Using Group Policy to deploy GoFileRoom Add-in updates

If you are an administrator, you can use Group Policy to assign or publish applications to users or computers in a domain. This is sometimes referred to as a silent install.

Proceed with the following procedures only after the Active Directory is properly configured and the Domain Name System (DNS) is fully functional on your domain. The most common cause of application deployment issues via Group Policy is an incorrectly configured Active Directory or DNS.

Note: If using Group Policy to deploy an upgrade of the GoFileRoom Add-ins, you will have to implement a policy to perform the removal of the previous version prior to applying the new Add-Ins.

Create an active directory container structure, if necessary

Follow these steps to create an active directory if you have not already done so.

  1. From a Windows-based computer in the domain, log on as a domain administrator, then start the Active Directory Users and Computers snap-in.
  2. From the Active Directory Users and Computers snap-in, right-click the Domain Object and choose New > Organizational Unit from the context menu. Give the organizational unit a descriptive name that relates to the type of account it will contain (Managed Computers or Managed Users, for example).
  3. Move the user or computer accounts to the organizational unit where you will apply the application deployment policy.

Assign an application to a container

Follow these steps to assign a program container.

  1. On a network server, create a folder to hold the Windows Installer package. Share the folder with appropriate permissions to allow the users and computers to read and run these files, then copy the Windows Installer package files to this location.
  2. Obtain the GoFileRoom Add-In installer file (GoFileRoom_Addins.msi) from the temporary installation folder for the GoFileRoom Client setup files.
  3. On a network server, create a folder to hold the Windows Installer package. Share the folder with appropriate permissions to allow the users and computers to read and run these files, then copy the Windows Installer package files to this location.
  4. From a Windows-based computer in the domain, log on as a Domain Administrator, then start the Active Directory Users and Computers snap-in.
  5. From the Active Directory Users and Computers snap-in, right-click the container (Domain or Organizational Unit) that you want to link the Group Policy Objects (GPOs) to, and choose Properties from the context menu.
  6. Click the Group Policy tab, and click the New button to create a new GPO for installing your Windows Installer package. Give the new GPO a descriptive name.
  7. Click the new GPO and click the Edit button. The Group Policy snap-in starts so that you can edit the GPO.
  8. Right-click the Software Settings folder under Computer Configuration or User Configuration and choose New > Package from the context menu.

    Notes:

    • The Software Settings folder under Computer Configuration contains application settings that apply to all users who log on to the computer. This folder contains application installation settings, and may also contain other settings from independent application vendors.
    • The Software Settings folder under User Configuration contains application settings that apply to users regardless of which computer they log on to. This folder also contains application installation settings, and may also contain other settings from independent application vendors.
  9. In the Open dialog box, enter or browse to the Universal Naming Convention (UNC) path to the GoFileRoomAddins.msi file for this package in the File name field, and then click the Open button.

    Note: You must use a UNC path (such as \\servername\sharename\path\filename.msi) if the Windows Installer file resides on the local hard disk. If you use a local path to indicate the location of the installation files, client computers will look for the same local path on their local hard disks. The client computer will not find the installation files by using a local path, and therefore the installation will be unsuccessful. Make sure permissions on the file share where the Windows Installer packages reside allow access to SYSTEM user. It is recommended to have a dedicated share for Windows Installer packages.

  10. In the Deploy Software dialog, do one of the following:
    • Click the Assigned option to specify that the application is deployed as assigned and that default settings are used for deployment properties.
    • Click the Advanced option to specify that you are manually editing the package properties instead of accepting the defaults. You can also choose between assign and publish for the deployment method.

    Note: When prompted to choose between Advanced or Assigned, click Assigned unless you understand how to modify the advanced options.

  11. Click OK. The application package appears in the right pane of the Group Policy snap-in.
  12. Close the Group Policy snap-in in the GPO Properties dialog, click your GPO, then click the Properties button.
  13. Click the Security tab.
  14. Click Authenticated Users in the Group or user names list, then click Remove if you want to apply the application to a Security Group and not all Authenticated Users.
  15. Click Add, select the security group that you want this policy applied to, and then click OK to add the security group to the list.
  16. Select the security group, and then under Permissions for Users, tick the Read Apply Group Policy checkboxes in the Allow column.
  17. Click the Apply button and click OK.
  18. In the GPO Properties dialog , and click Apply and click OK.

    Note: Changes to a GPO are not immediately imposed upon the target computers, but are applied in accordance with the currently valid group-policy refresh interval. You can use the Secedit.exe (or update /force) command-line tool to impose GPO settings on a target workstation immediately.

Setting elevated privileges using Group Policy

Because the GoFileRoom package, like most packages, allows only local administrators of the machine to install the package, IT administrators should use elevated privileges to advertise the package per-machine or per-user in Group Policy.

Administrators can create policies for one user, one computer, or a group of users. If administrators need to enforce a set of policies for one individual, they can create a policy for that user and the policy will be applied when the user logs on.

Follow these steps to set this policy for deploying GoFileRoom.

  1. Click the Start button in the Windows taskbar, then choose All Programs > Accessories > Administrative Tools, and then click Active Directory Users and Computers.
  2. In the console tree, right-click the domain or organizational unit for which you want to set the policy.
  3. Click Properties, and then click the Group Policy tab.
  4. Select a Group Policy Object in the Group Policy Objects Links box and click the Edit button.
  5. Open the Local Computer Policy\Administrative Templates\Windows Component\Windows Installer folder.
  6. In the details pane, double-click the Always install with elevated privileges policy.
  7. In the Group Policy Property dialog box, enable the policy, select the check box to turn the setting on, and then click OK.
  8. Open the User Configuration\Administrative Templates\Windows Component\Windows Installer folder and repeat Steps 6 and 7 in the previous section.
  9. You can use the System Policy Editor and Windows Installer policy to set the Always install with elevated privileges policy. You must set the policy for the computer and for each user. If you choose not to use the Group Policy Editor or the System Policy Editor, you can specify the same setting on each computer by changing a value in the Windows registry.

Was this article helpful?

Thank you for the feedback!