Advertised Shortcuts and GPO Deployment
I have an application that I need to deploy to users in my organisation. Our standard method of deployment is Active Directory GPO. User deployment based on advertised shortcuts.
This particular application is a vendor supplied MSI that I am trying to edit through a Transform. The msi has 3 features, the parent and 2 children with a number of child features under each.
The steps I have taken thus far:
1) Enable Advertising (set to None) on the Parent Feature and the Child Feature where the .exe lives.
2) Ensured .exe file is the component Key Path
3) Changed the Shortcut to point to the Feature (Child Feature)
When I log in as my test user who the GPO is Assigned I get no shortcut in my start menu. The GPO is working correctly as the Application shows up as an available application to install from network through Add/Remove programs.
Does anyone have any ideas?
This particular application is a vendor supplied MSI that I am trying to edit through a Transform. The msi has 3 features, the parent and 2 children with a number of child features under each.
The steps I have taken thus far:
1) Enable Advertising (set to None) on the Parent Feature and the Child Feature where the .exe lives.
2) Ensured .exe file is the component Key Path
3) Changed the Shortcut to point to the Feature (Child Feature)
When I log in as my test user who the GPO is Assigned I get no shortcut in my start menu. The GPO is working correctly as the Application shows up as an available application to install from network through Add/Remove programs.
Does anyone have any ideas?
0 Comments
[ + ] Show comments
Answers (9)
Please log in to answer
Posted by:
aogilmor
15 years ago
generate a verobse log, and see what ALLUSERS property is set to (should be 1 or 2), check the event viewer, make sure app installed successfully
Posted by:
B.Stobbs
15 years ago
ORIGINAL: aogilmor
generate a verobse log, and see what ALLUSERS property is set to (should be 1 or 2), check the event viewer, make sure app installed successfully
Thanks for the quick reply, however I'm not sure how to generate a verbose log for an application deployed from GPO as the "install" has not yet been done and should only present the entry points to the application ie. Advertised Shortcuts/File associations etc. Unfortunately with this application there are no file associations so can only rely on the advertised shortcut to initiate the install - which as previously stated doesn't present itself.
The Event log states that the assignment of the application has succeeded.
Posted by:
aogilmor
15 years ago
for verbose log add this bit to the GPO that installs it, /l*v <path to log file>
sounds like you're trying to initiate an "install on first use" type of situation? if that's the case not sure how to resolve as I've never deployed apps that way but if it's not installed (just assigned) seems like more of a GPO problem than a Windows installer/packaging problem, as the app at this point is not installed on the workstation. Correct?
sounds like you're trying to initiate an "install on first use" type of situation? if that's the case not sure how to resolve as I've never deployed apps that way but if it's not installed (just assigned) seems like more of a GPO problem than a Windows installer/packaging problem, as the app at this point is not installed on the workstation. Correct?
Posted by:
B.Stobbs
15 years ago
ORIGINAL: aogilmor
for verbose log add this bit to the GPO that installs it, /l*v <path to log file>
sounds like you're trying to initiate an "install on first use" type of situation? if that's the case not sure how to resolve as I've never deployed apps that way but if it's not installed (just assigned) seems like more of a GPO problem than a Windows installer/packaging problem, as the app at this point is not installed on the workstation. Correct?
Again, I thank you for your quick response and advice, however I'm aware if the /l*v option, however I have never heard of this being used in a GPO deployed scenario.
Yeah, I am trying to initiate an "install on first use" situation, and you are quite correct the package has not been installed at this point, only assigned. As stated the GPO is working as the application is available to install to the user through add/remove programs. However, this would cause another issue as this initiates an install with ALLUSERS=0 (as per MS design) which is not an option for this application.
The issue is most definitely with the package as the Advertised Shortcut is not displayed in the Start Menu as it should be if the package was correct in an "assigned"/"install on first use" scenario. I suspect that the issue is due to the Vendor MSI having disabled advertising and not having any advertised shortcuts. So what I am looking for is advice on how to transform this into a package that suits this type of deployment using an MST file.
Posted by:
jmcfadyen
15 years ago
have a read of this.
all you wanted to know about logging and more rubbish that may or may not interest you
http://johnmcfadyen.spaces.live.com/blog/cns!9DD01136FC094724!213.entry
all you wanted to know about logging and more rubbish that may or may not interest you
http://johnmcfadyen.spaces.live.com/blog/cns!9DD01136FC094724!213.entry
Posted by:
anonymous_9363
15 years ago
At my current client, John's web page is blocked so forgive me if my response repeats anything.
The simplest route is to enable the 'MSI Logging' policy! You can do that long-hand (as it were) using the editor or just import a .REG contain these lines:
Remember to turn the policy off when you're done.
Lastly, coming to the actual issue, if the log shows that the transform is being applied (I suspect that it's not), you're probably a victim of what I have come to call GP's "OFI" feature (as in, "Oh, f**k it"), where everything looks like it should work but it just doesn't. In these situations, I have given up doing a 'Redeploy package' (whose functions seems to me to be simply to clutter up SysVol with advertising scripts). Nowadays, I just remove the GPO (not just the link, the GPO itself) and start again. A pain, if you have lots of delegations, but the most efficient route.
[Mods, forgive the disguised profanity but anyone who's worked for even the shortest time with GP will completely identify with the sentiment...]
