.: Windows Application Deployment - Server Deployment
|
|
| |
The main deployment technique was initiated by logon script and used Microsoft's Elevated Privileges Application Launcher (EPAL) to install the Outlook package with local admin rights while the user was logged on with their normal non-admin credentials. The server deployment process is explained below:
|
|
Step 1 - Create the Outlook Package
Using the files from the MS Office CD you must first create the Installation package to be used for the CD. Obviously not all the Office files are necessary, a complete list of all files necessary to install outlook can be found here. Once all files have been copied to a separate folder you can then create the Outlook Transforms file that will automatically configure the installation, this can be done as shown here. Lastly, you must create a PRF file that will configure such settings as the default Exchange server and Cached Exchange Mode, again this can be done as shown here.
Please note that this process uses an pre-configured email address to receive the results of the install, this mailbox should be ready for use before the scripts are made active. Once the mailboxes are ready you should put the email addresses in the scripts. All computers will require an internet connection to use the email address.
Step 2 - Replicate Outlook Package and Configure EPAL
The Outlook package was stored on a Domain Controller's Netlogon share in a folder named Netlogon\Deploy\yellowOutlook. When placing files in the netlogon folder, the files will be automatically copied to the same folder on all domain controllers for that domain. Remember that if you copy the same files to multiple DC's at the same time, windows will see them as different files and make separate copies of each file, on each DC, meaning that if you copy the outlook package onto 3 DCs then once replication is complete there will be 3 separate folders with different names on each DC. Copy the outlook package to 1 DC and let windows do the rest, if you have a large network then it might be a good idea to start the copy at the weekend. Also copy Sleep.exe to the Netlogon folder, Sleep.exe is part of the Window 2003 Resource Kit.
Configuring EPAL
Configuring EPAL can be quite difficult, so I will try to explain it as best I can. A separate EPAL configuration must be made for each Domain Controller, where the EPAL config will have a unique name. The EPAL configuration process is as follows:
Create the DC Specific EPAL Program Files
I used the first 4 letters of the Domain Controller's location to name the EPAL program Files, which in my case was how the DCs were named anyway, so it was easy to see what files were linked with which EPAL program. The Outlook package had been replicated to each DC's netlogon share to the path \\Servername\Netlogon\Deploy\YellowOutlook, inside this folder you should create another folder called EPAL and copy the EPAL executable to the this folder. Now make a copy of the Outlook Setup executable SETUPOLK.exe, 1 for each DC. Rename the new executables with the DC specific naming convention.
Example
SetupOLKMANC.exe - for the DC in Manchester.
SetupOLKGLAS.exe for the DC in Glasgow.
SetupOLKLOND.exe for the DC in London.
Once replication is complete there will be an executable for each DC on each DC.
Register the EPAL program with Active Directory
Registering the EPAL programs can be done on any DC but ensure that when entering the command below, the server name is the same as setup executable name, otherwise when the program is run the install will try to use files on a different DC.
Once logged on to a DC with Domain Admin rights, open a command prompt and drag the EPAL.exe file onto the cmd window, this will type the path to the EPAL executable. Enter the following switches:
/C: - Enter the location of the EPAL User Accounts and Groups, ensure that the OUs exist before running the EPAL command.
/R - Enter the path to the Outlook Executable
The full syntax should look like this:
C:\epal.exe /C:ou="Outlook 2003 SP1",ou="EPAL Applications",ou="Global Groups" /R \\server01\NETLOGON\Deploy\YellowOutlook\SetupOLKGLAS.exe
Change the values to suit you server name and Setup file. Once the command is complete, you will be told that:
Created service account: SetupOLKGLAS
Registered program file: \\server01\NETLOGON\Deploy\YellowOutlook\SetupOLKGLAS.exe
Created security group: SetupOLKGLAS Application Users
There will now be a user/service account and a security group in Active Directory at the location specified by the /C: command:
The SetupOLKGLAS.exe program can now be launched under the SetupOLKGLAS user account by users who are members of the "SetupOLKGLAS Application Users" Security Group.
Now, repeat this process for each separate Setup executable that you have.
Step 3 - Create and Configure the Active Directory Users and Groups
In order that you can control deployment of the application to specific users at specific times, you should create an Active Directory Security Group that will hold the names of the users who are to have outlook deployed. When a user's logon script runs, it will use the command line program IFMember.exe to check if the user is a member of this group and if so, outlook is deployed, if not the logon script moves on. In my case this group was named the "Outlook Deploy Group", it is a global security group and can be placed any where in active directory. IFMember.exe is part of the Windows 2003 Resource Kit and should be placed in the Netlogon share on a DC.
