L.P.H. van Belle
2014-Oct-15 09:25 UTC
[Samba] Software installation by GPO ( success and fail )
Hai, In a bit testing with software deployment through GPO. ? Now i noticed te following. If i setup my software source somewhere on the sysvol share ( and probely any other share on the DC) then i can deploy the software with computer and user GPO setting. Aka works ok good all settings with software deployment. ? Now i noticed the following. I did setup a share on a member server the AD Domain, i did setup the same rights as the sysvol share used. Now deployment with GPO does not work any more. Not as user policy or computer policy works if i want to install before logon or after login.? The message in event logs: ( translated ) failed to install the error is %%1612 error 1612 tels me unable to access the source. ? ( aka looks like the machine is unable to get to the software. ) But im 100% sure the computer can access this, why does it work on sysvol and not on a member server with exact the same rights on share, folder and files. ? So im wonders who is installing software through GPO objects as machine/user policy from a member server. And where it works, because i cant find where this is going wrong. ? Thanks Louis ? ?
Denis Cardon
2014-Oct-15 10:21 UTC
[Samba] Software installation by GPO ( success and fail )
Hi Louis,> Hai, In a bit testing with software deployment through GPO. > > Now i noticed te following. If i setup my software source somewhere on the sysvol share ( and probely any other share on the DC) > then i can deploy the software with computer and user GPO setting. Aka works ok good all settings with software deployment. > > Now i noticed the following. > I did setup a share on a member server the AD Domain, i did setup the same rights as the sysvol share used. > Now deployment with GPO does not work any more. > Not as user policy or computer policy works if i want to install before logon or after login. > The message in event logs: > ( translated ) failed to install the error is %%1612 error 1612 tels me unable to access the source. > > ( aka looks like the machine is unable to get to the software. ) But im 100% sure the computer can access this, > why does it work on sysvol and not on a member server with exact the same rights on share, folder and files. > > So im wonders who is installing software through GPO objects as machine/user policy from a member server. > And where it works, because i cant find where this is going wrong.The computer gpo use the machine account to connect to the share. You can try to simulate a connexion through localsystem account using psexec [1] with the following command [2] : psexec -i -s cmd.exe a new cmd.exe windows will open running as localsystem account and then you can try to connect to the share where your software setup files are located net use f: \\myserver\myshare However IMHO, group policies are not a proper solution for software deployment (and MS would also advise you to use SCCM for that purpose). We developped an opensource solution for that purpose similar to apt-get [3]. Don't hesitates to ask me if you have any questions. Cheers, Denis [1] http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx [2] http://verbalprocessor.com/2007/12/05/running-a-cmd-prompt-as-local-system/ [3] http://dev.tranquil.it/wiki/WAPT> > Thanks Louis > > >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, b?timent A 12 avenue Jules Verne 44230 Saint S?bastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
L.P.H. van Belle
2014-Oct-15 10:52 UTC
[Samba] Software installation by GPO ( success and fail )
Great, thank you for this info, going to check this. and yes, i've seen wapt, thats the next im going to try. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: Denis Cardon [mailto:denis.cardon at tranquil-it-systems.fr] >Verzonden: woensdag 15 oktober 2014 12:21 >Aan: L.P.H. van Belle; samba at lists.samba.org >Onderwerp: Re: [Samba] Software installation by GPO ( success >and fail ) > >Hi Louis, > >> Hai, In a bit testing with software deployment through GPO. >> >> Now i noticed te following. If i setup my software source >somewhere on the sysvol share ( and probely any other share on the DC) >> then i can deploy the software with computer and user GPO >setting. Aka works ok good all settings with software deployment. >> >> Now i noticed the following. >> I did setup a share on a member server the AD Domain, i did >setup the same rights as the sysvol share used. >> Now deployment with GPO does not work any more. >> Not as user policy or computer policy works if i want to >install before logon or after login. >> The message in event logs: >> ( translated ) failed to install the error is %%1612 error >1612 tels me unable to access the source. >> >> ( aka looks like the machine is unable to get to the >software. ) But im 100% sure the computer can access this, >> why does it work on sysvol and not on a member server with >exact the same rights on share, folder and files. >> >> So im wonders who is installing software through GPO objects >as machine/user policy from a member server. >> And where it works, because i cant find where this is going wrong. > >The computer gpo use the machine account to connect to the share. You >can try to simulate a connexion through localsystem account >using psexec >[1] with the following command [2] : > psexec -i -s cmd.exe > >a new cmd.exe windows will open running as localsystem account >and then >you can try to connect to the share where your software setup >files are >located > net use f: \\myserver\myshare > >However IMHO, group policies are not a proper solution for software >deployment (and MS would also advise you to use SCCM for that >purpose). >We developped an opensource solution for that purpose similar >to apt-get >[3]. Don't hesitates to ask me if you have any questions. > >Cheers, > >Denis > > >[1] http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx >[2] >http://verbalprocessor.com/2007/12/05/running-a-cmd-prompt-as-l >ocal-system/ >[3] http://dev.tranquil.it/wiki/WAPT > >> >> Thanks Louis >> >> >> > > >-- >Denis Cardon >Tranquil IT Systems >Les Espaces Jules Verne, b?timent A >12 avenue Jules Verne >44230 Saint S?bastien sur Loire >tel : +33 (0) 2.40.97.57.55 >http://www.tranquil-it-systems.fr > >