Installing Service Packs
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Morning
Can someone guide me on how to install a service pack to a user workstation
through active directory.
Thanks
Nik
Morning
Can someone guide me on how to install a service pack to a user workstation
through active directory.
Thanks
Nik
More about : installing service packs
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Hi Nik, not too sure are you referring to the recent Win XP SP2? Anyway,
download Win XP SP2 from
http://download.microsoft.com/download/1/6/5/165b076b-a...
Inside the SP2 contains a Update.MSI in i386\update. Use this MSI file to
assign to your PCs in Active Directory.
If you are referring to other patches / service packs, you will need a 3rd
party tool like WinInstall LE 2003 from
http://downloads1.ondemandsoftware.com/download/install...
This tool use the before/after changes to produce a MSI file. Then use the
same method above to deploy patches/ service packs to your PCs in AD.
Hope this helps.
"Nik" wrote:
> Morning
> Can someone guide me on how to install a service pack to a user workstation
> through active directory.
>
> Thanks
> Nik
>
>
>
Hi Nik, not too sure are you referring to the recent Win XP SP2? Anyway,
download Win XP SP2 from
http://download.microsoft.com/download/1/6/5/165b076b-a...
Inside the SP2 contains a Update.MSI in i386\update. Use this MSI file to
assign to your PCs in Active Directory.
If you are referring to other patches / service packs, you will need a 3rd
party tool like WinInstall LE 2003 from
http://downloads1.ondemandsoftware.com/download/install...
This tool use the before/after changes to produce a MSI file. Then use the
same method above to deploy patches/ service packs to your PCs in AD.
Hope this helps.
"Nik" wrote:
> Morning
> Can someone guide me on how to install a service pack to a user workstation
> through active directory.
>
> Thanks
> Nik
>
>
>
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Nik,
This is just like any other deployment of software via Group Policy. You
would simply have to assign it to the computer configuration ( NOTE: You can
not publish this.....it must be assigned ). Make sure that this GPO is
linked to the OU ( assuming that you would be doing this to the OU level ).
Make sure that the computer account objects that you want to receive this
GPO reside directly in the OU to which you linked the GPO. Once you have
configured the GPO you have to reboot the computers to be affected.
Does this help you?
Cary
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> Morning
> Can someone guide me on how to install a service pack to a user
workstation
> through active directory.
>
> Thanks
> Nik
>
>
Nik,
This is just like any other deployment of software via Group Policy. You
would simply have to assign it to the computer configuration ( NOTE: You can
not publish this.....it must be assigned ). Make sure that this GPO is
linked to the OU ( assuming that you would be doing this to the OU level ).
Make sure that the computer account objects that you want to receive this
GPO reside directly in the OU to which you linked the GPO. Once you have
configured the GPO you have to reboot the computers to be affected.
Does this help you?
Cary
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> Morning
> Can someone guide me on how to install a service pack to a user
workstation
> through active directory.
>
> Thanks
> Nik
>
>
Archived from groups: microsoft.public.win2000.group_policy (More info?)
I would like to think one of these will help. I have just a few users who do
not have the Win2000 SP4 service pack on their computer so I wanted to
install it on just those users without having to go to their desk.
I'll try this.
Thanks for both responses.
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news![:o]( ":o")
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...
> Nik,
>
> This is just like any other deployment of software via Group Policy. You
> would simply have to assign it to the computer configuration ( NOTE: You
can
> not publish this.....it must be assigned ). Make sure that this GPO is
> linked to the OU ( assuming that you would be doing this to the OU
level ).
> Make sure that the computer account objects that you want to receive this
> GPO reside directly in the OU to which you linked the GPO. Once you have
> configured the GPO you have to reboot the computers to be affected.
>
> Does this help you?
>
> Cary
>
> "Nik" <nik(don't use)@webworksgy.com> wrote in message
> news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > Morning
> > Can someone guide me on how to install a service pack to a user
> workstation
> > through active directory.
> >
> > Thanks
> > Nik
> >
> >
>
>
I would like to think one of these will help. I have just a few users who do
not have the Win2000 SP4 service pack on their computer so I wanted to
install it on just those users without having to go to their desk.
I'll try this.
Thanks for both responses.
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...> Nik,
>
> This is just like any other deployment of software via Group Policy. You
> would simply have to assign it to the computer configuration ( NOTE: You
can
> not publish this.....it must be assigned ). Make sure that this GPO is
> linked to the OU ( assuming that you would be doing this to the OU
level ).
> Make sure that the computer account objects that you want to receive this
> GPO reside directly in the OU to which you linked the GPO. Once you have
> configured the GPO you have to reboot the computers to be affected.
>
> Does this help you?
>
> Cary
>
> "Nik" <nik(don't use)@webworksgy.com> wrote in message
> news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > Morning
> > Can someone guide me on how to install a service pack to a user
> workstation
> > through active directory.
> >
> > Thanks
> > Nik
> >
> >
>
>
Related ressources
- installing service packs - Forum
- Install service packs straight away? - Forum
- XP can't see entire drive after new install AND service packs ! - Forum
- Difference between service packs - Forum
- XP pro hangs at install, new drive, no service packs - Forum
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Nik,
I hope that I did not ass/u/me that you have deployed applications via GPO
before. If you have not and need / want some assistance with the set up I
would gladly help you. Once you have done it a couple of times it is as
easy as brushing your teeth. But, there are a several things that must be
in order for it to work!
Also, since you mention that there are only a few computers that need SP4 I
can show you a way to know exactly which computers have which Service Pack
installed. You would use something called ldifde ( that is LDIFDE ). It is
really a nice tool. In WIN2003 environments you would probably use the
newer ds* tools, though.
HTH,
Cary
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> I would like to think one of these will help. I have just a few users who
do
> not have the Win2000 SP4 service pack on their computer so I wanted to
> install it on just those users without having to go to their desk.
>
> I'll try this.
> Thanks for both responses.
>
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news![:o]( ":o")
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...
> > Nik,
> >
> > This is just like any other deployment of software via Group Policy.
You
> > would simply have to assign it to the computer configuration ( NOTE: You
> can
> > not publish this.....it must be assigned ). Make sure that this GPO is
> > linked to the OU ( assuming that you would be doing this to the OU
> level ).
> > Make sure that the computer account objects that you want to receive
this
> > GPO reside directly in the OU to which you linked the GPO. Once you
have
> > configured the GPO you have to reboot the computers to be affected.
> >
> > Does this help you?
> >
> > Cary
> >
> > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > Morning
> > > Can someone guide me on how to install a service pack to a user
> > workstation
> > > through active directory.
> > >
> > > Thanks
> > > Nik
> > >
> > >
> >
> >
>
>
Nik,
I hope that I did not ass/u/me that you have deployed applications via GPO
before. If you have not and need / want some assistance with the set up I
would gladly help you. Once you have done it a couple of times it is as
easy as brushing your teeth. But, there are a several things that must be
in order for it to work!
Also, since you mention that there are only a few computers that need SP4 I
can show you a way to know exactly which computers have which Service Pack
installed. You would use something called ldifde ( that is LDIFDE ). It is
really a nice tool. In WIN2003 environments you would probably use the
newer ds* tools, though.
HTH,
Cary
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> I would like to think one of these will help. I have just a few users who
do
> not have the Win2000 SP4 service pack on their computer so I wanted to
> install it on just those users without having to go to their desk.
>
> I'll try this.
> Thanks for both responses.
>
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...> > Nik,
> >
> > This is just like any other deployment of software via Group Policy.
You
> > would simply have to assign it to the computer configuration ( NOTE: You
> can
> > not publish this.....it must be assigned ). Make sure that this GPO is
> > linked to the OU ( assuming that you would be doing this to the OU
> level ).
> > Make sure that the computer account objects that you want to receive
this
> > GPO reside directly in the OU to which you linked the GPO. Once you
have
> > configured the GPO you have to reboot the computers to be affected.
> >
> > Does this help you?
> >
> > Cary
> >
> > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > Morning
> > > Can someone guide me on how to install a service pack to a user
> > workstation
> > > through active directory.
> > >
> > > Thanks
> > > Nik
> > >
> > >
> >
> >
>
>
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have never
done the distribution of software via Group Policy. So I would definitely
appreciate all the help you are willing to give me. Thanks a million.
Nik
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> Nik,
>
> I hope that I did not ass/u/me that you have deployed applications via GPO
> before. If you have not and need / want some assistance with the set up I
> would gladly help you. Once you have done it a couple of times it is as
> easy as brushing your teeth. But, there are a several things that must be
> in order for it to work!
>
> Also, since you mention that there are only a few computers that need SP4
I
> can show you a way to know exactly which computers have which Service Pack
> installed. You would use something called ldifde ( that is LDIFDE ). It
is
> really a nice tool. In WIN2003 environments you would probably use the
> newer ds* tools, though.
>
> HTH,
>
> Cary
>
> "Nik" <nik(don't use)@webworksgy.com> wrote in message
> news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > I would like to think one of these will help. I have just a few users
who
> do
> > not have the Win2000 SP4 service pack on their computer so I wanted to
> > install it on just those users without having to go to their desk.
> >
> > I'll try this.
