Tuesday, August 18, 2015

Multiple ways to Install Software remotely on Windows - Method 1 Group Policy

Multiple ways to Install software remotely
Multiple ways to Install Software remotely on Windows - Method 1 Group Policy
Multiple ways to Install Software remotely on Windows - Method 2 Third party softwares

Multiple ways to Install Software remotely on Windows - Method 3 Command line PSEXEC tool
Multiple ways to Install Software remotely on Windows - Method 4 WMI (Windows Management Instrumentation)
Multiple ways to Install Software remotely on Windows - Method 5 PowerShell Remoting 
Multiple ways to Install Software remotely on Windows - Method 6 PowerShell DSC (Desired State Configuration)  
Multiple ways to Install Software remotely on Windows - Method 7 Copy Portable applications 
Multiple ways to Install Software remotely on Windows - Method 8 Task scheduler 
 
There are multiple way you can install software remotely, One of the method is Group Policy its very easy if you want to manage deployment of softwares on multiple systems. But the requirement is all the systems needs to join to the AD domain.

It doesn't require any extra setup if system is in domain, you have to just create a group policy and Software package, once done link it to appropriate Computer OU or your entire domain (Here I will be creating software package in computer node) and you are done.

Below is the step by step method for the same.

First thing first, Keep your application on shared location, This shared file should have Authenticated users (Read permissions) added to Share and Security tab.

Here I have created folder C:\Softwares on my AD (Hostname AD001), and these are the permissions given. these are permissions on sharing tab, now my shared location is \\AD001\Softwares. Under this location I am going to keep my softwares. This step is essential
Next is security permissions here add Authenticated users. Now you are all set as first phase, from this centralized location Group policy will push application on machines.
Next phase I will be coping software files (MSI) on this share and test it installing by command line to check whether it is getting installed unattended and no human intervention is required while installation.
Open command prompt with as an administrator, and run below command to check you have correct MSI file. (Change shared file location as per your need)

msiexec.exe /i "\\AD001\Software\NotepadPlusPlus\NotepadPlusPlus679.msi" ALLUSERS=1 /qn /norestart /log c:\temp\output.log
Open Group Policy management go to Group Policy Object, Right Click and create new Policy. My policy name is Software_NotepadPlusPlus, Right click and edit it.
Under Computer Configuration > Policies > Software Settings > Software installation > right click and create new package
It will pop up new windows and ask for the MSI file location, provide here shared application path \\AD001\Software\NotepadPlusPlus.msi
 Keep it assigned click ok.
Once the package is configured. You are done, close this policy and link it to corresponding computer OU.
Link Software policy  and restart your computers.
It will required reboot see changes on computers, Notepad++ will be installed on computers on next reboot. What I found is when deploying (assigning ) application through Group Policy it can slow down log-in process as it is waiting to application get installed. and also inventory is hectic if you want to rectify if any server missed in this process. Just think what will happen if you you are deploying (assigned) Microsoft office.
To cross verify open command prompt as administrator, type and run GPRESULT /R /scope computer to see software policy is applied. Its very easy and automated.
In my next blog I will be using some third party software to install softwares remotely. 
Multiple ways to Install Software remotely on Windows - Method 2 Third party softwares (PDQ Deploy)

2 comments:

Unknown said...

I think Group Policy is a poor choice here:
- Group Policy would not work if computers are not on local network (e.g. remote laptops).
- Group Policy does not provide any feedback - was installation successful or not
- Group Policy requires that all computers should be in Active Directory domain

There are plenty of products on the market, but make sure you are choosing a cloud-based product. If you do not, you most likely will be able to uninstall software only on the computers connected to local network (and what about remote laptops?).

Few options I would recommend:

1. action1.com - they have free edition and provide pretty good endpoint configuration reporting in addition to software deployment functionality.
2. pdq.com - they provide a lot of features in regards to software deployment, but they are not cloud and the user interface seems little bit overloaded.
3. quest.com - their offering is pretty solid and they do it for many-many years - I would name them an established leader, but might be too costly.

Anonymous said...

1. Group policy DOESN'T require to be on "local network" from the moment one uses VPNs (= virtual private network)
this is the exact reason why VPNs exists, users can access their local data over Internet, and every computer on Internet can download and install the software. Some VPNs offer to login when the computer is booting also for "Computer-targeted" GPOs.
2. Group policy doesn't provide feedback indeed. It is possible to generate reports on remote computers, easily witouth GPOs ; indeed WMI via "wmic.exe" one can easily mass report on every software installed on every computer on a network. But the result is not "centralised" as with a dedicated tool.

Now, indeed :

GPOs require an Active Directory, and GPOs doesn't have instant reporting on installation success, and last but not least, the download time can be insane (no real network optimisation for heavy software), and booting time can be insane also. But this blog post was more of a proof of concept I see.