In the previous section we created a user/service account for each Outlook executable and a security group to hold the users that will run that exe file.
Now add all of those user/service accounts as members to the "EPAL Application Users" group.
Add the "Outlook Deploy Group" as a member to each of the security groups. Also add the associated user/service account to the security group. Example, the group "SetupOLKGLAS Application Users" group should have the SetupOLKGLAS user/service account and the "Outlook Deploy Group" as its members.
DO NOT add the "Outlook Deploy Group" to the "EPAL Application Users".
Giving the User/Service Accounts Local Admin Rights
There are 3 ways that you can do this without having to manually add them to the local administrators list of each pc.
Using a Group Policy Startup Script
By applying a group policy object (GPO) to the OU that contains the PC's that will receive outlook, you can add the user accounts to the local admins group. It is a good idea not to add this GPO to the default domain policy as this will add the accounts to the local admins group on the member servers too. DCs do not have a local admins group so it does not apply to them and computers left in the Active Directory Computer's Container do not receive group policy.
Open Active Directory Users and Computers by typing DSA.MSC at the run prompt on a DC or computer that has the admin tools installed. Right - click on the OU that holds the PCs and select properties, when the properties window opens select the Group policy Tab. Either create a new GPO or edit a current one and browse to the following location:
Double - click on Startup
Press Add
Press Browse and Locate the Script. The script should be written as follows:
@ECHO off
net localgroup administrators /add "DomainName\EPAL Application Users "
Exit
Change the value for DomainName to that of your domain.
Group Policy can take between 1 and 2 hours to update for a client machine and the script will run only when the pc is next restarted. Alternatively you can use a Logon script which is created inn the same way but is in the following location of the GPO:
This way the pc does not need to be restarted but will require a logoff.
Using Restricted Groups
Before I start, I would like to point out the dangers of using restricted groups. Having learnt the hard way, I can safely say that restricted groups should only be used if you know exactly what you are doing and even then they should be tested thoroughly on a separate isolated test domain first. When a restricted groups policy is used to define the users who can be a local admin, the policy DOES NOT add to the local admin list but deletes it and creates a new one, hence any user who was a local admin will be removed unless he was added to the policy.
So now that I have given the necessary warning, I will now explain how to use a restricted groups policy. Create a new GPO or edit a current one as you did in the previous section:
You should disable the user section in the GPO options on the previous page. Right - click on Restricted Group and select Add Group.
Type Administrators and press OK.
You should add the Domain Admins, Enterprise Admins and EPAL Application Users Groups. Please take a minute or two to consider what other groups should be added from your domain, remember that any user who was a local admin will be removed when the policy is applied if they are not included in the policy itself. Helpdesk staff, member server admins and others will most likely complain when they can no longer do their job because the policy removed them from the local admins group.
The "Members Of" section does not need to be changed.
When Group Policy has replicated, the changes will take effect.
Adding the Accounts to the Domain Admins Group
By adding the "EPAL Applications Users" group to the Domain Admins Security group you will guarantee that the EPAL accounts have sufficient rights to install the application, however they will then be able to administer all servers and DCs. This is the last resort and should only be used if the two previous methods did not work, it is possible for Group Policies to fail to apply for a number of reasons, so making them Domain Admins does have an advantage but make this decision with care.
Security Concerns
The EPAL User/Service Accounts are created for one specific purpose, to install their associated application, once they have been given local admin rights it creates the potential for a hacker to hijack the account and misuse them. In order that this does not happen a few precautions should be taken. Using a GPO that is applied to the EPAL Applications OU configure the following settings:
- Disable the Computer component of the policy
- User Configuration\Administrative Templates\Desktop\Hide and Disable All Items on the Desktop = Enabled
- User Configuration\Administrative Templates\Control Panel\Prohibit Access to the Control panel = Enabled
- User Configuration\Administrative Templates\System\Prevent Access to the Command Prompt = Enabled
- User Configuration\Administrative Templates\System\Prevent Access to the Registry Editing Tools = Enabled
You can also deny access to DCs and Member Servers, both locally and from the network to the user accounts in the Default Domain Controller Policy and the a separate policy for the member servers.
