How to Deploy an EXE File via Group Policy Using PowerShell
Group Policy Objects (GPOs) are a powerful feature of Windows environments that enable administrators to control and configure operating systems, programs, and user settings across a network.
While GPOs natively support the deployment of MSI, you may need to install software only available as an EXE file.
Since GPOs do not directly support EXE deployment, using a PowerShell script is a practical workaround.
In this article, we will explain how to deploy an EXE file, specifically the VLC media player, using a PowerShell script in a Group Policy.
Designing the PowerShell Script
The first step is to write a PowerShell script to determine if VLC is installed on the target computer. If VLC isn’t found, the script installs it silently from a network share.
This script automates the installation process, ensuring that VLC is silently installed on all computers in the specified organizational unit (OU) without requiring any manual intervention.
Here’s what the script looks like:
$vlcPath = "C:\Program Files\VideoLAN\VLC\vlc.exe"
if (!(Test-Path $vlcPath)) {
$vlcInstallerPath = "\\YourNetworkShare\VLC\vlc-3.0.11-win64.exe"
Start-Process -FilePath $vlcInstallerPath -ArgumentList "/silent" -Wait
}This simple script automated the installation of VLC by checking for its presence in the default installation directory. If it's not found, it runs the installation from a network share silently.
You can use whatever scripting language you wish, in this case, we went with PowerShell.
Configuring the UNC Network Share
Before deploying the script, ensure you have a properly configured network share where the VLC installer is stored.
It's essential to secure the network share by following best practices to protect it from unauthorized access. To do this:
1. Go to Advanced Sharing on the network share.
2. Select Permissions.
3. Remove the Everyone group.
4. Add the Domain Computers and Domain Users groups to ensure that only authenticated users and computers within your domain have access to the installer.
Setting Up GPO for Deployment
Once the network share is set, configure the GPO to deploy the PowerShell script to your chosen organizational unit (OU).
Follow these steps:
1. Open the Group Policy Management Console and go to User Configuration > Windows Settings > Scripts (Logon/Logoff).
2. On the right side, select "Logon" and then PowerShell Scripts, or Scripts if you're using a batch file.
3. Click the Add button, and browse to the location where you want to save the script. Copy and paste the.ps1 file into this window.
4. Ensure the path remains unchanged because it’s the path of the GPO and the script must be copied to this specific location. Your path will be different from mine, but the principle is the same.
Conclusion
Although GPOs traditionally support only MSI file deployments, by following the above steps, you will be able to deploy EXE files across your network.
Installing EXE files from a network share with a PowerShell script is a practical alternative to the widely used GPO deployment of MSI files.
This approach involves creating a script that uses Group Policy to deploy the script, secure your network share, and check for and install the software. By following these steps, you can ensure that all necessary applications are installed across your network quickly and securely.
Stay updated with more tips, tutorials, and best practices for managing software deployments and Windows environments.
Subscribe to the Advanced Installer Blog Newsletter.
Written by
Alex Marin
Application Packaging and SCCM Deployments specialist, solutions finder, Technical Writer at Advanced Installer.