> > Thanks for both responses.
> >
> >
> > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news![:o]( ":o")
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...
> > > Nik,
> > >
> > > This is just like any other deployment of software via Group Policy.
> You
> > > would simply have to assign it to the computer configuration ( NOTE:
You
> > can
> > > not publish this.....it must be assigned ). Make sure that this GPO
is
> > > linked to the OU ( assuming that you would be doing this to the OU
> > level ).
> > > Make sure that the computer account objects that you want to receive
> this
> > > GPO reside directly in the OU to which you linked the GPO. Once you
> have
> > > configured the GPO you have to reboot the computers to be affected.
> > >
> > > Does this help you?
> > >
> > > Cary
> > >
> > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > Morning
> > > > Can someone guide me on how to install a service pack to a user
> > > workstation
> > > > through active directory.
> > > >
> > > > Thanks
> > > > Nik
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have never
done the distribution of software via Group Policy. So I would definitely
appreciate all the help you are willing to give me. Thanks a million.
Nik
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> Nik,
>
> I hope that I did not ass/u/me that you have deployed applications via GPO
> before. If you have not and need / want some assistance with the set up I
> would gladly help you. Once you have done it a couple of times it is as
> easy as brushing your teeth. But, there are a several things that must be
> in order for it to work!
>
> Also, since you mention that there are only a few computers that need SP4
I
> can show you a way to know exactly which computers have which Service Pack
> installed. You would use something called ldifde ( that is LDIFDE ). It
is
> really a nice tool. In WIN2003 environments you would probably use the
> newer ds* tools, though.
>
> HTH,
>
> Cary
>
> "Nik" <nik(don't use)@webworksgy.com> wrote in message
> news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > I would like to think one of these will help. I have just a few users
who
> do
> > not have the Win2000 SP4 service pack on their computer so I wanted to
> > install it on just those users without having to go to their desk.
> >
> > I'll try this.
> > Thanks for both responses.
> >
> >
> > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...> > > Nik,
> > >
> > > This is just like any other deployment of software via Group Policy.
> You
> > > would simply have to assign it to the computer configuration ( NOTE:
You
> > can
> > > not publish this.....it must be assigned ). Make sure that this GPO
is
> > > linked to the OU ( assuming that you would be doing this to the OU
> > level ).
> > > Make sure that the computer account objects that you want to receive
> this
> > > GPO reside directly in the OU to which you linked the GPO. Once you
> have
> > > configured the GPO you have to reboot the computers to be affected.
> > >
> > > Does this help you?
> > >
> > > Cary
> > >
> > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > Morning
> > > > Can someone guide me on how to install a service pack to a user
> > > workstation
> > > > through active directory.
> > > >
> > > > Thanks
> > > > Nik
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Nik,
No problem.
Okay - the big picture is that we need to put the Service Pack on a
networked Server, create the package and deploy it to the necessary
computers. That sounds easy enough, right?
Well, let's look at the details for doing this.
I do not know in what format you have the Service Pack - whether it is the
single file .exe or the CD-ROM. if you have the single file executable you
will need to extract it. That should be easy enough. WinZip will do it for
you. You could also use some switches from the command prompt to do this.
I would suggest that you create a shared folder first, though. For things
like this I like to hide the shares so that when people are browsing the
network these types of folders are not directly visible. So, share it as
W2KSP4$. The "$" makes it a hidden share. You will need to include the "$"
later when you are telling AD the path to update.msi.......I like to give
either Domain Admins or Administrators Full Control on both the Share and
NTFS permissions and - in this particular case - Domain Computers Read on
the Share permissions and then Read and Execute, List Folder Content and
Read on the NTFS permissions.
You would then copy the directory structure into this shared folder.
This is the end of Part 1.
Now, you need to create an Organizational Unit ( OU ) and move the computer
account objects that need to have SP4 installed into this OU. Please keep
in mind that it is a really bad idea to move a computer account object into
an OU to which a GPO that installs software is linked, let the software be
installed and then move the computer account object out of that OU ( like
back to the default COMPUTERS container ). So, one the computer account
objects are in an OU they should generally stay there. Generally.
This is the end of Part 2.
Now, we need to create the Group Policy Object and link it to the OU in
which the computer account objects directly reside. Sidenote: please do
not be fooled by the name. Groups really have very little to do with Group
Policy Objects. You can not place a group inside this OU that you have
created and create and link the GPO to this OU and think that because the
computers are members of this group that the GPO will apply. It will not.
This is a common mistake that a lot of people make. The computer account
objects must directly reside inside the OU.....Period!
So, right click the OU, select Properties and go to the Group Policy tab.
Simply click on the New... button. Sidenote: Why is there and Add...
button? Because you can use this button to link an existing GPO to this OU.
So, forget about SP4 for a moment. Say that you have created a GPO and
linked it to the OU in which the Marketing user account objects reside. Say
that the Finance people see what happens when the Marketing people log on
and want/need this to happen for them. Instead of having to recreate this
GP you simply use the existing one and link it to the OU in which the
Finance user account objects reside. You see, it is an object ( thus the
GPO - for Group Policy Object ) and can be linked to many different levels
if necessary. Now, back to SP4. You need to give this a 'friendly name'.
I would call it something original - like WIN2000 SP4 or whatever. Now, you
have actually created the Group Policy. Granted, it is pretty much blank.
But the Group Policy object has been created and linked. You have given it
the 'Friendly name', you have Group Policy Container, or GPC, in the Domain
partition for this policy and you have created the Group Policy Template, or
GPT, in the SYSVOL folder. This is all happening, by default, on the Domain
Controller in this domain that holds the FSMO role of PDC Emulator. So, how
do you change this ( remember, it is pretty much blank at the moment )?
Well, you click on the Edit... button. You would open up the Computer
Configuration and click on Software Installations and then right click on
Software Settings and select NEW. And sorry if the terms are a bit off. I
am going from memory. You now need to tell AD where the .msi file is. So,
you enter the following:
\\servername\W2KSP4$\update\update.msi. You then need to tell it to Assign
this package ( and ***NOT**** publish ).
You are pretty much finished.
Give it a moment and then go to the computers in question and reboot them.
SP4 should be installed upon booting up. It will take a bit of time.
What if things do not work? Make sure that the clients are pointing ONLY to
your internal DNS Servers ( and not to the DNS Servers of your ISP ). That
is the first thing. You can also use GPOTool and GPResults. I would even
navigate to the update.msi file and manually double click it to see if it
runs. Sometimes things do not extract so well. But I would do the other
things first.
HTH,
Cary
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:uZNc6igtEHA.1464@TK2MSFTNGP15.phx.gbl...
> Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have never
> done the distribution of software via Group Policy. So I would definitely
> appreciate all the help you are willing to give me. Thanks a million.
> Nik
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> > Nik,
> >
> > I hope that I did not ass/u/me that you have deployed applications via
GPO
> > before. If you have not and need / want some assistance with the set up
I
> > would gladly help you. Once you have done it a couple of times it is as
> > easy as brushing your teeth. But, there are a several things that must
be
> > in order for it to work!
> >
> > Also, since you mention that there are only a few computers that need
SP4
> I
> > can show you a way to know exactly which computers have which Service
Pack
> > installed. You would use something called ldifde ( that is LDIFDE ).
It
> is
> > really a nice tool. In WIN2003 environments you would probably use the
> > newer ds* tools, though.
> >
> > HTH,
> >
> > Cary
> >
> > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > > I would like to think one of these will help. I have just a few users
> who
> > do
> > > not have the Win2000 SP4 service pack on their computer so I wanted to
> > > install it on just those users without having to go to their desk.
> > >
> > > I'll try this.
> > > Thanks for both responses.
> > >
> > >
> > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > news![:o]( ":o")
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...
> > > > Nik,
> > > >
> > > > This is just like any other deployment of software via Group Policy.
> > You
> > > > would simply have to assign it to the computer configuration ( NOTE:
> You
> > > can
> > > > not publish this.....it must be assigned ). Make sure that this GPO
> is
> > > > linked to the OU ( assuming that you would be doing this to the OU
> > > level ).
> > > > Make sure that the computer account objects that you want to receive
> > this
> > > > GPO reside directly in the OU to which you linked the GPO. Once you
> > have
> > > > configured the GPO you have to reboot the computers to be affected.
> > > >
> > > > Does this help you?
> > > >
> > > > Cary
> > > >
> > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > > Morning
> > > > > Can someone guide me on how to install a service pack to a user
> > > > workstation
> > > > > through active directory.
> > > > >
> > > > > Thanks
> > > > > Nik
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Nik,
No problem.
Okay - the big picture is that we need to put the Service Pack on a
networked Server, create the package and deploy it to the necessary
computers. That sounds easy enough, right?
Well, let's look at the details for doing this.
I do not know in what format you have the Service Pack - whether it is the
single file .exe or the CD-ROM. if you have the single file executable you
will need to extract it. That should be easy enough. WinZip will do it for
you. You could also use some switches from the command prompt to do this.
