collection for each role based on the value in the regkey
- task assigned to the collection to install the role(s) (a fixed list of packages and applications)
- as stated several roles can be assigned to a single asset
For the deployment of several roles to the same machine we use a in house built solution called Sequence Installer (SQI). SQI keeps track of which role it is installing and will put other roles in a queue. It also has retry and reset functionalities.
In case of failure it will automatically retry from the failed step. We can also manually restart the SQI from the start or from the failed step.
We are planning to migrate towards SCCM 2012 R2 and the purpose is to do as much as possible out-of-the-box. Meaning SQI should become obsolete and replaced by SCCM built-in functionality.
For SCCM, I'm thinking to do it like this: use the regkey to populate a collection for each role and work with a task sequence for the role installation. I'm sure that will work, but perhaps there are far better and simpler ways to do this in SCCM? Furthermore,
I'm afraid SCCM will not be as flexible as SQI when it comes to automatically retrying and/or resuming the installation sequence in case of failure (failures caused by something that doesn't need manual intervention of course, like source corruption,
non-blocking failures, et cetera).
Another way of doing it could be UDA, create a functional user representing each role and assign software to the user. Then link the assets needing a role as primary devices to the user representing the role and pre-deploy the software (in an OSD scenario).
But again, also in this scenario I need the capability to automatically restart and retry failures.
It would be great if I could get some other opinions on the subject, thanks guys!
Kind regards,
Chrisnope, I did not start actual testing of the scenario, and this for several reasons (I'm sure TimDK understands what I'm talking about :-))
- I work at a financial institution where things tend to go very slow (understatement of the year...)
- I have a lab environment but no rights to create AD stuff for example, I have to officialy request these things and that takes time...
- lab environment testing is very high-level (wake-on-lan, 1E nomad testing, et cetera), we'll promote in the near future to our test and development environment where more in-depth testing can be performed
In short, I'm thinking about the concept(s) that can be used, actual testing and playing with it will be for later... I thank everybody for the tips, my goal is to get some thoughts and insights from the experts, one can only learn... I will feedback later
about the what and how and which solution will actually gets implemented.
Regards,
Chris -
Acrobat 9.1 Group Policy Enterprise Deployment
Hey there,
I'm wondering how to properly create an msi based on the new security update for enterprise deployment via gpo.
i found an acrobat 8 doc that specified: msiexec /a "\\network computer\Adobe Acrobat 9.0 Professional\AcroPro.msi" /p "\\network computer\Adobe Acrobat 9.0 Professional\security update\AcroProStdUpd910_T1T2_incr.msp"
but this simply updated and extracted all files...
i'm not overly familiar with packaging acrobat so any help would be great.
even better would be an acrobat 9.1 full msi :)
thanksOne thing to note: Make sure you apply ALL .msp patches to the admin in the correct order!
i.e. You can't just jump to the 9.1.2 patch as they are all INCREMENTAL and have a weird schedule! Sucks, but somehow it makes sense to Adobe. The scheduling and it's explanation can be found here: http://kb2.adobe.com/cps/498/cpsid_49880.html
So, the methodology is:
Make an admin install using the /a switch from msiexec
Expand the patch file from the source to the network share in the correct order, one by one using the /p switch of msiexec, 9.1.0 first then 9.1.2
Create your .mst file via the Customization Wizard
Create your GPO referencing the gpo_ad doc here ( http://www.adobe.com/devnet/acrobat/pdfs/gpo_ad_9.pdf )
Enjoy!
--VTK -
Setting Groups to DynamicUserConfiguration for AppV Package through powershell
Hi All,
I'm trying to set Groups to a package with DynamicUserConfiguration,I'm unable to understand why it is not happening.
Here is what I'm trying
PS C:\Windows\system32> Set-AppvServerPackage -PackageID 1e853f49-9b2c-4e58-8cd1-d25496019134 -DynamicUserConfigurationPath "\\172.18.24.175\Publish\Firefox 9\appv\Firefox9_UserConfig.xml" -VersionID 6e9e47ee-5c38-45a6-b71c-1d96147bbef0
-Groups "domain\groupname"
Set-AppvServerPackage : An unexpected error occurred during processing.
At line:1 char:1
+ Set-AppvServerPackage -PackageID 1e853f49-9b2c-4e58-8cd1-d25496019134 -DynamicUs ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-AppvServerPackage], Exception
+ FullyQualifiedErrorId : ServiceError,Microsoft.AppV.Server.Cmdlets.SetAppvServerPackageCommand
I even tried with file package name
PS C:\Windows\system32> Set-AppvServerPackage -Name Firefox9 -DynamicUserConfigurationPath"\\172.18.24.175\Publish\Firefox 9\appv\Firefox9_UserConfig.xml" -Groups "asdev\administrators"
Set-AppvServerPackage : An unexpected error occurred during processing.