This ensures that if the account is hijacked, then the hacker's access is limited. Now its time to write the scripts that will start the install.
Step 4 - Write the Scripts that Install the Application
There are 4 scripts that make the installation work
Your Own Logon Scripts
The logon script is entered in the properties of the user account in active directory:
The Logon script will be stored in the Netlogon share of a domain controller. The script must include the following text:
copy /y %logonServer%\NETLOGON\Deploy\Deploy.bat %Temp%
%logonServer%\NETLOGON\Sleep.exe 2
%Temp%\Deploy.bat
This code should be placed at the end of the script so it runs last, all drive/printer mappings should occur before this code is called. In my domain I had 150 logonscripts that each had to be modified to include this code, although this took a while, any modifications to the other scripts did not mean another 150 changes as those changes then were made in the other 3 scripts only.
Deploy.bat
This purpose of this script is to check the name of the computer and "Outlook Deploy Group" membership of the user. The script initially prints the word Deploy to let you know that the deploy.bat script has started, it then checks the computer name and if the name matches the name on the right side of the == then it goes to :END and the script exists. Basically the code block IF %ComputerName%==Server01 Goto End exits the script if the computer is a server, you should add this code block for every server in your network, unless you want this application to install on that server. Change the name Server01 to the name of your server.
Once the computer name checks are complete the script uses IFMember.exe to check if the currently logged on user is a member of the "Outlook Deploy Group", if the user is not a member of this group then the script exits, if the user is a member then the script copies YellowOutlook_Start.bat to the computer's Temp folder and then starts it. Change the name of the DomainName to that of your network. The Deploy.bat Script should be stored in the Netlogon\Deploy folder.
Deploy.bat
@ECHO off
ECHO Deploy
IF %ComputerName%==Server01 Goto End
IF %ComputerName%==Server02 Goto End
IF %ComputerName%==Server03 Goto End
IF %ComputerName%==Server04 Goto End
%LogonServer%\NETLOGON\IFmember "DomainName\Outlook Deploy Group"
if not errorlevel 1 goto End
Copy /y %LogonServer%\NETLOGON\Deploy\YellowOutlook\YellowOutlook_Start.bat %Temp%
%LogonServer%\NETLOGON\Sleep.exe 2
%Temp%\YellowOutlook_Start.bat
:End
Exit
YellowOutlook_Start.bat
YellowOutlook_Start.bat decides whether the install has previously run, it also decides what DC the install will be run from and then calls the EPAL%SiteExt%.bat that will start the install. The script first prints "Starting Outlook 2003 SP1 Installation - Please Wait..", letting you know that the Yellowoutlook_Start.bat has started, it then checks for files that indicate that the install has previously run and if these files exist then the script exits. It then checks for the existence for the Outlook 2003 Executable and if found it obtains the computer's IP and starts outlook and applies the previously configured PRF file, the script then emails the install result to a pre configured email address and creates the text file that will stop any further installation attempts.
The script works out the local IP address and then saves the first 3 octets as the variable Subnet. the number of octets used in the variable can be changed by adding or removing the FOR /F "delims=. tokens=3" %%C in (%temp%\justip.txt) DO SET octet3=%%C code block, please note that you must increment the value for tokens= and DO SET octet and %% so that each octet does not overwrite the previous one. Once the subnet variable is ready the script compares it to the subnet of your servers in the code block IF %Subnet%==10.0.0 (Set Server=\\Server01) & (Set SiteExt=Serv01), Change the value for the DC IP Subnet 10.0.0 and the DC name Server01 to suit your network. Also, the value for Serv01 is the EPAL Program specific Code that represents the server that the program files will be installed from, as previously mentioned here.
Once the Domain Controller has been selected, the next scripts are copied to the local Temporary folder and are run.
YellowOutlook_Start.bat
@ECHO off
CLS
ECHO Starting Outlook 2003 SP1 Installation - Please Wait..