I would suggest that you create a shared folder first, though. For things
like this I like to hide the shares so that when people are browsing the
network these types of folders are not directly visible. So, share it as
W2KSP4$. The "$" makes it a hidden share. You will need to include the "$"
later when you are telling AD the path to update.msi.......I like to give
either Domain Admins or Administrators Full Control on both the Share and
NTFS permissions and - in this particular case - Domain Computers Read on
the Share permissions and then Read and Execute, List Folder Content and
Read on the NTFS permissions.
You would then copy the directory structure into this shared folder.
This is the end of Part 1.
Now, you need to create an Organizational Unit ( OU ) and move the computer
account objects that need to have SP4 installed into this OU. Please keep
in mind that it is a really bad idea to move a computer account object into
an OU to which a GPO that installs software is linked, let the software be
installed and then move the computer account object out of that OU ( like
back to the default COMPUTERS container ). So, one the computer account
objects are in an OU they should generally stay there. Generally.
This is the end of Part 2.
Now, we need to create the Group Policy Object and link it to the OU in
which the computer account objects directly reside. Sidenote: please do
not be fooled by the name. Groups really have very little to do with Group
Policy Objects. You can not place a group inside this OU that you have
created and create and link the GPO to this OU and think that because the
computers are members of this group that the GPO will apply. It will not.
This is a common mistake that a lot of people make. The computer account
objects must directly reside inside the OU.....Period!
So, right click the OU, select Properties and go to the Group Policy tab.
Simply click on the New... button. Sidenote: Why is there and Add...
button? Because you can use this button to link an existing GPO to this OU.
So, forget about SP4 for a moment. Say that you have created a GPO and
linked it to the OU in which the Marketing user account objects reside. Say
that the Finance people see what happens when the Marketing people log on
and want/need this to happen for them. Instead of having to recreate this
GP you simply use the existing one and link it to the OU in which the
Finance user account objects reside. You see, it is an object ( thus the
GPO - for Group Policy Object ) and can be linked to many different levels
if necessary. Now, back to SP4. You need to give this a 'friendly name'.
I would call it something original - like WIN2000 SP4 or whatever. Now, you
have actually created the Group Policy. Granted, it is pretty much blank.
But the Group Policy object has been created and linked. You have given it
the 'Friendly name', you have Group Policy Container, or GPC, in the Domain
partition for this policy and you have created the Group Policy Template, or
GPT, in the SYSVOL folder. This is all happening, by default, on the Domain
Controller in this domain that holds the FSMO role of PDC Emulator. So, how
do you change this ( remember, it is pretty much blank at the moment )?
Well, you click on the Edit... button. You would open up the Computer
Configuration and click on Software Installations and then right click on
Software Settings and select NEW. And sorry if the terms are a bit off. I
am going from memory. You now need to tell AD where the .msi file is. So,
you enter the following:
\\servername\W2KSP4$\update\update.msi. You then need to tell it to Assign
this package ( and ***NOT**** publish ).
You are pretty much finished.
Give it a moment and then go to the computers in question and reboot them.
SP4 should be installed upon booting up. It will take a bit of time.
What if things do not work? Make sure that the clients are pointing ONLY to
your internal DNS Servers ( and not to the DNS Servers of your ISP ). That
is the first thing. You can also use GPOTool and GPResults. I would even
navigate to the update.msi file and manually double click it to see if it
runs. Sometimes things do not extract so well. But I would do the other
things first.
HTH,
Cary
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:uZNc6igtEHA.1464@TK2MSFTNGP15.phx.gbl...
> Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have never
> done the distribution of software via Group Policy. So I would definitely
> appreciate all the help you are willing to give me. Thanks a million.
> Nik
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> > Nik,
> >
> > I hope that I did not ass/u/me that you have deployed applications via
GPO
> > before. If you have not and need / want some assistance with the set up
I
> > would gladly help you. Once you have done it a couple of times it is as
> > easy as brushing your teeth. But, there are a several things that must
be
> > in order for it to work!
> >
> > Also, since you mention that there are only a few computers that need
SP4
> I
> > can show you a way to know exactly which computers have which Service
Pack
> > installed. You would use something called ldifde ( that is LDIFDE ).
It
> is
> > really a nice tool. In WIN2003 environments you would probably use the
> > newer ds* tools, though.
> >
> > HTH,
> >
> > Cary
> >
> > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > > I would like to think one of these will help. I have just a few users
> who
> > do
> > > not have the Win2000 SP4 service pack on their computer so I wanted to
> > > install it on just those users without having to go to their desk.
> > >
> > > I'll try this.
> > > Thanks for both responses.
> > >
> > >
> > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > news
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...> > > > Nik,
> > > >
> > > > This is just like any other deployment of software via Group Policy.
> > You
> > > > would simply have to assign it to the computer configuration ( NOTE:
> You
> > > can
> > > > not publish this.....it must be assigned ). Make sure that this GPO
> is
> > > > linked to the OU ( assuming that you would be doing this to the OU
> > > level ).
> > > > Make sure that the computer account objects that you want to receive
> > this
> > > > GPO reside directly in the OU to which you linked the GPO. Once you
> > have
> > > > configured the GPO you have to reboot the computers to be affected.
> > > >
> > > > Does this help you?
> > > >
> > > > Cary
> > > >
> > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > > Morning
> > > > > Can someone guide me on how to install a service pack to a user
> > > > workstation
> > > > > through active directory.
> > > > >
> > > > > Thanks
> > > > > Nik
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Thanks Cary, I will try this and see how it works out.
Nik
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news![:o]( ":o")
G$h6CrtEHA.2820@TK2MSFTNGP15.phx.gbl...
> Nik,
>
> No problem.
>
> Okay - the big picture is that we need to put the Service Pack on a
> networked Server, create the package and deploy it to the necessary
> computers. That sounds easy enough, right?
>
> Well, let's look at the details for doing this.
>
> I do not know in what format you have the Service Pack - whether it is the
> single file .exe or the CD-ROM. if you have the single file executable
you
> will need to extract it. That should be easy enough. WinZip will do it
for
> you. You could also use some switches from the command prompt to do this.
> I would suggest that you create a shared folder first, though. For things
> like this I like to hide the shares so that when people are browsing the
> network these types of folders are not directly visible. So, share it as
> W2KSP4$. The "$" makes it a hidden share. You will need to include the
"$"
> later when you are telling AD the path to update.msi.......I like to give
> either Domain Admins or Administrators Full Control on both the Share and
> NTFS permissions and - in this particular case - Domain Computers Read on
> the Share permissions and then Read and Execute, List Folder Content and
> Read on the NTFS permissions.
>
> You would then copy the directory structure into this shared folder.
>
> This is the end of Part 1.
>
> Now, you need to create an Organizational Unit ( OU ) and move the
computer
> account objects that need to have SP4 installed into this OU. Please keep
> in mind that it is a really bad idea to move a computer account object
into
> an OU to which a GPO that installs software is linked, let the software be
> installed and then move the computer account object out of that OU ( like
> back to the default COMPUTERS container ). So, one the computer account
> objects are in an OU they should generally stay there. Generally.
>
> This is the end of Part 2.
>
> Now, we need to create the Group Policy Object and link it to the OU in
> which the computer account objects directly reside. Sidenote: please do
> not be fooled by the name. Groups really have very little to do with
Group
> Policy Objects. You can not place a group inside this OU that you have
> created and create and link the GPO to this OU and think that because the
> computers are members of this group that the GPO will apply. It will not.
> This is a common mistake that a lot of people make. The computer account
> objects must directly reside inside the OU.....Period!
>
> So, right click the OU, select Properties and go to the Group Policy tab.
> Simply click on the New... button. Sidenote: Why is there and Add...
> button? Because you can use this button to link an existing GPO to this
OU.
> So, forget about SP4 for a moment. Say that you have created a GPO and
> linked it to the OU in which the Marketing user account objects reside.
Say
> that the Finance people see what happens when the Marketing people log on
> and want/need this to happen for them. Instead of having to recreate this
> GP you simply use the existing one and link it to the OU in which the
> Finance user account objects reside. You see, it is an object ( thus the
> GPO - for Group Policy Object ) and can be linked to many different levels
> if necessary. Now, back to SP4. You need to give this a 'friendly name'.
> I would call it something original - like WIN2000 SP4 or whatever. Now,
you
> have actually created the Group Policy. Granted, it is pretty much blank.
> But the Group Policy object has been created and linked. You have given
it
> the 'Friendly name', you have Group Policy Container, or GPC, in the
Domain
> partition for this policy and you have created the Group Policy Template,
or
> GPT, in the SYSVOL folder. This is all happening, by default, on the
Domain
> Controller in this domain that holds the FSMO role of PDC Emulator. So,
how
> do you change this ( remember, it is pretty much blank at the moment )?
> Well, you click on the Edit... button. You would open up the Computer
> Configuration and click on Software Installations and then right click on
> Software Settings and select NEW. And sorry if the terms are a bit off.
I
> am going from memory. You now need to tell AD where the .msi file is.
So,
> you enter the following:
> \\servername\W2KSP4$\update\update.msi. You then need to tell it to
Assign
> this package ( and ***NOT**** publish ).
>
> You are pretty much finished.
>
> Give it a moment and then go to the computers in question and reboot them.
> SP4 should be installed upon booting up. It will take a bit of time.
