Help with deploying Chrome MSI via a GPO

Amraam

Amraam

Amraam

Soldato
Joined
5 Jan 2009
Posts
4,760
Hi all,

Having a right ballache getting chrome to deploy and install via a GPO. I have created a simple GPO called InstallChrome and linked (and enabled) it to a test OU. Server is 2012R2 and replication appears to be working from my limited access. So I drag PCs into this test ou, and reboot them When I look at RSOP.msc, I see that the GPO has applied but has failed because it cannot locate the source of the installer. Now, if I UNC directly to \\<serverDC>\NETLOGON and manually try to run the MSI, it fails also. I can see the MSI amonst the files, but it will not run - exact same error. Now, the MSI is fine because if I copy it to a shared drive on my admin PC, it runs fine. Am I right in thinking that because it's a machine policy, not user, NETLOGON on the DC needs the security group that contains the PCs added to the permissions on the server share, even if it's read only?

Even stranger is that my Windows 7 test PC works, but there is no WMI filtering applied at all - it is literally a simple Software Deployment policy tied to a test OU.
Any help would be great appreciated!

BTW, I'm pretty new to managing policies. I strictly shouldn't be doing this at work as I'm only desktop support, but I've got unofficial permission to have a go at this so my level of fiddling is severely limited.

Thanks!
 
While there's probably a much more common explanation forthcoming, I had a puzzling one, so perhaps something to rule out in the meantime.

For no obvious reason I couldn't push out an MSI through GPO (I think it was Flash) if the path or file name had spaces in it. I could enter the direct path in a command manually and it would install fine, but it wouldn't do it through GPO.

I spent days trying to find what was stopping it, and afterwards days trying to understand why, but since it's worked I've just resorted to using the plain old DOS-based 8.3 file naming standard and everything I've tried since has worked perfectly. Bloody Windows.

Something to try perhaps.



Have to say though that Chrome's MSIs and GPO extensions are fantastic. The only thing missing that I want is the ability to place the bookmarks file outside of the Chrome user folder on a network drive (the Chrome user folder receives thousands of hits, so you can't realistically move the entire folder to a server, and last I looked you can't separate the bookmarks file from the user folder).
 
this_is_gav said:
While there's probably a much more common explanation forthcoming, I had a puzzling one, so perhaps something to rule out in the meantime.

For no obvious reason I couldn't push out an MSI through GPO (I think it was Flash) if the path or file name had spaces in it. I could enter the direct path in a command manually and it would install fine, but it wouldn't do it through GPO.

I spent days trying to find what was stopping it, and afterwards days trying to understand why, but since it's worked I've just resorted to using the plain old DOS-based 8.3 file naming standard and everything I've tried since has worked perfectly. Bloody Windows.

Something to try perhaps.



Have to say though that Chrome's MSIs and GPO extensions are fantastic. The only thing missing that I want is the ability to place the bookmarks file outside of the Chrome user folder on a network drive (the Chrome user folder receives thousands of hits, so you can't realistically move the entire folder to a server, and last I looked you can't separate the bookmarks file from the user folder).
Click to expand...

Thanks mate. Nope, no spaces.
\\<server>\NETLOGON\googlechromestandaloneenterprise.msi

Have renamed the file and updated the policy also to no avail. The PCs are on XP and the DC was 2003, but they created two new DCs on 2012 and made them the active ones, and migrated the AD structure from the old DCs. I wonder if permissions or some form of filtering hasn't translated correctly...
 
Last edited:
Update: I've copied the filed to my Windows 7 admin PC: \\<AdminPC>\e$\chrome\googlechromestandaloneenterprise.msi and adjusted the policy but it gets the same error. HOWEVER, if I UNC to it I can run the installer.

This is really bizarre, can anyone please advise?

EDIT: Found this. Do you think creating another sub folder would help?
http://support.microsoft.com/kb/889710
 
Last edited:
Maybe I'm being old fashioned, but I wouldn't put MSI files in NETLOGON. Make a dedicated share for them (and just set the security to read only for everyone).
 
You must log in or register to reply here.
Back
Top Bottom