samba - Oct 2014 - Software installation by GPO ( success and fail )

Hai, In a bit testing with software deployment through GPO. 
?
Now i noticed te following. If i setup my software source somewhere on the
sysvol share ( and probely any other share on the DC)
then i can deploy the software with computer and user GPO setting. Aka works ok
good all settings with software deployment.
?
Now i noticed the following. 
I did setup a share on a member server the AD Domain, i did setup the same
rights as the sysvol share used.
Now deployment with GPO does not work any more.
Not as user policy or computer policy works if i want to install before logon or
after login.?
The message in event logs: 
( translated ) failed to install the error is %%1612 error 1612 tels me unable
to access the source.
?
( aka looks like the machine is unable to get to the software. ) But im 100%
sure the computer can access this,
why does it work on sysvol and not on a member server with exact the same rights
on share, folder and files.
?
So im wonders who is installing software through GPO objects as machine/user
policy from a member server.
And where it works, because i cant find where this is going wrong. 
?
Thanks Louis 
?
?

Hi Louis,
> Hai, In a bit testing with software deployment through GPO.
>
> Now i noticed te following. If i setup my software source somewhere on the
sysvol share ( and probely any other share on the DC)
> then i can deploy the software with computer and user GPO setting. Aka
works ok good all settings with software deployment.
>
> Now i noticed the following.
> I did setup a share on a member server the AD Domain, i did setup the same
rights as the sysvol share used.
> Now deployment with GPO does not work any more.
> Not as user policy or computer policy works if i want to install before
logon or after login.
> The message in event logs:
> ( translated ) failed to install the error is %%1612 error 1612 tels me
unable to access the source.
>
> ( aka looks like the machine is unable to get to the software. ) But im
100% sure the computer can access this,
> why does it work on sysvol and not on a member server with exact the same
rights on share, folder and files.
>
> So im wonders who is installing software through GPO objects as
machine/user policy from a member server.
> And where it works, because i cant find where this is going wrong.
The computer gpo use the machine account to connect to the share. You 
can try to simulate a connexion through localsystem account using psexec 
[1] with the following command [2] :
  psexec -i -s cmd.exe

a new cmd.exe windows will open running as localsystem account and then 
you can try to connect to the share where your software setup files are 
located
  net use f: \\myserver\myshare

However IMHO, group policies are not a proper solution for software 
deployment (and MS would also advise you to use SCCM for that purpose). 
We developped an opensource solution for that purpose similar to apt-get 
[3]. Don't hesitates to ask me if you have any questions.

Cheers,

Denis


[1] http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
[2] 
http://verbalprocessor.com/2007/12/05/running-a-cmd-prompt-as-local-system/
[3] http://dev.tranquil.it/wiki/WAPT
>
> Thanks Louis
>
>
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, b?timent A
12 avenue Jules Verne
44230 Saint S?bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

Great, thank you for this info, going to check this. 

and yes, i've seen wapt, thats the next im going to try. 

Greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: Denis Cardon [mailto:denis.cardon at tranquil-it-systems.fr] 
>Verzonden: woensdag 15 oktober 2014 12:21
>Aan: L.P.H. van Belle; samba at lists.samba.org
>Onderwerp: Re: [Samba] Software installation by GPO ( success 
>and fail )
>
>Hi Louis,
>
>> Hai, In a bit testing with software deployment through GPO.
>>
>> Now i noticed te following. If i setup my software source 
>somewhere on the sysvol share ( and probely any other share on the DC)
>> then i can deploy the software with computer and user GPO 
>setting. Aka works ok good all settings with software deployment.
>>
>> Now i noticed the following.
>> I did setup a share on a member server the AD Domain, i did 
>setup the same rights as the sysvol share used.
>> Now deployment with GPO does not work any more.
>> Not as user policy or computer policy works if i want to 
>install before logon or after login.
>> The message in event logs:
>> ( translated ) failed to install the error is %%1612 error 
>1612 tels me unable to access the source.
>>
>> ( aka looks like the machine is unable to get to the 
>software. ) But im 100% sure the computer can access this,
>> why does it work on sysvol and not on a member server with 
>exact the same rights on share, folder and files.
>>
>> So im wonders who is installing software through GPO objects 
>as machine/user policy from a member server.
>> And where it works, because i cant find where this is going wrong.
>
>The computer gpo use the machine account to connect to the share. You 
>can try to simulate a connexion through localsystem account 
>using psexec 
>[1] with the following command [2] :
>  psexec -i -s cmd.exe
>
>a new cmd.exe windows will open running as localsystem account 
>and then 
>you can try to connect to the share where your software setup 
>files are 
>located
>  net use f: \\myserver\myshare
>
>However IMHO, group policies are not a proper solution for software 
>deployment (and MS would also advise you to use SCCM for that 
>purpose). 
>We developped an opensource solution for that purpose similar 
>to apt-get 
>[3]. Don't hesitates to ask me if you have any questions.
>
>Cheers,
>
>Denis
>
>
>[1] http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
>[2] 
>http://verbalprocessor.com/2007/12/05/running-a-cmd-prompt-as-l
>ocal-system/
>[3] http://dev.tranquil.it/wiki/WAPT
>
>>
>> Thanks Louis
>>
>>
>>
>
>
>-- 
>Denis Cardon
>Tranquil IT Systems
>Les Espaces Jules Verne, b?timent A
>12 avenue Jules Verne
>44230 Saint S?bastien sur Loire
>tel : +33 (0) 2.40.97.57.55
>http://www.tranquil-it-systems.fr
>
>