>
> What if things do not work? Make sure that the clients are pointing ONLY
to
> your internal DNS Servers ( and not to the DNS Servers of your ISP ).
That
> is the first thing. You can also use GPOTool and GPResults. I would even
> navigate to the update.msi file and manually double click it to see if it
> runs. Sometimes things do not extract so well. But I would do the other
> things first.
>
> HTH,
>
> Cary
>
>
>
> "Nik" <nik(don't use)@webworksgy.com> wrote in message
> news:uZNc6igtEHA.1464@TK2MSFTNGP15.phx.gbl...
> > Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have never
> > done the distribution of software via Group Policy. So I would
definitely
> > appreciate all the help you are willing to give me. Thanks a million.
> > Nik
> >
> > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> > > Nik,
> > >
> > > I hope that I did not ass/u/me that you have deployed applications via
> GPO
> > > before. If you have not and need / want some assistance with the set
up
> I
> > > would gladly help you. Once you have done it a couple of times it is
as
> > > easy as brushing your teeth. But, there are a several things that
must
> be
> > > in order for it to work!
> > >
> > > Also, since you mention that there are only a few computers that need
> SP4
> > I
> > > can show you a way to know exactly which computers have which Service
> Pack
> > > installed. You would use something called ldifde ( that is LDIFDE ).
> It
> > is
> > > really a nice tool. In WIN2003 environments you would probably use
the
> > > newer ds* tools, though.
> > >
> > > HTH,
> > >
> > > Cary
> > >
> > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > > > I would like to think one of these will help. I have just a few
users
> > who
> > > do
> > > > not have the Win2000 SP4 service pack on their computer so I wanted
to
> > > > install it on just those users without having to go to their desk.
> > > >
> > > > I'll try this.
> > > > Thanks for both responses.
> > > >
> > > >
> > > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > > news![:o]( ":o")
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...
> > > > > Nik,
> > > > >
> > > > > This is just like any other deployment of software via Group
Policy.
> > > You
> > > > > would simply have to assign it to the computer configuration (
NOTE:
> > You
> > > > can
> > > > > not publish this.....it must be assigned ). Make sure that this
GPO
> > is
> > > > > linked to the OU ( assuming that you would be doing this to the OU
> > > > level ).
> > > > > Make sure that the computer account objects that you want to
receive
> > > this
> > > > > GPO reside directly in the OU to which you linked the GPO. Once
you
> > > have
> > > > > configured the GPO you have to reboot the computers to be
affected.
> > > > >
> > > > > Does this help you?
> > > > >
> > > > > Cary
> > > > >
> > > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > > > Morning
> > > > > > Can someone guide me on how to install a service pack to a user
> > > > > workstation
> > > > > > through active directory.
> > > > > >
> > > > > > Thanks
> > > > > > Nik
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Thanks Cary, I will try this and see how it works out.
Nik
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news
G$h6CrtEHA.2820@TK2MSFTNGP15.phx.gbl...> Nik,
>
> No problem.
>
> Okay - the big picture is that we need to put the Service Pack on a
> networked Server, create the package and deploy it to the necessary
> computers. That sounds easy enough, right?
>
> Well, let's look at the details for doing this.
>
> I do not know in what format you have the Service Pack - whether it is the
> single file .exe or the CD-ROM. if you have the single file executable
you
> will need to extract it. That should be easy enough. WinZip will do it
for
> you. You could also use some switches from the command prompt to do this.
> I would suggest that you create a shared folder first, though. For things
> like this I like to hide the shares so that when people are browsing the
> network these types of folders are not directly visible. So, share it as
> W2KSP4$. The "$" makes it a hidden share. You will need to include the
"$"
> later when you are telling AD the path to update.msi.......I like to give
> either Domain Admins or Administrators Full Control on both the Share and
> NTFS permissions and - in this particular case - Domain Computers Read on
> the Share permissions and then Read and Execute, List Folder Content and
> Read on the NTFS permissions.
>
> You would then copy the directory structure into this shared folder.
>
> This is the end of Part 1.
>
> Now, you need to create an Organizational Unit ( OU ) and move the
computer
> account objects that need to have SP4 installed into this OU. Please keep
> in mind that it is a really bad idea to move a computer account object
into
> an OU to which a GPO that installs software is linked, let the software be
> installed and then move the computer account object out of that OU ( like
> back to the default COMPUTERS container ). So, one the computer account
> objects are in an OU they should generally stay there. Generally.
>
> This is the end of Part 2.
>
> Now, we need to create the Group Policy Object and link it to the OU in
> which the computer account objects directly reside. Sidenote: please do
> not be fooled by the name. Groups really have very little to do with
Group
> Policy Objects. You can not place a group inside this OU that you have
> created and create and link the GPO to this OU and think that because the
> computers are members of this group that the GPO will apply. It will not.
> This is a common mistake that a lot of people make. The computer account
> objects must directly reside inside the OU.....Period!
>
> So, right click the OU, select Properties and go to the Group Policy tab.
> Simply click on the New... button. Sidenote: Why is there and Add...
> button? Because you can use this button to link an existing GPO to this
OU.
> So, forget about SP4 for a moment. Say that you have created a GPO and
> linked it to the OU in which the Marketing user account objects reside.
Say
> that the Finance people see what happens when the Marketing people log on
> and want/need this to happen for them. Instead of having to recreate this
> GP you simply use the existing one and link it to the OU in which the
> Finance user account objects reside. You see, it is an object ( thus the
> GPO - for Group Policy Object ) and can be linked to many different levels
> if necessary. Now, back to SP4. You need to give this a 'friendly name'.
> I would call it something original - like WIN2000 SP4 or whatever. Now,
you
> have actually created the Group Policy. Granted, it is pretty much blank.
> But the Group Policy object has been created and linked. You have given
it
> the 'Friendly name', you have Group Policy Container, or GPC, in the
Domain
> partition for this policy and you have created the Group Policy Template,
or
> GPT, in the SYSVOL folder. This is all happening, by default, on the
Domain
> Controller in this domain that holds the FSMO role of PDC Emulator. So,
how
> do you change this ( remember, it is pretty much blank at the moment )?
> Well, you click on the Edit... button. You would open up the Computer
> Configuration and click on Software Installations and then right click on
> Software Settings and select NEW. And sorry if the terms are a bit off.
I
> am going from memory. You now need to tell AD where the .msi file is.
So,
> you enter the following:
> \\servername\W2KSP4$\update\update.msi. You then need to tell it to
Assign
> this package ( and ***NOT**** publish ).
>
> You are pretty much finished.
>
> Give it a moment and then go to the computers in question and reboot them.
> SP4 should be installed upon booting up. It will take a bit of time.
>
> What if things do not work? Make sure that the clients are pointing ONLY
to
> your internal DNS Servers ( and not to the DNS Servers of your ISP ).
That
> is the first thing. You can also use GPOTool and GPResults. I would even
> navigate to the update.msi file and manually double click it to see if it
> runs. Sometimes things do not extract so well. But I would do the other
> things first.
>
> HTH,
>
> Cary
>
>
>
> "Nik" <nik(don't use)@webworksgy.com> wrote in message
> news:uZNc6igtEHA.1464@TK2MSFTNGP15.phx.gbl...
> > Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have never
> > done the distribution of software via Group Policy. So I would
definitely
> > appreciate all the help you are willing to give me. Thanks a million.
> > Nik
> >
> > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> > > Nik,
> > >
> > > I hope that I did not ass/u/me that you have deployed applications via
> GPO
> > > before. If you have not and need / want some assistance with the set
up
> I
> > > would gladly help you. Once you have done it a couple of times it is
as
> > > easy as brushing your teeth. But, there are a several things that
must
> be
> > > in order for it to work!
> > >
> > > Also, since you mention that there are only a few computers that need
> SP4
> > I
> > > can show you a way to know exactly which computers have which Service
> Pack
> > > installed. You would use something called ldifde ( that is LDIFDE ).
> It
> > is
> > > really a nice tool. In WIN2003 environments you would probably use
the
> > > newer ds* tools, though.
> > >
> > > HTH,
> > >
> > > Cary
> > >
> > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > > > I would like to think one of these will help. I have just a few
users
> > who
> > > do
> > > > not have the Win2000 SP4 service pack on their computer so I wanted
to
> > > > install it on just those users without having to go to their desk.
> > > >
> > > > I'll try this.
> > > > Thanks for both responses.
> > > >
> > > >
> > > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > > news
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...> > > > > Nik,
> > > > >
> > > > > This is just like any other deployment of software via Group
Policy.
> > > You
> > > > > would simply have to assign it to the computer configuration (
NOTE:
> > You
> > > > can
> > > > > not publish this.....it must be assigned ). Make sure that this
GPO
> > is
> > > > > linked to the OU ( assuming that you would be doing this to the OU
> > > > level ).
> > > > > Make sure that the computer account objects that you want to
receive
> > > this
> > > > > GPO reside directly in the OU to which you linked the GPO. Once
you
> > > have
> > > > > configured the GPO you have to reboot the computers to be
affected.
> > > > >
> > > > > Does this help you?
> > > > >
> > > > > Cary
> > > > >
> > > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > > > Morning
> > > > > > Can someone guide me on how to install a service pack to a user
> > > > > workstation
> > > > > > through active directory.
