A common problem for system administrators is the update of third party programs in business environments.
Sometimes, we can create a simple script that installs the desired application. However if this is not done correctly, it is possible that the application will get installed several times in the same computer resulting in the loss of performance and bandwidth .
It is logical to use Active Directory as it implements group policies for the installation of software.
Let’s see how to install Adobe Reader X through a GPO.
Installing Adobe Reader
Adobe is a free application, but if we want to deploy it on a business environment, we have to request a distribution license. This license is also free.
Once we have our license, we should download the msi package from the following FTP site:
Customization of the Installation Package
Although we can distribute the msi package that we have just downloaded, it is worth it to briefly see how to modify its default behavior.
We can change the way that the msi packages are installed using different modifiers when we install them via command line. However, when we use a Group Policy or GPO the installation is silent, without user interference and we cannot specify these modifiers. If we want to modify the installation process, we have to edit the msi packages with a third party tool or Microsoft ORCA.
Luckily, Adobe simplifies our work and provides us with a configuration wizard for its msi packages. We can find it in this link.
Once it is installed we can open the msi package and modify its installation behavior.
Some of the most interesting options are: Enable Optimization, Enable Caching, choose how to Run Instalation, Suppress reboot,
suppress display of EULA when the user opens the program for the first time,
or remove the direct access from the desktop or the Start Menu.
We also have an Editor which we can change any possible value of the msi package. Here I recommend that you disable the Adobe Services Update as we will be updating Adobe reader through a GPO manually. To do this we look for the Install Service value and change the StartType field value to 4.
Once all the changes are done we save the package.
If we get an error showing that the Setup was not found, we have to create an empty text file in the folder where the msi package is stored.
If we look at the folder we can see a file with mst extension. This file has the modifications that we have done with the msi package.
Our msi package path has to be accessible for all the computers in the domain. It is best that this package is in a shared network unit with read only attributes for all the users.
To create the policy we have to open the Group Policy Management Console in the domain controller and create a new policy. Then we edit this policy and search for the next path:
Computer Configuration => Policies => Software Settings => Software Installation.
Then right click => New => Package…
We search for the package in the shared folder and then we click Open.
We can choose two ways for the software implementation. Published is used when we create this policy by User. The application will be not installed, but is available for the user to install by using Add or Remove Programs in Control Panel. In the Assigned however the package will be installed without any user interaction.
If we have make modifications over the msi package we should click on Advance so we can load the mst file. To do so, we have to go to Modifications and then Add… We look for the mst file and then click Open.
In a few seconds we will see how the package has been added to the package list to install.
If you want to test the new policy you can update the Group Policies by typing the command “gpupdate /force” both in the domain server and in the computer where we want the program to be installed. Then if you restart that computer you can see how Adobe Reader has been installed with the desired modifications.
VERY IMPORTANT, the language of Adobe Reader has to match the language of Windows installed on that computer. If for any reason we want to use a different language we have to right click over the package, Properties => Implantation => Advanced Options… and then check the box Ignore Language When Deploying This Package.
CÓMO: Utilizar Directiva de grupo para instalar software de forma remota en Windows 2000 - http://support.microsoft.com/kb/314934/es