I'm reasonably new to Group Policy administration and I'm trying to deploy an
MSI installer via Active Directory to install a service. In reality, I'm a
software developer trying to test how my service will be installed in a domain
environment.
My test environment:
Server 2003 Domain Controller
About 10 machines (between XP SP3, and server 2008) all joined to my domain.
No real other setup, or active directory configuration has been done apart from
things like getting DNS right. I suspect that I may be missing a step in Group
Policy that says I need to grant an explicit permission somewhere, but I have no
idea where that might be or what it will say.
What I've done:
I followed the documentation from Microsoft in How to Deploy Software via Group
Policy, so I believe all those steps are correct (I used the UNC path, verified
NTFS permissions, I have verified the computers and users are members of groups
that are assigned to receive the policy etc).
If I deploy the software via the Computer Configuration, when I reboot the
target machine I get the following:
When the computer starts up it logs Event ID 108, and says "Failed to apply
changes to software installation settings. Software changes could not be
applied. A previous log entry with details should exist. The error was: An
operations error occurred."
There are no previous log entries to check, which is weird because if it ever
actually tried to invoke the windows installer it should log any sort of failure
of my application's installer.
If I open a command prompt and manually run:
msiexec /qb /i \\[host]\[share]\installer.msi
It installs the service just fine.
If I deploy the software via the User Configuration, when I log that user in the
Event Log says that software changes were applied successfully, but my service
isn't installed.
However, when deployed via the User configuration even though it's not installed
when I go to Control Panel -> Add/Remove Programs and click on Add New Programs
my service installer is being advertised and I can install/remove it from there.
(this does not happen when it's assigned to computers)
Hopefully that wall of text was enough information to get me going, thanks all
for the help.
Best Answer
A shot in the dark, but something I've seen before -- have you made sure that the file share it's coming from allows "Domain Computers" Read and Execute permissions?
To test, run
PsExec -s cmd.exe, which will give you a command prompt running as System. From there try to run the MSI and see if you can.