Tutorials

How to deploy software from an installation share with a group policy on Windows Server Essentials

How to deploy software from an installation share with a group policy on Windows Server Essentials

When you have more then a couple of clients in your network you no longer want to run around with USB sticks and install software. There are better ways doing this, even with a Windows Server Essentials. You, as the admin, need to do some work but then you will see installing software on remote clients from your server is a breeze. In this tutorial we will have a look at a default Windows Server Essentials 2016 installation. That installation has some default Organizational Units and Group Policies and we will use those to implement our software deployment. But we will also look at another situation where only a small part of our desktop clients should get the software pushed.

In this tutorial we will deploy an antivirus package from Panda software but it can be any package as long as it is a .msi file and the package allows this type of installation. If you need more information on how to create a working installation package for your software deployment make sure you read the documentation of your vendor. Some of them require you to inject registration keys into the packages! We do not intend to explain everything concerning Group Policies but we merely want to offer you a solution that fits most small business but it can be a foundation for more thinking and creative solutions tailored to your own infrastructure. If you need help with that just ask me!

In our network we have 3 desktops and all are in the same OU, the default Computers OU. We will create a software deployment GPO that will push the Panda antivirus agent from a special share on our server. I prefer to create a share inside the Serverfolders. That Serverfolders folder is the default location of all the folders that are created by default with a Windows Server Essentials installation, any subsequent folder that you share and create from within the Dashboard will be created in the Serverfolders share. I will create a new shared folder called SoftwareDeployment.

Let us have a look at what Organizational Units and Group Policies are available in a default WSE 2016 installation. In most cases the 2012 version of Windows Server Essentials does look the same but if your server is migrated from an older version like SBS 2011 or even older versions like 2008 or 2003 the structure will look different but the idea is the same.

  1. From the Server Manager (not the Dashboard) choose Tools –> Group Policy Management.
    A typical Windows Server Essentials 2016 Active Directory and its OU’s and GPO’s
  2. The Group Policies and WMI filters that begin with WSE are the ones created when you installed the server initially. Group Policy is a hierarchical infrastructure that allows a network administrator in charge of Microsoft's Active Directory to implement specific configurations for users and computers. Group Policy can also be used to define user, security and networking policies at the machine level. More reading Group Policy for Beginners
    A typical Windows Server Essentials 2016 Active Directory and its OU’s and GPO’s
  3. From Server Manager start Active Directory Users and Computers.
    A typical Windows Server Essentials 2016 Active Directory and its OU’s and GPO’s
  4. In the Active Directory Container ‘Computers’ we will find our desktop clients we have joined to the domain with Connector software. An organizational unit (OU) is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units. You can create organizational units to mirror your organization's functional or business structure. More reading Understanding Organizational Units
    A typical Windows Server Essentials 2016 Active Directory and its OU’s and GPO’s
  5. And in the Active Directory Container ‘Users’ we will find all Users and all Security Groups.
    A typical Windows Server Essentials 2016 Active Directory and its OU’s and GPO’s
     
  1. Inside the ServerFolders folder on a typical Windows Server Essentials right click and choose New –> Folder
    Create a software distribution share where we will store the application
  2. Name the folder SoftwareDistribution.
    Create a software distribution share where we will store the application
  3. Right click the folder and choose properties
    Create a software distribution share where we will store the application
  4. Click Advanced Sharing
    Create a software distribution share where we will store the application
  5. Check ‘Share this folder’.
    Create a software distribution share where we will store the application
  6. Click Permissions and click add.
    Create a software distribution share where we will store the application
  7. Type ‘SYSTEM’  and click Check Names
    Create a software distribution share where we will store the application
  8. Choose SYSTEM as in the screenshot
    Create a software distribution share where we will store the application
  9. Click OK
    Create a software distribution share where we will store the application
  10. Give SYSTEM full control
    Create a software distribution share where we will store the application
  11. Also add Authenticated Users and Domain Computers. Give both of them Read permissions
    Create a software distribution share where we will store the application
  12. Copy your application to the folder you just created ‘SoftwareDistribution’.
    Create a software distribution share where we will store the application
  13. Browse to \\server-name\SoftwareDistribution and see if the file you just copied is there. Copy \\server-name\SoftwareDistribution on to the clipboard so you can use it later when we create the policy
    Create a software distribution share where we will store the application
     
