This tutorial will describe how to deploy a MSI on multiple machines by using Group Policy.
- Methods of deployment
- Create a distribution point
- Create a Group Policy Object
- Assign a MSI package
- Publish a MSI package
- Redeploy a MSI package
- Remove a MSI package
Methods of deployment
Group Policy supports two methods of deploying a MSI package:
- Assign software - A program can be assigned per-user or per-machine. If its assigned per-user, it will be installed when the user logs on. However, if its assigned per-machine then the program will be installed for all users when the machine starts.
- Publish software - A program can be published for one or more users. This program will be added to the Add or Remove Programs list and the user will be able to install it from there.
Create a distribution point
The first step in deploying a MSI through GPO is to create a distribution point on the publishing server. This can be done by following these steps:
- log on to the server as an Administrator user
- create a shared network folder (this folder will contain the MSI package)
- set permissions on this folder in order to allow access to the distribution package
- copy the MSI in the shared folder
In the shared folder you can also perform an administrative install
for a MSI package contained by an EXE bootstrapper.
Create a Group Policy Object
A MSI package is deployed (distributed) through GPO as a Group Policy Object. In order to create an object for your package, you can follow these steps:
- click on the Start button, go to Programs, select Administrative Tools and then select Active Directory Users and Computers
- right-click your domain name in the console tree and select the Properties context menu
- select the Group Policy tab and click New
- set the name of the policy (for example MyApplication)
- click Properties and select the Security tab
- check the Apply Group Policy checkbox only for the groups to which the policy will be applied
- click on the OK button
Assign a MSI package
A package can be assigned per-user or per-machine. Also, if the package is assigned, it will automatically be installed silently. In order to assign a package you can follow these steps:
- click on the Start button, go to Programs, select Administrative Tools and then select Active Directory Users and Computers
- right-click your domain name in the console tree and select the Properties context menu
- go to the Group Policy tab, select the object you want and click Edit
- expand Software Settings under Computer Configuration
- right-click Software Installation, select the New context menu and then click on Package
- in the Open dialog type the full UNC path of the shared package you want to assign
- click on the Open button
- click on Assigned and then click OK (the package will be added to the right pane of the "Group Policy" window)
- close the Group Policy snap-in, click OK and exit the Active Directory Users and Computers snap-in
- when the client computers start, the assigned package will be installed automatically
Do not use the Browse button in the
Open dialog to access the UNC location. Make sure that you
use the UNC path to the shared package.
Publish a MSI package
When using Group Policy, you can publish a package in order to allow the target user to install it by using Add or Remove programs. The steps for publishing a package are:
- click on the Start button, go to Programs, select Administrative Tools and then select Active Directory Users and Computers
- right-click your domain name in the console tree and select the Properties context menu
- go to the Group Policy tab, select the object you want and click Edit
- expand Software Settings under User Configuration
- right-click Software Installation, select the New context menu and then click on Package
- in the Open dialog type the full UNC path of the shared package you want to publish
- click on the Open button
- click on Publish and then click OK (the package will be added to the right pane of the "Group Policy" window)
- close the Group Policy snap-in, click OK and exit the Active Directory Users and Computers snap-in
- test the package:
- log on to the target computer
- click on the Start button and go to Control Panel
- double-click the Add or Remove programs applet and select Add New Programs
- in the Add programs from your network list select the program you published
- use the Add button to install the package
- click OK and then Close
Do not use the Browse button in the
Open dialog to access the UNC location. Make sure that you
use the UNC path to the shared package.
Redeploy a MSI package
Sometimes you may need to redeploy a package (for example when doing an upgrade). For redeploying a package you can follow these steps:
- click on the Start button, go to Programs, select Administrative Tools and then select Active Directory Users and Computers
- right-click your domain name in the console tree and select the Properties context menu
- go to the Group Policy tab, select the object you used to deploy the package and click Edit
- expand the Software Settings element (per-user or per-machine) which contains the deployed package
- expand the Software Installation element which contains the deployed package
- right-click the package in the right pane of the Group Policy window
- select the All Tasks menu and click Redeploy application
- click the Yes button for reinstalling the application wherever it is installed
- close the Group Policy snap-in, click OK and exit the Active Directory Users and Computers snap-in
Remove a MSI package
Group Policy also allows you to remove packages which have been deployed in the past. Here are the steps for removing a package:
- click on the Start button, go to Programs, select Administrative Tools and then select Active Directory Users and Computers
- right-click your domain name in the console tree and select the Properties context menu
- go to the Group Policy tab, select the object you used to deploy the package and click Edit
- expand the Software Settings element (per-user or per-machine) which contains the deployed package
- expand the Software Installation element which contains the deployed package
- right-click the package in the right pane of the Group Policy window
- select the All Tasks menu and click Remove
- select from the following options:
- Immediately uninstall the software from users and computers
- Allow users to continue to use the software but prevent new installations
- click the OK button to continue
- close the Group Policy snap-in, click OK and exit the Active Directory Users and Computers snap-in
- Introduction
- Using Advanced Installer
- Features and Functionality
- Tutorials, How To's, Q&A
- Tutorials
- Simple Installation
- Professional Installation
- Other Languages
- New Language
- Patch Authoring
- Java Product Installation
- Java Service Installation
- Using The Updater
- Create a new dialog
- Display a MSI dialog conditionally
- Creating Billboards
- IIS Tutorial
- Using SQL Scripts
- Browse For File
- Repackage Installation
- Multiple Builds
- MSI Import
- ComboBox and ListBox controls
- Deploy a MSI through GPO
- How To's
- FAQ's
- Tutorials
- Windows Installer