Deployment via GPO

Updated 8 months ago by admin

These instructions are specific to Windows Server 2008r2, however the steps should be similar for later versions as well. Please contact your server administrator for further assistance.
  1. Create a transform file, following the same process as creating a custom MSI installer.
  2. Copy the transform file and the installer to an accessible directory on the domain controller.
If an accessible directory doesn't exist, you'll need to create one. In the screenshot below, for example, we're using a shared drive. That might not be suitable for your configuration (as the transform will be visible to standard users). You should configure your own accessible directory to suit your requirements.
  1. From the Server Manager page, open Active Directory Users and Computers. Expand the tree and select the Users container. Create a new group in here, and give it a sensible name such as Silent install of USS agent.
  1. Since we will be installing the agent only onto specific devices, we need to add the devices we need into the security group. Locate the devices you want to install in the active directory, and add them to the group you created.
You can also add specific users into the security group, but adding devices is the simpler and usually more reliable option.
  1. Return to the Server Manager, and open Group Policy Management. Right-click on the domain, and select Create a GPO in this domain, and Link it here ... .

Give the new GPO a sensible name, and click OK.

Your newly-created GPO will now appear in the group policy tree:

  1. Right-click on the new item, and select Edit. Expand Computer Configuration Policies Software Settings.

Right-click Software Installation and select New Package.

In the dialog box that follows, enter the network path to the package.

It's crucially important to enter the network path directly here. Do not browse to the package using the dialog box.

In the next dialog, select Advanced.

Switch to the Deployment tab, and ensure that Uninstall this application when it falls out of the scope of management is checked. This will allow the Cloud Link software to be uninstalled when the GPO is deleted.

Click Advanced (on the Deployment tab), and ensure that Ignore language when deploying this package is checked. This will avoid any problems with non-enGB locales on remote computers.

Switch to the Modifications tab, and click Add. Enter the UNC path to the transform file you created earlier using Orca.

Once again, it's crucially important to enter the network path directly here. Do not browse to the package using the dialog box.

The group policy has now been defined. Close the group policy editor to go back to the Group Policy Management Editor. Click the new group policy, and remove anything that's already been added to the Security Filtering section. Replace it with the new group you created earlier.

  1. Test that the new GPO works, by opening a command prompt with elevated permissions on one of the machines in the new group. At the prompt, enter
gpupdate /force /boot
You may have to run this command twice.

The PC will reboot.

The USS agent is now deployed.

Troubleshooting

error 1274

Problem

The installation fails, and Group Policy Manager shows this error:

Solution

Right-click the group policy, and select Edit. This will open the group policy for editing. Expand Computer Configuration Administrative Templates System Logon. Ensure that the option Always wait for the network at computer startup and logon is Enabled. This will force the computer to wait until the shared location is visible to the PC before running. Then, open an elevated command prompt and enter

gpupdate /force /boot


How did we do?