# Solved: GPO software install fails



## IBM (Nov 13, 2000)

Hi guys,

I think I'm missing a step with my GPO software push.
I'm trying to assign a ccleaner installation but my test system
boots up without installing the app.

things I've done:
1) converted cleaner.exe to ccleaner.msi using a wrapper program.
(exe to msi converter free)

2) shared out UNC, and set share permissions to ensure domain admins and authenticated users are in the allowed list

3) Tried navigating to shared folder and manual install, it seems to work, I quit the install b4 it completes

4) GPO is linked to OU

5) Created second GPO to disable UAC, allow Admin rights for the install etc.

But each time I reboot the test system, which is my admin system, it boots into windows7 64bit without
installing the application.

I'm currently trying to get eventvwr.msc working, as on my system it is corrupted.
So I can't even look for errors in the event logs. This limits me somewhat but if anyone
has seen this before and has helpful advice I wold greatly appreciate it!!

Thanks


----------



## IBM (Nov 13, 2000)

GPresult:


Applied Group Policy Objects
-----------------------------
N/A

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
CCleaner318
Filtering: Not Applied (Empty)

Default Domain Policy
Filtering: Not Applied (Empty)

Local Group Policy
Filtering: Not Applied (Empty)

GPO and Disable UAC
Filtering: Not Applied (Empty)


Obviously my ccleaner318 GPo is not applied. Question is why?


----------



## IBM (Nov 13, 2000)

Also, GPO was created under computer configuration, not user configuration.
I did this so the application would install once for everyone using the computer rather than
looking to the GPO each time someone else logs in.


----------



## IBM (Nov 13, 2000)

Anyone? .........


----------



## Rockn (Jul 29, 2001)

Can you access the install location after the machine is logged in and install the software manually? Just to test if it will even install across the network. Do you also have the computer object inside of the proper OU you are trying to apply policy to?


----------



## IBM (Nov 13, 2000)

Rockn said:


> Can you access the install location after the machine is logged in and install the software manually? Just to test if it will even install across the network. Do you also have the computer object inside of the proper OU you are trying to apply policy to?


Yes, manual installs work.

I believe so, but I've been trying so many different things
that I may have moved something or forgot to put something back..so I'll double check
the computer object, ou, and gpo are all correctly linked.


----------



## IBM (Nov 13, 2000)

Yes, the GPO is linked to the right OU, and the computer object is in the OU.
GPRESULT shows that the policies are updated successfully, but the GPO I want applied is filtered out.


----------



## IBM (Nov 13, 2000)

btw, I'm not seeing any event viewer errors, it says policies have been applied successfully.


----------



## Rockn (Jul 29, 2001)

Does the computer have full access to the installation point where you install file is located? Entering in the UNC path for the file location brings you to that location without any security issues? I am assuming this is from a Server 2008 server to a Windows 7 workstation.


----------



## IBM (Nov 13, 2000)

Yes to both.
I can manually locate the files and install it.

The GPO applies, and I need to reboot my system for it to take affect, but the 
installer never seems to run. I've looked at Shared permissions and security permissions
and they look correct. Domain users/computers, and authenticated users all have access to read and execute.


----------



## mvirata (Feb 17, 2011)

When I am testing out GPO's that push software I usually test on a couple of VMs. One with our standard workstation with all the apps installed. And another that only has the OS, and nothing else. The clean install ensures no conflicts. I snapshot before applying the GPO, so I can start over any time.

From what I have read it looks like everything should be working, but it's possible there could be conflicting GPO's. Sometimes checking the local security db from an elevated command prompt helps:

esentutl /g %windir%\security\database\secedit.sdb


----------



## IBM (Nov 13, 2000)

Hi,

I was able to successfully install an MSI I downloaded.
Turns out the MSI's I created(using the exe to msi software) don't work
for pushing GPO installs. Now I have to figure out how to convert ccleaner, java, and adobe products
into MSI's. But I'll mark this thread closed and solved. I'll start a new thread if I can't find anything via search.

Thanks for the assistance guys!

p.s
Neat - just learned something new. *esentutl*


----------



## mvirata (Feb 17, 2011)

Java and Adobe should be easy because you can download them as .MSI's. I did them recently and you should have no trouble. Adobe requires you fill out a license to distribute, which is a 5 minute process. Finding the full install .MSI's can be a pain though, thanks to non-intuitive site design.

In the past, I have always been successful with Admin Studio for packaging, but it's not free, and sadly my current company doesn't package software.


----------