> > > > > >
> > > > > > Thanks
> > > > > > Nik
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Cary,
I have a GPO at my site level so I put the package in that GPO hope that is
OK. Also you had mentioned that you would show me a way to determine which
computers need the service pack before it installs it or does this take care
of it.
Nik
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:uSRMxSEuEHA.220@TK2MSFTNGP15.phx.gbl...
> Thanks Cary, I will try this and see how it works out.
> Nik
>
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news![:o]( ":o")
G$h6CrtEHA.2820@TK2MSFTNGP15.phx.gbl...
> > Nik,
> >
> > No problem.
> >
> > Okay - the big picture is that we need to put the Service Pack on a
> > networked Server, create the package and deploy it to the necessary
> > computers. That sounds easy enough, right?
> >
> > Well, let's look at the details for doing this.
> >
> > I do not know in what format you have the Service Pack - whether it is
the
> > single file .exe or the CD-ROM. if you have the single file executable
> you
> > will need to extract it. That should be easy enough. WinZip will do it
> for
> > you. You could also use some switches from the command prompt to do
this.
> > I would suggest that you create a shared folder first, though. For
things
> > like this I like to hide the shares so that when people are browsing the
> > network these types of folders are not directly visible. So, share it
as
> > W2KSP4$. The "$" makes it a hidden share. You will need to include the
> "$"
> > later when you are telling AD the path to update.msi.......I like to
give
> > either Domain Admins or Administrators Full Control on both the Share
and
> > NTFS permissions and - in this particular case - Domain Computers Read
on
> > the Share permissions and then Read and Execute, List Folder Content and
> > Read on the NTFS permissions.
> >
> > You would then copy the directory structure into this shared folder.
> >
> > This is the end of Part 1.
> >
> > Now, you need to create an Organizational Unit ( OU ) and move the
> computer
> > account objects that need to have SP4 installed into this OU. Please
keep
> > in mind that it is a really bad idea to move a computer account object
> into
> > an OU to which a GPO that installs software is linked, let the software
be
> > installed and then move the computer account object out of that OU (
like
> > back to the default COMPUTERS container ). So, one the computer account
> > objects are in an OU they should generally stay there. Generally.
> >
> > This is the end of Part 2.
> >
> > Now, we need to create the Group Policy Object and link it to the OU in
> > which the computer account objects directly reside. Sidenote: please
do
> > not be fooled by the name. Groups really have very little to do with
> Group
> > Policy Objects. You can not place a group inside this OU that you have
> > created and create and link the GPO to this OU and think that because
the
> > computers are members of this group that the GPO will apply. It will
not.
> > This is a common mistake that a lot of people make. The computer
account
> > objects must directly reside inside the OU.....Period!
> >
> > So, right click the OU, select Properties and go to the Group Policy
tab.
> > Simply click on the New... button. Sidenote: Why is there and Add...
> > button? Because you can use this button to link an existing GPO to this
> OU.
> > So, forget about SP4 for a moment. Say that you have created a GPO and
> > linked it to the OU in which the Marketing user account objects reside.
> Say
> > that the Finance people see what happens when the Marketing people log
on
> > and want/need this to happen for them. Instead of having to recreate
this
> > GP you simply use the existing one and link it to the OU in which the
> > Finance user account objects reside. You see, it is an object ( thus
the
> > GPO - for Group Policy Object ) and can be linked to many different
levels
> > if necessary. Now, back to SP4. You need to give this a 'friendly
name'.
> > I would call it something original - like WIN2000 SP4 or whatever. Now,
> you
> > have actually created the Group Policy. Granted, it is pretty much
blank.
> > But the Group Policy object has been created and linked. You have given
> it
> > the 'Friendly name', you have Group Policy Container, or GPC, in the
> Domain
> > partition for this policy and you have created the Group Policy
Template,
> or
> > GPT, in the SYSVOL folder. This is all happening, by default, on the
> Domain
> > Controller in this domain that holds the FSMO role of PDC Emulator. So,
> how
> > do you change this ( remember, it is pretty much blank at the moment )?
> > Well, you click on the Edit... button. You would open up the Computer
> > Configuration and click on Software Installations and then right click
on
> > Software Settings and select NEW. And sorry if the terms are a bit off.
> I
> > am going from memory. You now need to tell AD where the .msi file is.
> So,
> > you enter the following:
> > \\servername\W2KSP4$\update\update.msi. You then need to tell it to
> Assign
> > this package ( and ***NOT**** publish ).
> >
> > You are pretty much finished.
> >
> > Give it a moment and then go to the computers in question and reboot
them.
> > SP4 should be installed upon booting up. It will take a bit of time.
> >
> > What if things do not work? Make sure that the clients are pointing
ONLY
> to
> > your internal DNS Servers ( and not to the DNS Servers of your ISP ).
> That
> > is the first thing. You can also use GPOTool and GPResults. I would
even
> > navigate to the update.msi file and manually double click it to see if
it
> > runs. Sometimes things do not extract so well. But I would do the
other
> > things first.
> >
> > HTH,
> >
> > Cary
> >
> >
> >
> > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > news:uZNc6igtEHA.1464@TK2MSFTNGP15.phx.gbl...
> > > Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have
never
> > > done the distribution of software via Group Policy. So I would
> definitely
> > > appreciate all the help you are willing to give me. Thanks a million.
> > > Nik
> > >
> > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> > > > Nik,
> > > >
> > > > I hope that I did not ass/u/me that you have deployed applications
via
> > GPO
> > > > before. If you have not and need / want some assistance with the
set
> up
> > I
> > > > would gladly help you. Once you have done it a couple of times it
is
> as
> > > > easy as brushing your teeth. But, there are a several things that
> must
> > be
> > > > in order for it to work!
> > > >
> > > > Also, since you mention that there are only a few computers that
need
> > SP4
> > > I
> > > > can show you a way to know exactly which computers have which
Service
> > Pack
> > > > installed. You would use something called ldifde ( that is
LDIFDE ).
> > It
> > > is
> > > > really a nice tool. In WIN2003 environments you would probably use
> the
> > > > newer ds* tools, though.
> > > >
> > > > HTH,
> > > >
> > > > Cary
> > > >
> > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > > > > I would like to think one of these will help. I have just a few
> users
> > > who
> > > > do
> > > > > not have the Win2000 SP4 service pack on their computer so I
wanted
> to
> > > > > install it on just those users without having to go to their desk.
> > > > >
> > > > > I'll try this.
> > > > > Thanks for both responses.
> > > > >
> > > > >
> > > > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > > > news![:o]( ":o")
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...
> > > > > > Nik,
> > > > > >
> > > > > > This is just like any other deployment of software via Group
> Policy.
> > > > You
> > > > > > would simply have to assign it to the computer configuration (
> NOTE:
> > > You
> > > > > can
> > > > > > not publish this.....it must be assigned ). Make sure that this
> GPO
> > > is
> > > > > > linked to the OU ( assuming that you would be doing this to the
OU
> > > > > level ).
> > > > > > Make sure that the computer account objects that you want to
> receive
> > > > this
> > > > > > GPO reside directly in the OU to which you linked the GPO. Once
> you
> > > > have
> > > > > > configured the GPO you have to reboot the computers to be
> affected.
> > > > > >
> > > > > > Does this help you?
> > > > > >
> > > > > > Cary
> > > > > >
> > > > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > > > > Morning
> > > > > > > Can someone guide me on how to install a service pack to a
user
> > > > > > workstation
> > > > > > > through active directory.
> > > > > > >
> > > > > > > Thanks
> > > > > > > Nik
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Cary,
I have a GPO at my site level so I put the package in that GPO hope that is
OK. Also you had mentioned that you would show me a way to determine which
computers need the service pack before it installs it or does this take care
of it.
Nik
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:uSRMxSEuEHA.220@TK2MSFTNGP15.phx.gbl...
> Thanks Cary, I will try this and see how it works out.
> Nik
>
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news
G$h6CrtEHA.2820@TK2MSFTNGP15.phx.gbl...> > Nik,
> >
> > No problem.
> >
> > Okay - the big picture is that we need to put the Service Pack on a
> > networked Server, create the package and deploy it to the necessary
> > computers. That sounds easy enough, right?
> >
> > Well, let's look at the details for doing this.
> >
> > I do not know in what format you have the Service Pack - whether it is
the
> > single file .exe or the CD-ROM. if you have the single file executable
> you
> > will need to extract it. That should be easy enough. WinZip will do it
> for
> > you. You could also use some switches from the command prompt to do
this.
> > I would suggest that you create a shared folder first, though. For
things
> > like this I like to hide the shares so that when people are browsing the
> > network these types of folders are not directly visible. So, share it
as
> > W2KSP4$. The "$" makes it a hidden share. You will need to include the
> "$"
> > later when you are telling AD the path to update.msi.......I like to
give
> > either Domain Admins or Administrators Full Control on both the Share
and
> > NTFS permissions and - in this particular case - Domain Computers Read
on
> > the Share permissions and then Read and Execute, List Folder Content and
> > Read on the NTFS permissions.