The simplest route is to enable the 'MSI Logging' policy! You can do that long-hand (as it were) using the editor or just import a .REG contain these lines:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer]
"Logging"="voicewarmup" Remember, though, that this is an "all or nothing" policy so everything - including any others apps being advertised - gets logged. Logs end up in %SystemRoot%\TEMP (not %TEMP%) and are named with a prefix 'MSI' followed by 4 to 6 random alpha-numeric characters and a '.LOG' extension. I use FIND to locate the one I'm interested in (as it's generally an order of magnitude faster than the Windows Search joke...), specifying some unique text (normally the ProductCode) as the search term.Remember to turn the policy off when you're done.
Lastly, coming to the actual issue, if the log shows that the transform is being applied (I suspect that it's not), you're probably a victim of what I have come to call GP's "OFI" feature (as in, "Oh, f**k it"), where everything looks like it should work but it just doesn't. In these situations, I have given up doing a 'Redeploy package' (whose functions seems to me to be simply to clutter up SysVol with advertising scripts). Nowadays, I just remove the GPO (not just the link, the GPO itself) and start again. A pain, if you have lots of delegations, but the most efficient route.
[Mods, forgive the disguised profanity but anyone who's worked for even the shortest time with GP will completely identify with the sentiment...]
Posted by:
jimmyx
15 years ago
I had a similiar problem with an application (SPSS) not supporting advertised shortcuts on a previous version I had to re-package the MSI, which unsurprsingly caused a lot of problems. So the best option for the latest version was for us to move to a per-machine install to the relevant workstation security group which has worked well.
If it has to be a per-user install could you not have it install at logon?
If it has to be a per-user install could you not have it install at logon?
Posted by:
aogilmor
15 years ago
ORIGINAL: aogilmor
for verbose log add this bit to the GPO that installs it, /l*v <path to log file>
sounds like you're trying to initiate an "install on first use" type of situation? if that's the case not sure how to resolve as I've never deployed apps that way but if it's not installed (just assigned) seems like more of a GPO problem than a Windows installer/packaging problem, as the app at this point is not installed on the workstation. Correct?
Again, I thank you for your quick response and advice, however I'm aware if the /l*v option, however I have never heard of this being used in a GPO deployed scenario.
Nor have I, but it's part of Windows installer natively so it must be possible. If GPO won't allow command line options you can make logging part ot the MSI or MST. Google MsiEnableLog or logging policy site:microsoft.com, you'll get some hits on how to to this.
Yeah, I am trying to initiate an "install on first use" situation, and you are quite correct the package has not been installed at this point, only assigned. As stated the GPO is working as the application is available to install to the user through add/remove programs. However, this would cause another issue as this initiates an install with ALLUSERS=0 (as per MS design) which is not an option for this application.
OK now you're losing me. Never heard of setting ALLUSERS to 0. http://msdn.microsoft.com/en-us/library/aa367559.aspx
The issue is most definitely with the package as the Advertised Shortcut is not displayed in the Start Menu as it should be if the package was correct in an "assigned"/"install on first use" scenario. I suspect that the issue is due to the Vendor MSI having disabled advertising and not having any advertised shortcuts. So what I am looking for is advice on how to transform this into a package that suits this type of deployment using an MST file.
Very easy way to tell if it's the package or not: if you double click the MSI does it install and work? If so, it's the GPO. If not, it's the package. Good luck and let us know what you find!
Posted by:
nheim
15 years ago
Hi Owen,
a few comments on your answers:
Command lines are indeed not possible on GPO installs. The only way to switch on logging, is the solution, Ian gave in post #7.
However, beginning with WI 4.0, an "MsiLogging" property is available to do it.
See: http://msdn.microsoft.com/en-us/library/aa370322(VS.85).aspx
It's not that easy, i am afraid. IMHO, a lot of MSI builders switch of advertising, because they do stuff, which would not run under it. Apparently, this was the case with the app, Brent is fighting right now. The most common issues are actions outside of the Installer Script, which need elevated privileges.
Another classic one, which is a showstopper for GPO-installs, is a wrong or multiple language identifier(s) in the Summary Information field. See the Quicktime KB for that one.
@Brent: Have a look at this website here: http://isg.ee.ethz.ch/tools/realmen/
This folks have a lot of experience on user based GPO installs and documented quite a few things on it.
Regards, Nick
a few comments on your answers:
If GPO won't allow command line options you can make logging part ot the MSI or MST. Google MsiEnableLog or logging policy site:microsoft.com, you'll get some hits on how to to this.
Command lines are indeed not possible on GPO installs. The only way to switch on logging, is the solution, Ian gave in post #7.
However, beginning with WI 4.0, an "MsiLogging" property is available to do it.
See: http://msdn.microsoft.com/en-us/library/aa370322(VS.85).aspx
Very easy way to tell if it's the package or not: if you double click the MSI does it install and work? If so, it's the GPO. If not, it's the package.
It's not that easy, i am afraid. IMHO, a lot of MSI builders switch of advertising, because they do stuff, which would not run under it. Apparently, this was the case with the app, Brent is fighting right now. The most common issues are actions outside of the Installer Script, which need elevated privileges.
Another classic one, which is a showstopper for GPO-installs, is a wrong or multiple language identifier(s) in the Summary Information field. See the Quicktime KB for that one.
@Brent: Have a look at this website here: http://isg.ee.ethz.ch/tools/realmen/
This folks have a lot of experience on user based GPO installs and documented quite a few things on it.
Regards, Nick
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.