The problem is I'm supporting ~200
systems, and some have the new version of the software, and some have
the old version. I'm trying to keep from running around to all the
systems and uninstalling/installing anything. I want to do this via
the GPO. Since the old version was not installed with the GPO, I have
to use a logon script to uininstall the old version. The new version
that SOME systems have, also weren't installed with a GPO, so i have to
use the logon script to uninstall those as well.

So here is what I need to do, IN THIS ORDER.

Logon script to uninstall old version of software <--I know how to do
Logon script to uninstall new version of software <--I know how to do
that too
Logon script to THEN invoke the Published Package of the new version to
install. <--THAT'S what I need to know how to do if it's possible.

I can easily program the logon script to install the new version, but
then for the future, I wouldn't have any control over it with the GPO.
So I want the logon script, instead of just starting the installation
by pointing to the exe or msi file, I want it to kick off the Published
Package install (which is normally done by going to add/remove

Any ideas? Thanks
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


One idea, a little circuitous perhaps but:

create AD group "ThingymaJiggers"
put ThingymaJiggers in scope of GPO that pushes your app as ASSIGNED (with Uninstall When Out of Scope option checked)
open up permissions on this group for anyone to add a computer to it.

GPO that pushes your script is denied to members of ThingymaJiggers
your script:
1) uninstalls old version if present
2) uninstall new version if present
3) adds computer to ThingymaJiggers
4) appends ComputerName to a network located TXT file that anyone can write to
5) message window recommending reboot computer to receive app

Finally, when your TXT file has your 200 odd computers in it then kill the GPO that pushes the script.
Answered 10/27/2006 by: fosteky
Purple Belt

Please log in to comment
Daaaaayumn. That's a great idea! I'll have to test that out next week and see how it goes!

I'll let you know if it worked, but to me it looks like it will.
Answered 10/27/2006 by: shootist321
Senior Yellow Belt

Please log in to comment
Hmm, haven't tested it yet, but just thinking and researching. Currently the net group command can only be run by Domain Admins. You seem to point to the fact that we can set permissions to allow that command to be run by normal users, but only allow them to add themselves to a certain group only?

Help me out here =)
Answered 10/27/2006 by: shootist321
Senior Yellow Belt

Please log in to comment
possible solutions:
put ThingyMaJiggers in a seperate OU that you're comfortable delegating out rights to peons
or alternatively:
include in youir VBscript credentials that can add to the group in question. Consider using PrimalScript Enterprise to compile your VBS to EXE, or SCRENC.exe to encrypt to VBE for added protection, and ensure hardcoded credentials can't really do much else in your AD.
Answered 10/27/2006 by: fosteky
Purple Belt

Please log in to comment
Hi Shootist,
why not use simple wrapper MSI to uninstall those old exe-style apps?
You could author 2 Custom Actions into your new MSI-Style installation to do the job (or just create a MST).
Or just use 'Windows Installer Wrapper Wizard'
This would also solve the problems with the need for admin rights to run your logon scripts.
A MSI installed by a machine GPO runs in the SYSTEM security context and has enough rights to do the job. You need to have the command line for a silent uninstall, but thats the same with a logon script, i guess.
Hope this gives you some more ideas.
Regards, Nick
Answered 10/28/2006 by: nheim
Tenth Degree Black Belt

Please log in to comment
BTW thanks for all the info. I couldn't get it to work, so instead, (since we are still just a mid-sized company), I have a RTF file with screenshotted instructions on how to go to control panel, add/remove, add program, click add..

I have a new post with a new problem I'm facing now.

Just wanted to say thanks for the help.
Answered 11/09/2006 by: shootist321
Senior Yellow Belt

Please log in to comment