IF Exist "C:\Program Files\Microsoft Office\DHLOutlookInstallSuccess.txt" Goto End
IF Exist "%AppData%\OutlookInstallSuccess.txt" Goto End
IF EXIST "%ProgramFiles%\Microsoft Office\OFFICE11\Outlook.exe" Goto ImportPRF
%Windir%\system32\ipconfig.exe > %temp%\ipconfig.txt
type %temp%\ipconfig.txt|findstr /c:"IP Address" > %temp%\ip.txt
type %temp%\ip.txt|findstr /v "0.0.0.0" > %temp%\ip1.txt
FOR /F "delims=: tokens=2" %%I in (%temp%\ip1.txt) DO ECHO %%I > %temp%\justip.txt
FOR /F "delims=. tokens=1" %%A in (%temp%\justip.txt) DO SET octet1=%%A
FOR /F "delims=. tokens=2" %%B in (%temp%\justip.txt) DO SET octet2=%%B
FOR /F "delims=. tokens=3" %%C in (%temp%\justip.txt) DO SET octet3=%%C
del /q %temp%\ip1.txt
del /q %temp%\ip.txt
del /q %temp%\ipconfig.txt
del /q %temp%\justip.txt
Set Subnet=%octet1%.%octet2%.%octet3%
IF %Subnet%==10.0.0 (Set Server=\\Server01) & (Set SiteExt=Serv01)
IF %Subnet%==10.1.0 (Set Server=\\Server02) & (Set SiteExt=Serv02)
IF %Subnet%==10.2.0 (Set Server=\\Server03) & (Set SiteExt=Serv03)
IF %Subnet%==10.3.0 (Set Server=\\Server04) & (Set SiteExt=Serv04)
IF NOT DEFINED Server (Goto IPSubnetError)
Copy /y %Server%\NETLOGON\deploy\YellowOutlook\EPAL\EPAL%SiteExt%.bat %Temp%
Copy /y %Server%\NETLOGON\deploy\YellowOutlook\EPAL\EPAL.exe %Temp%
Copy /y %Server%\NETLOGON\deploy\YellowOutlook\ProcessCheck.vbs %Temp%
Copy /y %Server%\NETLOGON\deploy\YellowOutlook\UserPrompt.vbs %Temp%
%Server%\NETLOGON\Sleep.exe 2
Start /wait %Temp%\UserPrompt.vbs
%Server%\NETLOGON\Sleep.exe 2
start %Temp%\ProcessCheck.vbs
%Server%\NETLOGON\Sleep.exe 2
%Temp%\EPAL%SiteExt%.bat
:END
exit
:ImportPRF
%Windir%\system32\ipconfig.exe > %temp%\ipconfig.txt
type %temp%\ipconfig.txt|findstr /c:"IP Address" > %temp%\ip.txt
type %temp%\ip.txt|findstr /v "0.0.0.0" > %temp%\ip1.txt
FOR /F "delims=: tokens=2" %%I in (%temp%\ip1.txt) DO ECHO %%I > %temp%\justip.txt
FOR /F "delims=. tokens=1" %%A in (%temp%\justip.txt) DO SET octet1=%%A
FOR /F "delims=. tokens=2" %%B in (%temp%\justip.txt) DO SET octet2=%%B
FOR /F "delims=. tokens=3" %%C in (%temp%\justip.txt) DO SET octet3=%%C
del /q %temp%\ip1.txt
del /q %temp%\ip.txt
del /q %temp%\ipconfig.txt
del /q %temp%\justip.txt
Set Subnet=%octet1%.%octet2%.%octet3%
IF %Subnet%==10.0.0 (Set Server=\\Server01) & (Set SiteExt=Serv01)
IF %Subnet%==10.1.0 (Set Server=\\Server02) & (Set SiteExt=Serv02)
IF %Subnet%==10.2.0 (Set Server=\\Server03) & (Set SiteExt=Serv03)
IF %Subnet%==10.3.0 (Set Server=\\Server04) & (Set SiteExt=Serv04)
IF %Server%=="" Set Server=%LogonServer%
ECHO.
ECHO Once Outlook has Opened and you have Entered Your Details, Please Exit Outlook.
"%ProgramFiles%\Microsoft Office\OFFICE11\Outlook.exe" /ImportPRF "%Server%\netlogon\Deploy\YellowOutlook\outlook.prf"
%Server%\netlogon\Sleep.exe 5
%Server%\netlogon\Deploy\YellowOutlook\EmailSuccess.vbs
ECHO Install Successful > "%AppData%\OutlookInstallSuccess.txt"
Exit
:IPSubnetError
copy /y %LogonServer%\NETLOGON\deploy\YellowOutlook\IPSubnetError.vbs %Temp%
%Server%\NETLOGON\\sleep.exe 1
start %temp%\IPSubnetError.vbs
Exit
The Other Scripts Used by YellowOutlook_Start.bat
UserPrompt.vbs
A simple message box telling the user that the outlook installation is about to start
MsgBox"Outlook 2003 SP1 will now be installed", vbOKonly, "Outlook 2003 SP1 Installation"
ProcessCheck.vbs
This script will check every 10 seconds for 30 minutes, to see the outlook 2003 executable is in the correct place, if it is found then it emails the computer name, user name and IP address to the pre configured email address stating that the install was successful, if the file is not found then it emails the result saying that the install was unsuccessful. Change the value for your SMTP server.