At line:1 char:1
+ Set-AppvServerPackage -Name Firefox9 -DynamicUserConfigurationPath "\\172.18.24. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-AppvServerPackage], Exception
+ FullyQualifiedErrorId : ServiceError,Microsoft.AppV.Server.Cmdlets.SetAppvServerPackageCommand
Can anyone please tell me where am i going wrong ?
Note:Get-help Set-AppVserverPackage -detailed doesn't have complete documentation.
Thanks,
Sumit.Both commands look right - supposed the package was added before to the Management Server.
You could cross-check if the path to the XML files is correct and if you and the machine have permission to access it. Also check if it is 'really' a User Config (and not a deployment config).
Did you try using the Management Console?
Falko
Twitter
@kirk_tn | Blog
kirxblog | Web
kirx.org | Fireside
appvbook.com -
Group Policy Management installation software properties bug found
Hello
In the GPM editor - Software installation Properties - Deployment tab. A deployment option "Install this application at logon" is greyed and can't check it but there is a little trick. Click on "Assigned" and the deployment option "Install
this application at logon" is now able to check or uncheck.
Here are some screenshot
[IMG]http://i62.tinypic.com/2im2ykk.png[/IMG]
[IMG]http://i59.tinypic.com/2ewcwb9.png[/IMG]
My server is Windows Server 2012 Datacenter
I don't know if i posted this thread on wrong section but i just report a problem.Hi,
It seems that it is by design. When you are deploying applications to computers, Assigning is the only option. If you're deploying to user accounts, you can select the deployment type, Assign or Publish, from the shortcut menu.
If you want to change the options "Install this application at logon", you will likely need to change them before applications are correctly Assigned or Published to users.
For more detailed information, please refer to the article below:
Advanced Published or Assigned
http://flylib.com/books/en/4.47.1.89/1/
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Create customized and managed msi package for software installation in gpo
Hello everybody,
I have a many users in a domain and need to install different software on systems ,but each software has it's own
configuration, for example we need to install internet download manager(idm) and want to check mark and define some options in menus .
what's the solution ? or which program is good to create msi package with custom details ?
thanks for replyHi Nima,
>>or which program is good to create msi package with custom details ?
Based on your description, we can try to use Orca.exe to customize .msi package.
Regarding this point, the following thread and articles can be referred to for more information.
Create custom .msi package from existing .msi
https://social.technet.microsoft.com/Forums/windows/en-US/6059d374-8cfc-4229-bca8-93a34aaff314/create-custom-msi-package-from-existing-msi?forum=itproxpsp
Orca.exe
http://msdn.microsoft.com/en-us/library/aa370557(v=vs.85).aspx
Customizing MSI packages with ORCA
http://www.frickelsoft.net/blog/?p=240
Besides, to use group policy to deploy software, the following article can be referred to as reference.
How to use Group Policy to remotely install software in Windows Server 2008 and in Windows Server 2003
http://support.microsoft.com/kb/816102
Best regards,
Frank Shen
Maybe you are looking for
-
What is taking up all the space on the hard drive?
My 500GB iMac is only 18 months old, and only has 115GB available. The two big users of space for me are iTunes, and iMovie, which between them account for 175 to 200GB. But what is taking up all the rest? I have a lot of photos in iPhoto, but am not
-
I can't get InDesign CS3 to export a pdf properly
Hi all, Actually I have resolved the problem but I thought I share with you all. I have done up a booklet in CS2, containing 70 over TIFF images, all of them with clipping path done in Photoshop. In between this project, I upgraded to CS3 from CS2. A
-
How Do I create a Ringtone Using an mp3??
Hi As the topic suggest. How do I create a ringtone using a mp3 instead of buying ringtones from iTunes? Thanks Baz
-
Euro(�) character in JSP -page
I'have a JSP-page where is html-textbox for adding salary wish for the job and the problem is that I can't � character from request! I have to pages. In first one i have form where the text box is and a second one for saving the info to a bean. I hav
-
Slow response of Authorization using ACS4.2
We had encountered a slow respone of command authorization with Cisco 3750 using TACACS+ protocol communicate with Cisco ACS 4.2. When we copy and paste more than 20 command lines, it is required more than 15s to complete and sometimes with "authoriz