> >
> > You would then copy the directory structure into this shared folder.
> >
> > This is the end of Part 1.
> >
> > Now, you need to create an Organizational Unit ( OU ) and move the
> computer
> > account objects that need to have SP4 installed into this OU. Please
keep
> > in mind that it is a really bad idea to move a computer account object
> into
> > an OU to which a GPO that installs software is linked, let the software
be
> > installed and then move the computer account object out of that OU (
like
> > back to the default COMPUTERS container ). So, one the computer account
> > objects are in an OU they should generally stay there. Generally.
> >
> > This is the end of Part 2.
> >
> > Now, we need to create the Group Policy Object and link it to the OU in
> > which the computer account objects directly reside. Sidenote: please
do
> > not be fooled by the name. Groups really have very little to do with
> Group
> > Policy Objects. You can not place a group inside this OU that you have
> > created and create and link the GPO to this OU and think that because
the
> > computers are members of this group that the GPO will apply. It will
not.
> > This is a common mistake that a lot of people make. The computer
account
> > objects must directly reside inside the OU.....Period!
> >
> > So, right click the OU, select Properties and go to the Group Policy
tab.
> > Simply click on the New... button. Sidenote: Why is there and Add...
> > button? Because you can use this button to link an existing GPO to this
> OU.
> > So, forget about SP4 for a moment. Say that you have created a GPO and
> > linked it to the OU in which the Marketing user account objects reside.
> Say
> > that the Finance people see what happens when the Marketing people log
on
> > and want/need this to happen for them. Instead of having to recreate
this
> > GP you simply use the existing one and link it to the OU in which the
> > Finance user account objects reside. You see, it is an object ( thus
the
> > GPO - for Group Policy Object ) and can be linked to many different
levels
> > if necessary. Now, back to SP4. You need to give this a 'friendly
name'.
> > I would call it something original - like WIN2000 SP4 or whatever. Now,
> you
> > have actually created the Group Policy. Granted, it is pretty much
blank.
> > But the Group Policy object has been created and linked. You have given
> it
> > the 'Friendly name', you have Group Policy Container, or GPC, in the
> Domain
> > partition for this policy and you have created the Group Policy
Template,
> or
> > GPT, in the SYSVOL folder. This is all happening, by default, on the
> Domain
> > Controller in this domain that holds the FSMO role of PDC Emulator. So,
> how
> > do you change this ( remember, it is pretty much blank at the moment )?
> > Well, you click on the Edit... button. You would open up the Computer
> > Configuration and click on Software Installations and then right click
on
> > Software Settings and select NEW. And sorry if the terms are a bit off.
> I
> > am going from memory. You now need to tell AD where the .msi file is.
> So,
> > you enter the following:
> > \\servername\W2KSP4$\update\update.msi. You then need to tell it to
> Assign
> > this package ( and ***NOT**** publish ).
> >
> > You are pretty much finished.
> >
> > Give it a moment and then go to the computers in question and reboot
them.
> > SP4 should be installed upon booting up. It will take a bit of time.
> >
> > What if things do not work? Make sure that the clients are pointing
ONLY
> to
> > your internal DNS Servers ( and not to the DNS Servers of your ISP ).
> That
> > is the first thing. You can also use GPOTool and GPResults. I would
even
> > navigate to the update.msi file and manually double click it to see if
it
> > runs. Sometimes things do not extract so well. But I would do the
other
> > things first.
> >
> > HTH,
> >
> > Cary
> >
> >
> >
> > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > news:uZNc6igtEHA.1464@TK2MSFTNGP15.phx.gbl...
> > > Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have
never
> > > done the distribution of software via Group Policy. So I would
> definitely
> > > appreciate all the help you are willing to give me. Thanks a million.
> > > Nik
> > >
> > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> > > > Nik,
> > > >
> > > > I hope that I did not ass/u/me that you have deployed applications
via
> > GPO
> > > > before. If you have not and need / want some assistance with the
set
> up
> > I
> > > > would gladly help you. Once you have done it a couple of times it
is
> as
> > > > easy as brushing your teeth. But, there are a several things that
> must
> > be
> > > > in order for it to work!
> > > >
> > > > Also, since you mention that there are only a few computers that
need
> > SP4
> > > I
> > > > can show you a way to know exactly which computers have which
Service
> > Pack
> > > > installed. You would use something called ldifde ( that is
LDIFDE ).
> > It
> > > is
> > > > really a nice tool. In WIN2003 environments you would probably use
> the
> > > > newer ds* tools, though.
> > > >
> > > > HTH,
> > > >
> > > > Cary
> > > >
> > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > > > > I would like to think one of these will help. I have just a few
> users
> > > who
> > > > do
> > > > > not have the Win2000 SP4 service pack on their computer so I
wanted
> to
> > > > > install it on just those users without having to go to their desk.
> > > > >
> > > > > I'll try this.
> > > > > Thanks for both responses.
> > > > >
> > > > >
> > > > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > > > news
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...> > > > > > Nik,
> > > > > >
> > > > > > This is just like any other deployment of software via Group
> Policy.
> > > > You
> > > > > > would simply have to assign it to the computer configuration (
> NOTE:
> > > You
> > > > > can
> > > > > > not publish this.....it must be assigned ). Make sure that this
> GPO
> > > is
> > > > > > linked to the OU ( assuming that you would be doing this to the
OU
> > > > > level ).
> > > > > > Make sure that the computer account objects that you want to
> receive
> > > > this
> > > > > > GPO reside directly in the OU to which you linked the GPO. Once
> you
> > > > have
> > > > > > configured the GPO you have to reboot the computers to be
> affected.
> > > > > >
> > > > > > Does this help you?
> > > > > >
> > > > > > Cary
> > > > > >
> > > > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > > > > Morning
> > > > > > > Can someone guide me on how to install a service pack to a
user
> > > > > > workstation
> > > > > > > through active directory.
> > > > > > >
> > > > > > > Thanks
> > > > > > > Nik
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Nik,
A couple of things: Site-level GPOs are valid but a bit more difficult to
troubleshoot and maintain. *Usually* you want to stay away from a Site GPO
for deploying software. Now, do not get me wrong, you can do that. I would
not. But it is possible.
What I would do is a bit more advanced and a bit more involved. If you have
implemented this GPO already then there is no need for me to go into the
details. However, I will give the 'Big Picture' information.
You create the GPO and link it to the Domain-level or OU-level. You put the
'application to be deployed' on one of the local Servers ( so, if you have
three Sites and in Site01 you have DC01 and DC02 and in Site02 you have DC03
and DC04 and in Site03 you have DC05 and DC06 and we are interested in
Site03 then you put the application on one of the two DCs in Site03 or - and
this is even better - on a File Server, if available ) and you create a
security group that contains the user account objects ( or, in your case,
the computer account objects ) and simply remove the 'Authenticated Users'
group from the security tab of that GPO and replace it with the security
group that contains the objects in need of this application and make sure to
give that security group both the READ and APPLY GROUP POLICY rights.
This is a bit more involved but it gives you better control over things.
Now, the way to figure out which computer account objects have which Service
Pack you can use a built-in tool called ldifde ( and there are others but
let's go with this one....it is free and requires no scripting skills ).
Here is what you would enter:
c:\>ldifde -f servicepack3.ldf -s servername.domain.com -t 389 -d
"DC=domain,DC=com" -r
"(&(objectClass=computer)(operatingSystemServicePack=Service Pack 3))" -l
"DN,sAMAccountName,operatingSystem,operatingSystemVersion,operatingSystemSer
vicePack"
This would determine all of the computers with Service Pack 3 installed.
You could also do the same for Service Pack 2 and Service Pack 1 if needed.
You would simply call the .ldf file for the Service Pack 2 query
servicepack2.ldf and the .ldf file for the Service Pack 1 query
servicepack1.ldf.
HTH,
Cary
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:%23hhRE3EuEHA.3460@TK2MSFTNGP10.phx.gbl...
> Cary,
> I have a GPO at my site level so I put the package in that GPO hope that
is
> OK. Also you had mentioned that you would show me a way to determine which
> computers need the service pack before it installs it or does this take
care
> of it.
> Nik
>
>
> "Nik" <nik(don't use)@webworksgy.com> wrote in message
> news:uSRMxSEuEHA.220@TK2MSFTNGP15.phx.gbl...
> > Thanks Cary, I will try this and see how it works out.
> > Nik
> >
> >
> > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news![:o]( ":o")
G$h6CrtEHA.2820@TK2MSFTNGP15.phx.gbl...
> > > Nik,
> > >
> > > No problem.
> > >
> > > Okay - the big picture is that we need to put the Service Pack on a
> > > networked Server, create the package and deploy it to the necessary
> > > computers. That sounds easy enough, right?
> > >
> > > Well, let's look at the details for doing this.
> > >
> > > I do not know in what format you have the Service Pack - whether it is
> the
> > > single file .exe or the CD-ROM. if you have the single file
executable
> > you
> > > will need to extract it. That should be easy enough. WinZip will do
it
> > for
> > > you. You could also use some switches from the command prompt to do
> this.
