MSI COMMAND LINE ARGUMENTS
Server: Windows 2003 SBS with all updates applied.
Clients: Windows XP SP2 with all updates applied.
I have an MSI built using InstallAware which works fine when run on the XP SP2 client.
I add the MSI to GPO and assign to the computer. I find the installer actually installs to the server as soon as OK is clicked as well as the client after which I have to go into ADD/REMOVE to remove from the server. So I put code in the MSI to try and tell it only to install where the OS = XP, reporting to a logfile, and the logfile always says it is running WIN2003. I believe this is because the GPO pushes to the client and not the other way around.
I have reported this to InstallAware and they sort of agree it may be a bug in their code. But they have suggested I should interrogate the machine being installed upon by use of a command line argument. But, as far as I am aware, there is no such facility in the GPO installer to add a MSI with command line options other than through a MST file.
Am I correct?
Thanks - John
Clients: Windows XP SP2 with all updates applied.
I have an MSI built using InstallAware which works fine when run on the XP SP2 client.
I add the MSI to GPO and assign to the computer. I find the installer actually installs to the server as soon as OK is clicked as well as the client after which I have to go into ADD/REMOVE to remove from the server. So I put code in the MSI to try and tell it only to install where the OS = XP, reporting to a logfile, and the logfile always says it is running WIN2003. I believe this is because the GPO pushes to the client and not the other way around.
I have reported this to InstallAware and they sort of agree it may be a bug in their code. But they have suggested I should interrogate the machine being installed upon by use of a command line argument. But, as far as I am aware, there is no such facility in the GPO installer to add a MSI with command line options other than through a MST file.
Am I correct?
Thanks - John
0 Comments
[ + ] Show comments
Answers (4)
Please log in to answer
Posted by:
nheim
17 years ago
Hi John,
your on the wrong path here!
This is done by giving the GPO permissions to be installed on a particular group of machines.
That means you alter the security tab of the GPO and give the "Apply group policy" permission to the computer accounts that should receive this GPO.
Best practice is, to set up a security group e.g. 'GPO-MySoftware' and put all the machines which need to receive it, into it. After that you go to the GPO' security tab and assign this group to the "Apply group policy" permission as the only one.
Regards, Nick
your on the wrong path here!
This is done by giving the GPO permissions to be installed on a particular group of machines.
That means you alter the security tab of the GPO and give the "Apply group policy" permission to the computer accounts that should receive this GPO.
Best practice is, to set up a security group e.g. 'GPO-MySoftware' and put all the machines which need to receive it, into it. After that you go to the GPO' security tab and assign this group to the "Apply group policy" permission as the only one.
Regards, Nick
Posted by:
JXBURNS
17 years ago
Nick,
Sorry I should have been more specific. The clients are in the security OK already and I have added many other non-InstallAware packages this way without problems based upon security groups of specific clients.
The problem here is that as soon as the package to install is selected (i.e. when OPEN is clicked on the open dialog screen), the package is installed by the server immediately before it appears in the list of packages. When the client is eventually restarted, then the installer is applied to those systems as well.
In the MSI I have specifically said only install if a XP box but reading the log files this never is true as it always returns WIN2003. The same applies even if run on a non-SBS WIN2003 server so it appears to be the InstallAware package that is causing it. Since writing, they have now confirmed they have not really tested their software in this area but they also have had 6 other persons having the same problem so I am not alone. They also state they don't know if they can fix it.
I was just hoping I could add some sort of command line variable to specifically tell the system do not install on the server which could be passed to the MSI and from that I could have code that would say 'if server then do nothing'. But I get the feeling there is something more fundamental in view the software is installed on server even before it appears in the GPO ready for modifications to be applied if need be to the settings.
I would be interested if others using InstallAware packages have seen the same symptoms.
Thanks - John
Sorry I should have been more specific. The clients are in the security OK already and I have added many other non-InstallAware packages this way without problems based upon security groups of specific clients.
The problem here is that as soon as the package to install is selected (i.e. when OPEN is clicked on the open dialog screen), the package is installed by the server immediately before it appears in the list of packages. When the client is eventually restarted, then the installer is applied to those systems as well.
In the MSI I have specifically said only install if a XP box but reading the log files this never is true as it always returns WIN2003. The same applies even if run on a non-SBS WIN2003 server so it appears to be the InstallAware package that is causing it. Since writing, they have now confirmed they have not really tested their software in this area but they also have had 6 other persons having the same problem so I am not alone. They also state they don't know if they can fix it.
I was just hoping I could add some sort of command line variable to specifically tell the system do not install on the server which could be passed to the MSI and from that I could have code that would say 'if server then do nothing'. But I get the feeling there is something more fundamental in view the software is installed on server even before it appears in the GPO ready for modifications to be applied if need be to the settings.
I would be interested if others using InstallAware packages have seen the same symptoms.
Thanks - John
Posted by:
fosteky
17 years ago
I think you need to ensure that the GPO you're using to deply the MSI has an AD group of your making in it's scope (not All Authenticated Users - as is default for new GPOs), then control what computers are in this group. Or if dealing with many thousands of computers, then look at creating an AD group that will contain just your servers and on the ACL of that GPO set that group to Deny, and use All Authenticated Users in the scope of the GPO.
Are you using GPMC? If not, you should be - it's easier to manage software deployment because of its GPO-centric setup.
If I'm just missing something entirely here and none of the above is of any use, maybe you could leverage the WMI Filter aspect of GPO software deployment.
Make a new WMI filter with values like so:
Namespace:
root\CIMv2
Query:
Select * from Win32_OperatingSystem WHERE Caption="Microsoft Windows XP Professional"
Then use this filter in your GPO to hit only XP machines.
BTW, you are correct, you can't deliver property values with an MSI via GPO (except using scripts portion of GPO). You need to make your MST do what passed in property values do.
Are you using GPMC? If not, you should be - it's easier to manage software deployment because of its GPO-centric setup.
If I'm just missing something entirely here and none of the above is of any use, maybe you could leverage the WMI Filter aspect of GPO software deployment.
Make a new WMI filter with values like so:
Namespace:
root\CIMv2
Query:
Select * from Win32_OperatingSystem WHERE Caption="Microsoft Windows XP Professional"
Then use this filter in your GPO to hit only XP machines.
BTW, you are correct, you can't deliver property values with an MSI via GPO (except using scripts portion of GPO). You need to make your MST do what passed in property values do.
Posted by:
JXBURNS
17 years ago
The Security Filtering is only linked to the AD group for the client computers - Authenticated Users was removed previously. And yes, I am using GPMC.
WMI may well be the answer if InstallAware cannot come up with any fix for their installer in the near future - the more I use their system the more I find it quite flakely. The number of clients is very small and this is SBS so only one server. There is already a filter available called PostSP2 which sort of does the same thing (based upon service pack version and major version) as you suggest except yours is more specific for XP.
The systems are located on ships at sea (not connected to anything ashore) so I have to depend upon non-IT staff to make changes so you will appreciate I want the simplest solution!
Thanks = John
WMI may well be the answer if InstallAware cannot come up with any fix for their installer in the near future - the more I use their system the more I find it quite flakely. The number of clients is very small and this is SBS so only one server. There is already a filter available called PostSP2 which sort of does the same thing (based upon service pack version and major version) as you suggest except yours is more specific for XP.
The systems are located on ships at sea (not connected to anything ashore) so I have to depend upon non-IT staff to make changes so you will appreciate I want the simplest solution!
Thanks = John
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.