On Error Resume Next
Dim objVar, Run, FileExist, Fso, FileOpen, SendMail, FileExist1
Dim CompName, UserName, IntCounter, TempDir, Counter, FileExist3
Dim CMD, AllData, IntStr5, Startpos, AllText, IntStr1, IntStr2, IPDiff
Dim IPEnd, IPStart, IPAddress, ReplaceText, IPAddress1, IntStr3, FinalIP
Set objVar = WScript.CreateObject("WScript.Shell")
Set Fso = CreateObject("Scripting.FileSystemObject")
CompName = objVar.ExpandEnvironmentStrings("%ComputerName%")
UserName = objVar.ExpandEnvironmentStrings("%UserName%")
TempDir = objVar.ExpandEnvironmentStrings("%Temp%")
CMD = objVar.ExpandEnvironmentStrings("%ComSpec% /C ")
Counter = 0
Do While Counter < 1800
WSCript.Sleep 10000
FileExist3 = FSO.FileExists("C:\Program Files\Microsoft Office\Office11\Outlook.exe")
Counter = counter + 1
IF FileExist3 = True Then
Counter = 1800
End If
Loop
If FileExist3 = False Then
Set SendMail = CreateObject("CDO.Message")
SendMail.From = "Email.Address@Domain.com"
SendMail.To = "Email.Address@Domain.com"
SendMail.Subject = "Install Failure - " & UserName & " - " & FinalIP & " - " & CompName
SendMail.TextBody = "Deployment was UnSuccessful, Outlook.exe was not Found."
SendMail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
SendMail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "EnterYourSMTPServerIPorDNSName"
SendMail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = "25"
SendMail.Configuration.Fields.Update
SendMail.Send
End If
RunIPConfig = objvar.run(CMD & "Ipconfig > %TEMP%\000003.tmp", 0, True)
WSCript.Sleep 200
FileExist = FSO.FileExists(TempDir & "\000003.tmp")
StartPos = 1
For IntCounter = 1 to 6
If FileExist = True Then
Set OpenFile = FSO.OpenTextFile(TempDir & "\000003.tmp", 1, False, 0)
OpenFile.Skip(StartPos)
AllText = OpenFile.ReadAll
OpenFile.Close
IntStr1 = Instr(StartPos, AllText, "IP Address", 1)
IntStr2 = InStr(IntStr1, AllText, ": ", 1)
IPStart = IntStr2 + 2
IPEnd = IPStart + 15
IPDiff = IPEnd - IPStart
IPAddress = Mid(AllText, IPStart, IPDiff)
IntStr3 = InStr(1, IPAddress, "0.0.0.0", 1)
If NOT IntStr3 = "0" Then
StartPos = IPEnd
End If
If IntStr3 = "0" Then
IntCounter = 6
End If
End If
Next
IPAddress1 = trim(IPAddress)
ReplaceText = Replace(IPAddress1, vbCr, "")
FinalIP = ReplaceText
FileExist1 = FSO.FileExists("C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.exe")
If FileExist1 = True Then
Set SendMail = CreateObject("CDO.Message")
SendMail.From = "Email.Address@Domain.com"
SendMail.To = "Email.Address@Domain.com"
SendMail.Subject = "Install Success - " & UserName & " - " & FinalIP & " - " & CompName
SendMail.TextBody = "Outlook.exe was found in its Correct Location."