  1. Open Group Policy Management from the Server Manager.
    Installing software on client computers who are in the Computer OU
  2. Right click Group Policy Objects and choose New
    Installing software on client computers who are in the Computer OU
  3. Give the new GPO a name
    Installing software on client computers who are in the Computer OU
  4. Select the GPO you just created and choose edit
    Installing software on client computers who are in the Computer OU
  5. Open Computer Configuration\Policies\Software Settings and right click and choose Properties.
    Installing software on client computers who are in the Computer OU
  6. You can click browse but on a default WSE 2016 it does not return anything. That is why we copied the path earlier in this tutorials, past it in the ‘Default Package Location’ box, check Assign and choose Basic for Interface Options.
    Installing software on client computers who are in the Computer OU
  7. Click OK
    Installing software on client computers who are in the Computer OU
  8. Right click ‘Software installation’ and choose New –> Package
    Installing software on client computers who are in the Computer OU
  9. Choose your application
    Installing software on client computers who are in the Computer OU
  10. Once listed choose Properties
    Installing software on client computers who are in the Computer OU
  11. In our case we had trouble because the application did not want to install nor did we see an error on our clients. See that this product shows that it is in Chinese? Strange but when you install it it shows in English. We will fix this in the next step.
    Installing software on client computers who are in the Computer OU
  12. Choose the Deployment tab
    Installing software on client computers who are in the Computer OU
  13. Make sure you check ‘Ignore language when deploying this package’. It will install with the correct language which is the same as the OS is. This seems to me a bug in the Panda msi or the package needs to be changed but that is out of the scope of this tutorial.
    Installing software on client computers who are in the Computer OU
  14. Now that we have changed language setting click OK
    Installing software on client computers who are in the Computer OU
  15. Close Group Policy Management Editor
    Installing software on client computers who are in the Computer OU
  16. We are back in Group Policy Management and our new GPO is listed but it does not do anything yet.
    Installing software on client computers who are in the Computer OU
  17. I suggest you change to the default WSE Group Policy WMI filter to make sure this policy gets applied to client OS only
    Installing software on client computers who are in the Computer OU
  18. Remove Authenticated Users
    Installing software on client computers who are in the Computer OU
  19. OK
    Installing software on client computers who are in the Computer OU
  20. Click OK again
    Installing software on client computers who are in the Computer OU
  21. Click Add
    Installing software on client computers who are in the Computer OU
  22. Type Domain and then Check Names
    Installing software on client computers who are in the Computer OU
  23. Choose Domain Computers
    Installing software on client computers who are in the Computer OU
  24. Click OK
    Installing software on client computers who are in the Computer OU
  25. Do the same for Domain Users.
    Installing software on client computers who are in the Computer OU
  26. Now we an link the GPO to our domain at the highest level. This way it will get applied to all our computers with client Operating Systems installed.
    Installing software on client computers who are in the Computer OU
  27. Choose the WSE Group Policy Software Deployment
    Installing software on client computers who are in the Computer OU
  28. Small optimization is needed. As this policy only has Computer settings we should disable User Settings. That will make processing GPO’s on the clients more efficient and faster.
    Installing software on client computers who are in the Computer OU
  29. Click OK
    Installing software on client computers who are in the Computer OU
  30. Go to a client in your network and run an elevated command prompt and type gpupdate /force. Because we have added a Software Deployment policy it needs to reboot and as shown in the screenshot it will do that. Now if you do not see anything about rebooting and you only see something about logging off and on on again something is wrong with your policy.
    Installing software on client computers who are in the Computer OU
  31. Windows will reboot.
    Installing software on client computers who are in the Computer OU
  32. Check System in the Event Viewer, it will show you that it has started installing the application. In our case the policy just dumps a runtime in the Program Files folder and starts installation from there. It will download the actual installation from the Internet and then starts to install it. This can take some time, be patient.
    Installing software on client computers who are in the Computer OU
  33. You can check Program Files for Panda Security
    Installing software on client computers who are in the Computer OU
  34. Another Event is logged in the Application log telling us that installation is started.
    Installing software on client computers who are in the Computer OU
  35. And finally the software has been installed.
    Installing software on client computers who are in the Computer OU
     

In some circumstances you may need to apply the software distribution only to some computers and not all of them. In this example our company has multiple offices around the country, one in Seattle, one in Dallas and one in Chicago. For those offices we have created Organizational Units and in those OU’s we created Sales, Marketing and Desktops. We want to apply our Software Deployment to the Desktops OU in Seattle. Before that will work we need to move the Computers from the Computers Container in Active Directory Users and Computers to the Desktops OU in Seattle. After we have done this we can link the Software Deployment GPO to the Seattle Desktops OU. Here we go.

  1. Right click your domain and choose New Organizational Unit
    Apply software distribution only to some computers within a separate Organizational Unit
  2. We have an Office in Seattle so we named our OU Seattle and we created some OU’s in there like Desktops, Marketing and Sales.
    Apply software distribution only to some computers within a separate Organizational Unit
  3. Open Active Directory Users and Computers from the Server Manager. Desktop-03 is located in Seattle so we move it to that OU
    Apply software distribution only to some computers within a separate Organizational Unit
  4. You can drag and drop the Computer account to the Seattle\Desktops OU
    Apply software distribution only to some computers within a separate Organizational Unit
  5. It is now listed in the other OU
    Apply software distribution only to some computers within a separate Organizational Unit
  6. We are back in Group Policy Management and right click the Desktop OU and choose to link an existing GPO
    Apply software distribution only to some computers within a separate Organizational Unit
  7. Choose the Software Deployment GPO
    Apply software distribution only to some computers within a separate Organizational Unit
  8. In the overview you see the GPO is now linked to the Seattle Desktops OU only. Boot Desktop-03 and see if the software installs. It should only be installed on Desktop-03, the other 2 in this example will not get the software pushed.
    Apply software distribution only to some computers within a separate Organizational Unit
     

Join our community. Great content, great people!

Like what you see? Join us for free*

Subscribe and receive ‘how to’ and ‘best practice’ articles on server and cloud maintenance, design and troubleshooting.

  • Monthly newsletter with a summary of all new tutorials
  • Get an email as soon as a new tutorial has been published

What others say about the tutorials