> > > I would suggest that you create a shared folder first, though. For
> things
> > > like this I like to hide the shares so that when people are browsing
the
> > > network these types of folders are not directly visible. So, share it
> as
> > > W2KSP4$. The "$" makes it a hidden share. You will need to include
the
> > "$"
> > > later when you are telling AD the path to update.msi.......I like to
> give
> > > either Domain Admins or Administrators Full Control on both the Share
> and
> > > NTFS permissions and - in this particular case - Domain Computers Read
> on
> > > the Share permissions and then Read and Execute, List Folder Content
and
> > > Read on the NTFS permissions.
> > >
> > > You would then copy the directory structure into this shared folder.
> > >
> > > This is the end of Part 1.
> > >
> > > Now, you need to create an Organizational Unit ( OU ) and move the
> > computer
> > > account objects that need to have SP4 installed into this OU. Please
> keep
> > > in mind that it is a really bad idea to move a computer account object
> > into
> > > an OU to which a GPO that installs software is linked, let the
software
> be
> > > installed and then move the computer account object out of that OU (
> like
> > > back to the default COMPUTERS container ). So, one the computer
account
> > > objects are in an OU they should generally stay there. Generally.
> > >
> > > This is the end of Part 2.
> > >
> > > Now, we need to create the Group Policy Object and link it to the OU
in
> > > which the computer account objects directly reside. Sidenote: please
> do
> > > not be fooled by the name. Groups really have very little to do with
> > Group
> > > Policy Objects. You can not place a group inside this OU that you
have
> > > created and create and link the GPO to this OU and think that because
> the
> > > computers are members of this group that the GPO will apply. It will
> not.
> > > This is a common mistake that a lot of people make. The computer
> account
> > > objects must directly reside inside the OU.....Period!
> > >
> > > So, right click the OU, select Properties and go to the Group Policy
> tab.
> > > Simply click on the New... button. Sidenote: Why is there and Add...
> > > button? Because you can use this button to link an existing GPO to
this
> > OU.
> > > So, forget about SP4 for a moment. Say that you have created a GPO
and
> > > linked it to the OU in which the Marketing user account objects
reside.
> > Say
> > > that the Finance people see what happens when the Marketing people log
> on
> > > and want/need this to happen for them. Instead of having to recreate
> this
> > > GP you simply use the existing one and link it to the OU in which the
> > > Finance user account objects reside. You see, it is an object ( thus
> the
> > > GPO - for Group Policy Object ) and can be linked to many different
> levels
> > > if necessary. Now, back to SP4. You need to give this a 'friendly
> name'.
> > > I would call it something original - like WIN2000 SP4 or whatever.
Now,
> > you
> > > have actually created the Group Policy. Granted, it is pretty much
> blank.
> > > But the Group Policy object has been created and linked. You have
given
> > it
> > > the 'Friendly name', you have Group Policy Container, or GPC, in the
> > Domain
> > > partition for this policy and you have created the Group Policy
> Template,
> > or
> > > GPT, in the SYSVOL folder. This is all happening, by default, on the
> > Domain
> > > Controller in this domain that holds the FSMO role of PDC Emulator.
So,
> > how
> > > do you change this ( remember, it is pretty much blank at the
moment )?
> > > Well, you click on the Edit... button. You would open up the Computer
> > > Configuration and click on Software Installations and then right click
> on
> > > Software Settings and select NEW. And sorry if the terms are a bit
off.
> > I
> > > am going from memory. You now need to tell AD where the .msi file is.
> > So,
> > > you enter the following:
> > > \\servername\W2KSP4$\update\update.msi. You then need to tell it to
> > Assign
> > > this package ( and ***NOT**** publish ).
> > >
> > > You are pretty much finished.
> > >
> > > Give it a moment and then go to the computers in question and reboot
> them.
> > > SP4 should be installed upon booting up. It will take a bit of time.
> > >
> > > What if things do not work? Make sure that the clients are pointing
> ONLY
> > to
> > > your internal DNS Servers ( and not to the DNS Servers of your ISP ).
> > That
> > > is the first thing. You can also use GPOTool and GPResults. I would
> even
> > > navigate to the update.msi file and manually double click it to see if
> it
> > > runs. Sometimes things do not extract so well. But I would do the
> other
> > > things first.
> > >
> > > HTH,
> > >
> > > Cary
> > >
> > >
> > >
> > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > news:uZNc6igtEHA.1464@TK2MSFTNGP15.phx.gbl...
> > > > Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have
> never
> > > > done the distribution of software via Group Policy. So I would
> > definitely
> > > > appreciate all the help you are willing to give me. Thanks a
million.
> > > > Nik
> > > >
> > > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > > news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> > > > > Nik,
> > > > >
> > > > > I hope that I did not ass/u/me that you have deployed applications
> via
> > > GPO
> > > > > before. If you have not and need / want some assistance with the
> set
> > up
> > > I
> > > > > would gladly help you. Once you have done it a couple of times it
> is
> > as
> > > > > easy as brushing your teeth. But, there are a several things that
> > must
> > > be
> > > > > in order for it to work!
> > > > >
> > > > > Also, since you mention that there are only a few computers that
> need
> > > SP4
> > > > I
> > > > > can show you a way to know exactly which computers have which
> Service
> > > Pack
> > > > > installed. You would use something called ldifde ( that is
> LDIFDE ).
> > > It
> > > > is
> > > > > really a nice tool. In WIN2003 environments you would probably
use
> > the
> > > > > newer ds* tools, though.
> > > > >
> > > > > HTH,
> > > > >
> > > > > Cary
> > > > >
> > > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > > news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > > > > > I would like to think one of these will help. I have just a few
> > users
> > > > who
> > > > > do
> > > > > > not have the Win2000 SP4 service pack on their computer so I
> wanted
> > to
> > > > > > install it on just those users without having to go to their
desk.
> > > > > >
> > > > > > I'll try this.
> > > > > > Thanks for both responses.
> > > > > >
> > > > > >
> > > > > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > > > > news![:o]( ":o")
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...
> > > > > > > Nik,
> > > > > > >
> > > > > > > This is just like any other deployment of software via Group
> > Policy.
> > > > > You
> > > > > > > would simply have to assign it to the computer configuration (
> > NOTE:
> > > > You
> > > > > > can
> > > > > > > not publish this.....it must be assigned ). Make sure that
this
> > GPO
> > > > is
> > > > > > > linked to the OU ( assuming that you would be doing this to
the
> OU
> > > > > > level ).
> > > > > > > Make sure that the computer account objects that you want to
> > receive
> > > > > this
> > > > > > > GPO reside directly in the OU to which you linked the GPO.
Once
> > you
> > > > > have
> > > > > > > configured the GPO you have to reboot the computers to be
> > affected.
> > > > > > >
> > > > > > > Does this help you?
> > > > > > >
> > > > > > > Cary
> > > > > > >
> > > > > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > > > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > > > > > Morning
> > > > > > > > Can someone guide me on how to install a service pack to a
> user
> > > > > > > workstation
> > > > > > > > through active directory.
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > > Nik
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Nik,
A couple of things: Site-level GPOs are valid but a bit more difficult to
troubleshoot and maintain. *Usually* you want to stay away from a Site GPO
for deploying software. Now, do not get me wrong, you can do that. I would
not. But it is possible.
What I would do is a bit more advanced and a bit more involved. If you have
implemented this GPO already then there is no need for me to go into the
details. However, I will give the 'Big Picture' information.
You create the GPO and link it to the Domain-level or OU-level. You put the
'application to be deployed' on one of the local Servers ( so, if you have
three Sites and in Site01 you have DC01 and DC02 and in Site02 you have DC03
and DC04 and in Site03 you have DC05 and DC06 and we are interested in
Site03 then you put the application on one of the two DCs in Site03 or - and
this is even better - on a File Server, if available ) and you create a
security group that contains the user account objects ( or, in your case,
the computer account objects ) and simply remove the 'Authenticated Users'
group from the security tab of that GPO and replace it with the security
group that contains the objects in need of this application and make sure to
give that security group both the READ and APPLY GROUP POLICY rights.
This is a bit more involved but it gives you better control over things.
Now, the way to figure out which computer account objects have which Service
Pack you can use a built-in tool called ldifde ( and there are others but
let's go with this one....it is free and requires no scripting skills ).
Here is what you would enter:
c:\>ldifde -f servicepack3.ldf -s servername.domain.com -t 389 -d
"DC=domain,DC=com" -r
"(&(objectClass=computer)(operatingSystemServicePack=Service Pack 3))" -l
"DN,sAMAccountName,operatingSystem,operatingSystemVersion,operatingSystemSer
vicePack"
This would determine all of the computers with Service Pack 3 installed.
You could also do the same for Service Pack 2 and Service Pack 1 if needed.
You would simply call the .ldf file for the Service Pack 2 query
servicepack2.ldf and the .ldf file for the Service Pack 1 query
servicepack1.ldf.
HTH,
Cary
"Nik" <nik(don't use)@webworksgy.com> wrote in message
news:%23hhRE3EuEHA.3460@TK2MSFTNGP10.phx.gbl...
> Cary,
> I have a GPO at my site level so I put the package in that GPO hope that
is
> OK. Also you had mentioned that you would show me a way to determine which
> computers need the service pack before it installs it or does this take
care
> of it.
