Deploying Java and Adobe Reader via Group Policy

Java:

Firstly download the latest Java Windows offline installer here.

Run the installer, and wait for the Welcome screen to appear. Next, navigate to the following directory, where USER_NAME is the name of the logged on user, and jre_VERSION is the name of the version of Java that you have just extracted:

C:\Users\USER_NAME\AppData\LocalLow\Sun\Java\jre_VERSION

In this folder you will find an msi file and a data.cab file. Copy the jre_VERSION folder to you network deployment point, and then add the msi file path to a new package in the software installation section of the Group Policy Object (GPO) that you wish to deploy Java to.

 

Adobe Reader:

Simple Method:

Download the most recent MSI file from ftp://ftp.adobe.com/pub/adobe/reader/win and deploy that to a new package in the software installation section of the GPO that you wish to deploy to e.g. AdbeRdr11000_en_US.msi. Note that Adobe only issue MSI files for the major releases e.g. 11.0.00.

Complex Method

This method includes how to patch the MSI file of the major release outlined in the simple method to include all the latest security patches. Firstly download the MSI file for the major release which you want to patch and place it in a folder on your computer e.g. C:\ADOBEREADER

Next download the .exe file for the update version which you want to patch to e.g. 11.0.01 from ftp://ftp.adobe.com/pub/adobe/reader/win and extract the contents using the following command, where _VERSION is the version number of the file you downloaded:

AdbeRdr_VERSION_en_US.exe -nos_ne

e.g. AdbeRdr1101_en_US.exe -nos_ne

This will extract the contents of the .exe file to a subfolder in the C:\ProgramData\Adobe\Setup folder. Copy the .MSP file contained in this folder to the C:\ADOBEREADER folder you created earlier. From the command prompt navigate to the C:\ADOBEREADER folder and run the following command where MSI_VERSION is the version of the MSI file that you are updating and PATCH_VERSION is the version of the patch that you are applying :

msiexec /a AdbeRdr_MSI_VERSION_en_US.msi /p AdbeRdr_PATCH_VERSION.msp

e.g. msiexec /a AdbeRdr11000_en_US.msi /p AdbeUpd11001.msp

Click through the steps of the installer, and then click finish. Your .msi file has now been patched

Finally, copy your new patched msi file to your network deployment point and create a new package in the software installation section of the GPO which you wish to deploy Adobe Reader to.

References:

How do I deploy Java using Active Directory across a network?

How to extract an MSI file from the EXE for Adobe Reader

Advertisements

Back Up All Group Policy Objects using Backup-GPO and the Group Policy Management Console

Here are a couple of quick methods to backup all of your group policy objects in one hit. The first uses the Powershell cmdlet Backup-GPO. On a Windows Server 2008 domain controller fire up Powershell, and issue the following command, where C:\PATH_TO_BACKUP is the path where you want to save the backup:

Backup-GPO -All -Path C:\PATH_TO_BACKUP

The second method uses the Group Policy Management Console. Fire up gpmc.msc, and then expand your domain. Right click on ‘Group Policy Objects’ and then choose ‘Back Up All’ as shown below:

Backing up all GPOs using the Group Policy Management Console

Browse for a location to back up to, and give a description if you need one, then click Back Up and you’re done:

Choose a location and description for the GPO backup

 

References:

http://technet.microsoft.com/en-us/library/ee461052.aspx

Apply a Group Policy to a Specific Operating System

During our Windows 7 rollout it was necessary to apply some specific registry settings to the new Windows 7 machines without affecting the legacy Windows XP clients. This can easily be done by creating a WMI filter in the Group Policy Management Console and applying it to the relevant GPO.

To do this simply fire up gpmc.msc and click on the ‘WMI Filters’ section under the domain you want to create the group policy object (GPO) in.

WMI Filter section in GPMC

Right click the ‘WMI Filters’ section and choose ‘New’. Give the filter a name. Click on ‘Add’ and type the following to create a filter for Windows 7:

select * from Win32_OperatingSystem where Version like “6.1%” and ProductType=”1″

Adding a WMI filter for Windows 7

Finally, you need to apply this filter to the GPO that you want to use. In this example a GPO called ‘Windows 7 GPO’ has been created. Highlight the GPO in the Group Policy Management Console, and then under the ‘Scope’ tab, apply the WMI filter you created, by selecting it from the drop down list in the ‘WMI Filtering’ section as shown below:

Applying a WMI Filter to a GPO

You can filter the following operating systems in this way by adjusting the query in the WMI filter. Operating systems can be defined as follows:

Windows XP:

select * from Win32_OperatingSystem where (Version like “5.1%” or Version like “5.2%”) and ProductType = “1”

Windows Vista:

select * from Win32_OperatingSystem where Version like “6.0%” and ProductType = “1”

Windows 7:

select * from Win32_OperatingSystem where Version like “6.1%” and ProductType = “1”

Windows Server 2003:

select * from Win32_OperatingSystem where Version like “5.2%” and ProductType = “3”

Windows Server 2008:

select * from Win32_OperatingSystem where Version like “6.0%” and ProductType = “3”

Windows Server 2008 R2

select * from Win32_OperatingSystem where Version like “6.1%” and ProductType = “3”

You can use the ‘ProductType’ part of the query to specify whether the operating system is a client, server, or domain controller.

ProductType = “1” is a client

ProductType = “2” is a server operating as a domain controller

ProductType = “3” is a member server. i.e. not operating as a domain controller