Configuring Scripts with GPOs
📝Note: Installation might take around 45-50 minutes once the target device reboots
Open Server Manager, click Tools, and then click Group Policy Management.
In Group Policy Management, right-click your domain, click Create a GPO in this domain, and link it here.
In the New GPO dialog box, enter the name and click OK.
Right-click the created GPO, and then click Edit.
In the Group Policy Management Editor window, under Computer Configuration, expand Policies, expand Windows Settings, and then click Scripts (Startup/Shutdown). Select Startup and click Properties.
In Startup Properties, Click Add and then click Browse.
Browse and Select the script file & Click Open.
After Adding the Script, Click Apply then OK.
Configure the Scope of our policy, by Adding Domain Computers (if domain computers are the targeted devices to which installation should happen)
Update the Permission of the targeted group (in the below case, it’s Domain Computers) from Read to Edit Settings.
Script File (save as Powershell file)
📝 Note: Installation might take around 45-50 minutes once the target device reboots
#path of Shared Folder with MSI
$msiPath="<msi path>"
#if enabled , add installation log
$debug=$false
$log=""
$logFolder="C:\ProgramData\SOPGPO"
if (!(Test-Path -Path $logFolder -PathType Container)) {
try{
New-Item -Path $logFolder -ItemType Directory -Force
$log="SOPGPO folder created"
} catch{
Write-Host "Error in creating log folder"
Write-Host $_.Exception.Message
[Environment]::Exit(1)
}
}else{
$log="SOPGPO Folder already exists"
}
$logpath=Join-Path -Path $logFolder -ChildPath "sopgpoLog.txt"
try{
New-Item -Path $logpath -ItemType File -Force
}catch{
Write-Host "Error in creating log file"
Write-Host $_.Exception.Message
[Environment]::Exit(1)
}
function Addlog {
param (
[string]$content
)
try{
Add-Content -Path $logpath -Value $content
}catch{
Write-Host "Error in adding log"
Write-Host $_.Exception.Message
}
}
Addlog -content "Starting installation using GPO"
Addlog -content $log
#check for existence of superops
try{
$package = Get-WmiObject -Class Win32_Product | Where-Object { $_.IdentifyingNumber -contains "{3BB93941-0FBF-4E6E-CFC2-01C0FA4F9301}" }
if($package) {
Addlog -content "Superops is already installed"
Addlog -content "Exiting the Installation"
[Environment]::Exit(1)
}else{
Addlog -content "Checked for existence of superops: False"
}
}catch{
Write-Host "Error in checking the installation of Superops"
Write-Host $_.Exception.Message
Addlog -content "Error while checking superops"
#[Environment]::Exit(1)
}
#Check the existence of MSI
Addlog -content "Checking existence of File"
$file=Split-Path -Path $msiPath
if (!(Test-Path -Path $file -PathType Any )) {
Addlog -content "MSI not found in given path"
#[Environment]::Exit(1)
}
Addlog -content "Checking File accessibility"
$folderName = [System.IO.Path]::GetFileName($file)
try{
$permissionDetails = Get-SmbShareAccess -Name $folderName
} catch{
Write-Host "Error in checking permission"
Write-Host $_.Exception.Message
Addlog -content $_.Exception.Message
#[Environment]::Exit(1)
}
if ($debug){
ForEach($permission in $permissionDetails){
$name=$permission.AccountName
$per=$permission.AccessRight
$data= $name +":"+ $per
Addlog -content $data
}
}
ForEach($permission in $permissionDetails){
if(($permission.AccessRight -ne "Full")-and ($permission.AccountName -eq $env:USERNAME)){
Addlog -content "MSI does have required permission"
}
}
#install MSI
$fileName=Split-Path -Path $msiPath -Leaf
$installlogpath=Join-Path -Path $logFolder -ChildPath "SOPGPOinstall.log"
try{
if($debug){
msiexec.exe /i $msiPath /QN FILENAME=$fileName LicenseAccepted=yes /L*V $installlogpath
} else{
msiexec.exe /i $msiPath /QN FILENAME=$fileName LicenseAccepted=yes
}
}catch{
Write-Host "Error in Installation"
Write-Host $_.Exception.Message
Addlog -content "Error in Installation"
Addlog -content $_.Exception.Message
[Environment]::Exit(1)
}
Addlog -content "Installation Success"