> Nik
>
>
> "Nik" <nik(don't use)@webworksgy.com> wrote in message
> news:uSRMxSEuEHA.220@TK2MSFTNGP15.phx.gbl...
> > Thanks Cary, I will try this and see how it works out.
> > Nik
> >
> >
> > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news
G$h6CrtEHA.2820@TK2MSFTNGP15.phx.gbl...> > > Nik,
> > >
> > > No problem.
> > >
> > > Okay - the big picture is that we need to put the Service Pack on a
> > > networked Server, create the package and deploy it to the necessary
> > > computers. That sounds easy enough, right?
> > >
> > > Well, let's look at the details for doing this.
> > >
> > > I do not know in what format you have the Service Pack - whether it is
> the
> > > single file .exe or the CD-ROM. if you have the single file
executable
> > you
> > > will need to extract it. That should be easy enough. WinZip will do
it
> > for
> > > you. You could also use some switches from the command prompt to do
> this.
> > > I would suggest that you create a shared folder first, though. For
> things
> > > like this I like to hide the shares so that when people are browsing
the
> > > network these types of folders are not directly visible. So, share it
> as
> > > W2KSP4$. The "$" makes it a hidden share. You will need to include
the
> > "$"
> > > later when you are telling AD the path to update.msi.......I like to
> give
> > > either Domain Admins or Administrators Full Control on both the Share
> and
> > > NTFS permissions and - in this particular case - Domain Computers Read
> on
> > > the Share permissions and then Read and Execute, List Folder Content
and
> > > Read on the NTFS permissions.
> > >
> > > You would then copy the directory structure into this shared folder.
> > >
> > > This is the end of Part 1.
> > >
> > > Now, you need to create an Organizational Unit ( OU ) and move the
> > computer
> > > account objects that need to have SP4 installed into this OU. Please
> keep
> > > in mind that it is a really bad idea to move a computer account object
> > into
> > > an OU to which a GPO that installs software is linked, let the
software
> be
> > > installed and then move the computer account object out of that OU (
> like
> > > back to the default COMPUTERS container ). So, one the computer
account
> > > objects are in an OU they should generally stay there. Generally.
> > >
> > > This is the end of Part 2.
> > >
> > > Now, we need to create the Group Policy Object and link it to the OU
in
> > > which the computer account objects directly reside. Sidenote: please
> do
> > > not be fooled by the name. Groups really have very little to do with
> > Group
> > > Policy Objects. You can not place a group inside this OU that you
have
> > > created and create and link the GPO to this OU and think that because
> the
> > > computers are members of this group that the GPO will apply. It will
> not.
> > > This is a common mistake that a lot of people make. The computer
> account
> > > objects must directly reside inside the OU.....Period!
> > >
> > > So, right click the OU, select Properties and go to the Group Policy
> tab.
> > > Simply click on the New... button. Sidenote: Why is there and Add...
> > > button? Because you can use this button to link an existing GPO to
this
> > OU.
> > > So, forget about SP4 for a moment. Say that you have created a GPO
and
> > > linked it to the OU in which the Marketing user account objects
reside.
> > Say
> > > that the Finance people see what happens when the Marketing people log
> on
> > > and want/need this to happen for them. Instead of having to recreate
> this
> > > GP you simply use the existing one and link it to the OU in which the
> > > Finance user account objects reside. You see, it is an object ( thus
> the
> > > GPO - for Group Policy Object ) and can be linked to many different
> levels
> > > if necessary. Now, back to SP4. You need to give this a 'friendly
> name'.
> > > I would call it something original - like WIN2000 SP4 or whatever.
Now,
> > you
> > > have actually created the Group Policy. Granted, it is pretty much
> blank.
> > > But the Group Policy object has been created and linked. You have
given
> > it
> > > the 'Friendly name', you have Group Policy Container, or GPC, in the
> > Domain
> > > partition for this policy and you have created the Group Policy
> Template,
> > or
> > > GPT, in the SYSVOL folder. This is all happening, by default, on the
> > Domain
> > > Controller in this domain that holds the FSMO role of PDC Emulator.
So,
> > how
> > > do you change this ( remember, it is pretty much blank at the
moment )?
> > > Well, you click on the Edit... button. You would open up the Computer
> > > Configuration and click on Software Installations and then right click
> on
> > > Software Settings and select NEW. And sorry if the terms are a bit
off.
> > I
> > > am going from memory. You now need to tell AD where the .msi file is.
> > So,
> > > you enter the following:
> > > \\servername\W2KSP4$\update\update.msi. You then need to tell it to
> > Assign
> > > this package ( and ***NOT**** publish ).
> > >
> > > You are pretty much finished.
> > >
> > > Give it a moment and then go to the computers in question and reboot
> them.
> > > SP4 should be installed upon booting up. It will take a bit of time.
> > >
> > > What if things do not work? Make sure that the clients are pointing
> ONLY
> > to
> > > your internal DNS Servers ( and not to the DNS Servers of your ISP ).
> > That
> > > is the first thing. You can also use GPOTool and GPResults. I would
> even
> > > navigate to the update.msi file and manually double click it to see if
> it
> > > runs. Sometimes things do not extract so well. But I would do the
> other
> > > things first.
> > >
> > > HTH,
> > >
> > > Cary
> > >
> > >
> > >
> > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > news:uZNc6igtEHA.1464@TK2MSFTNGP15.phx.gbl...
> > > > Hey Cary, Sorry if I made u ass/u/me. :-). However, I really have
> never
> > > > done the distribution of software via Group Policy. So I would
> > definitely
> > > > appreciate all the help you are willing to give me. Thanks a
million.
> > > > Nik
> > > >
> > > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > > news:uL8J2AgtEHA.3200@TK2MSFTNGP14.phx.gbl...
> > > > > Nik,
> > > > >
> > > > > I hope that I did not ass/u/me that you have deployed applications
> via
> > > GPO
> > > > > before. If you have not and need / want some assistance with the
> set
> > up
> > > I
> > > > > would gladly help you. Once you have done it a couple of times it
> is
> > as
> > > > > easy as brushing your teeth. But, there are a several things that
> > must
> > > be
> > > > > in order for it to work!
> > > > >
> > > > > Also, since you mention that there are only a few computers that
> need
> > > SP4
> > > > I
> > > > > can show you a way to know exactly which computers have which
> Service
> > > Pack
> > > > > installed. You would use something called ldifde ( that is
> LDIFDE ).
> > > It
> > > > is
> > > > > really a nice tool. In WIN2003 environments you would probably
use
> > the
> > > > > newer ds* tools, though.
> > > > >
> > > > > HTH,
> > > > >
> > > > > Cary
> > > > >
> > > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > > news:eedrz9ftEHA.2072@tk2msftngp13.phx.gbl...
> > > > > > I would like to think one of these will help. I have just a few
> > users
> > > > who
> > > > > do
> > > > > > not have the Win2000 SP4 service pack on their computer so I
> wanted
> > to
> > > > > > install it on just those users without having to go to their
desk.
> > > > > >
> > > > > > I'll try this.
> > > > > > Thanks for both responses.
> > > > > >
> > > > > >
> > > > > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > > > > > news
NVq$aetEHA.1452@TK2MSFTNGP11.phx.gbl...> > > > > > > Nik,
> > > > > > >
> > > > > > > This is just like any other deployment of software via Group
> > Policy.
> > > > > You
> > > > > > > would simply have to assign it to the computer configuration (
> > NOTE:
> > > > You
> > > > > > can
> > > > > > > not publish this.....it must be assigned ). Make sure that
this
> > GPO
> > > > is
> > > > > > > linked to the OU ( assuming that you would be doing this to
the
> OU
> > > > > > level ).
> > > > > > > Make sure that the computer account objects that you want to
> > receive
> > > > > this
> > > > > > > GPO reside directly in the OU to which you linked the GPO.
Once
> > you
> > > > > have
> > > > > > > configured the GPO you have to reboot the computers to be
> > affected.
> > > > > > >
> > > > > > > Does this help you?
> > > > > > >
> > > > > > > Cary
> > > > > > >
> > > > > > > "Nik" <nik(don't use)@webworksgy.com> wrote in message
> > > > > > > news:usJKJSetEHA.412@TK2MSFTNGP14.phx.gbl...
> > > > > > > > Morning
> > > > > > > > Can someone guide me on how to install a service pack to a
> user
> > > > > > > workstation
> > > > > > > > through active directory.
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > > Nik
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Related ressources:
- ForumHow to download service packs for future installation?
- Forumcant install service packs
- ForumFresh Install of NT, Cant get service packs
- Foruminstalling service packs
- ForumScared to install Service Packs because never backed up co..
- ForumInstallation order of Service Packs and Critical Updates
- ForumOffice 2000 Service Packs in Software Installation
- ForumService Packs
- ForumService Packs On CD
- ForumNT 4.0 -- Service Packs
- Forumwuau.adm - Does it download service packs ?
- ForumXP and Service Packs
- ForumWin98SE Service Packs - Good or Bad?
- ForumAre the WinXP Pro Office service packs worth it?
- ForumParallel and com ports not appearing in device manager
- More resources
!