SendMail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
SendMail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "EnterYourSMTPServerIPorDNSName"
SendMail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = "25"
SendMail.Configuration.Fields.Update
SendMail.Send
End If
objVar=Nothing
Run=Nothing
FileExist=Nothing
Fso=Nothing
FileOpen=Nothing
SendMail=Nothing
FileExist1=Nothing
CompName=Nothing
UserName=Nothing
IntCounter=Nothing
TempDir=Nothing
Counter=Nothing
FileExist3=Nothing
CMD=Nothing
AllData=Nothing
IntStr5=Nothing
Startpos=Nothing
AllText=Nothing
IntStr1=Nothing
IntStr2=Nothing
IPDiff=Nothing
IPEnd=Nothing
IPStart=Nothing
IPAddress=Nothing
ReplaceText=Nothing
IPAddress1=Nothing
IntStr3=Nothing
FinalIP=Nothing
On Error Goto 0
WScript.Quit
IPSubnetError.vbs
This script is run if the computer is not on a subnet that holds a DC and hence the install would take place over a WAN link. It is a simple message telling the user to contact the helpdesk. Change the value for your helpdesk's phone number.
MsgBox "Although you have been selected for Deployment, Setup has discovered that your Network Address does not match " & _
"any of the Designated Deployment Sites. Please Contact the dedicated Outlook Deployment Helpdesk on 01234 567 890 " & _
"and inform them of this error. Thank You", vbOKOnly + vbExclamation, "Outlook Deployment"
WScript.Quit
After this script has run the install process will exit.
EPAL%SiteExt%.bat
This script starts the outlook install using the Active Directory EPAL user account and the setup files on the associated Domain Controller. The decision about whether a pc is a laptop or a desktop is decided by the existence of the windows battery driver, C:\Windows\System32\Battc.sys, if the driver exists then the chances are that the pc is a laptop. Please remember the naming convention of this script, for example, in my domain this script could have been called EPALGLAS.bat and the servername would then be chnaged to the DC in Glasgow. Also remember to create an EPAL script for each DC that will initiate an install. These scripts should be placed in the Netlogon\deploy\YellowOutlook\EPAL folder.
@ECHO off
IF EXIST %WinDir%\System32\Drivers\Battc.sys Goto Laptop
%temp%\EPAL /p /C:OU="Outlook 2003 SP1",OU="EPAL Applications",OU="Global Groups" "\\GLASDC01\NETLOGON\deploy\YellowOutlook\SETUPOLKGLAS.exe" TRANSFORMS="\\GLASDC01\NETLOGON\deploy\YellowOutlook\OutlookDesktop.MST""
Goto End
:Laptop
%temp%\EPAL /p /C:OU="Outlook 2003 SP1",OU="EPAL Applications",OU="Global Groups" "\\GLASDC01\NETLOGON\deploy\YellowOutlook\SETUPOLKGLAS.exe" TRANSFORMS="\\GLASDC01\NETLOGON\deploy\YellowOutlook\OutlookLaptop.MST""
:End
exit
Step 5 - Last Minute Checks
Right, so, you should now have a Netlogon folder that contains the following files:
and a Deploy folder that looks like this:
and a YellowOutlook folder that contains:
and last of all an EPAL folder that holds:
Once you have confirmed that these folders contain the right files then create a domain user account, give it a logon script, put this user in the Outlook Deploy Group and logon to a pc. If the install does not complete then look to the next section for troubleshooting.
Step 6 - Troubleshooting
Off the top of my head, here a a few errors that i got when i ran the install the first few times:
The Install did not start
Remember that the 3 scripts print specific text to the command window when they start, this can tell you in which script the error occurs. Once known go to that script and make sure that all the files are in their correct location. Also remember that there are IF statements that will exit the script if they are true, such as, if the script is run on a server and if the install was previously run. Also if Outlook is already installed then the install will not begin.
The install reported that the user did not have the appropriate admin privileges
Make sure that the Active Directory group membership between the EPAL programs is correct as shown in Step 3. Also if you are using restricted groups or the Add user to local admin script then remember that both these methods use Group Policy to apply these changes, therefore make sure that the compute account is in an Active Directory OU that receives this policy and then force a GP update at the command line with GPUpdate /force.
The install starts but takes about an hour to complete
This is probably an error when registering the EPAL program in Step 2. When registering the EPAL program make sure that the path to the program points to the server from which the program will eventually be installed. In this case the install files are being transferred from a remote server over a WAN link and this is why it takes so long. Delete the EPAL User account and Group for that instance and re-register it.
Right, thats it, now one last thing:
Test, Test and Test again.
Enjoy.
To learn how to Install Outlook via a CD, click here.
Web site contents © Copyright Alan Phipps 2006, All rights reserved.
Website templates
|
