none
Deploy Software with GPO - Help required [ Repost in GPO forum]

    Question

  • Hi All,

    I have an requirement to "DEPLOY Teamviewer 7 to only Winxp & Win 7 Clients in Domain". I'm planning to do in in GPO which is having multiplel DC's accross the site.  Customer want to make this gpo as permananet one so i want to know whats the pros and cons for this setup.

    1. I could see "TeamViewer_Setup.exe" have 5 MB in size with no specfic about 32m 64 bit OS so i assuem that the same package will use for both 32,64 bit clients.

    2. Let me know whats the size if i'll convert the "exe" to "msi" .   I use some third part tool to convert to MSI its asking for 32 or 64 bit so i confused how to make this exe to msi?  i need to make 2 for 32 & 64 bit clients?

    3. Once the MSI file created i want to avoid the user intercation like [ accept license & click next] --> how can i achieve that?

    4. I believe in GPO the package will be stored in "SYSVOL" so for first time "All clinets start Downlaod from Sysvol" more number of B/W usage happen so any way to avoid this...

    Help is appreciated...

    Thursday, April 05, 2012 5:26 AM

Answers

All replies

  • Hi All,

    I have an requirement to "DEPLOY Teamviewer 7 to only Winxp & Win 7 Clients in Domain". I'm planning to do in in GPO which is having multiplel DC's accross the site.  Customer want to make this gpo as permananet one so i want to know whats the pros and cons for this setup.

    1. I could see "TeamViewer_Setup.exe" have 5 MB in size with no specfic about 32m 64 bit OS so i assuem that the same package will use for both 32,64 bit clients.

    2. Let me know whats the size if i'll convert the "exe" to "msi" .   I use some third part tool to convert to MSI its asking for 32 or 64 bit so i confused how to make this exe to msi?  i need to make 2 for 32 & 64 bit clients?

    3. Once the MSI file created i want to avoid the user intercation like [ accept license & click next] --> how can i achieve that?

    4. I believe in GPO the package will be stored in "SYSVOL" so for first time "All clinets start Downlaod from Sysvol" more number of B/W usage happen so any way to avoid this...

    Help is appreciated...

    Thursday, April 05, 2012 5:15 AM
  • This question seems to be more Group Policy related.

    Please have this asked in GPO Forum for better answers./

    http://social.technet.microsoft.com/Forums/en-US/winserverGP/threads

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by Abhijit Waikar Thursday, April 05, 2012 5:24 AM
    Thursday, April 05, 2012 5:20 AM
  • Meanwhile check below links:

    Deploy MSI using group policy
    http://www.advancedinstaller.com/user-guide/tutorial-gpo.html

    http://www.windowsnetworking.com/articles_tutorials/group-policy-deploy-applications.html


    Best Regards,

    Abhijit Waikar.
    MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, April 05, 2012 5:27 AM
  • According to me GPO is not the viable approach for the software deployment, if you have SCCM(System center configuration manager), you can use software deployment feature from it or you can use 3rd party tool. There are other tools 3rd party tools like Altiris etc with which you can perform software deployment but using GPO is not the best way because of limited option available. You can't customize the licenses and all using GPO, but you need to create a package using adminstudio tool.

    You can keep it in sysvol or as a separate share and it will work but if the file becomes large and lot of user start accessing GPO you will face performance issues.


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 05, 2012 9:21 AM
  • Best Practice: How to deploy Software using Group Policy
    http://www.grouppolicy.biz/2011/04/best-practice-how-to-deploy-software-using-group-policy/
    http://www.advancedinstaller.com/user-guide/tutorial-gpo.html

    However if the above does not helps I would aslo recommend to raise a query in GP forum for better assistance.
    http://social.technet.microsoft.com/Forums/en/winserverGP/threads

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, April 05, 2012 9:34 AM
  •  

    Hi,

    To answer your questions:

    1 and 2: Since this is a third-party program, we need to contact the manufacturer of this program to confirm whether it has different version installation files for 32 bit version and 64 bit version, If not, we do not need to (and cannot) make different versions while converting the installation file to .MSI file.

    3: For most Microsoft programs, we can bypass the license agreement page if we assign the software to users. However, things can be different for some of the third-party programs.

    4: We can save the installation file of the software in SYSVOL folder as well as any shared folder. To avoid impact on bandwidth usage, we can use Publish instead of Assign.


    In the meantime, System Center Configuration Manager (SCCM) is more effective if we need to deploy software.

    I suggest we check the information in the threads below to see if they can be helpful in our situation:

    How to push a .exe file from my server to all client computers?

    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/6d845783-1b94-4fdc-8e52-8213802a5ef7

    How Can I deploy non-MSI software with GPO?

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/39499d55-f27e-487a-81d5-0463d965e13f

    Please feel free to let us know if anything is unclear.

    Regards

    Kevin


    TechNet Community Support

    Friday, April 06, 2012 8:08 AM
  • Hi Kevin,

    Thanks for the reply. Pls

    1 and 2: Only One version for both 32 & 64 bit versions as i tested teh installtion directory on the clients will varry. But the exe seems woring with both versions. SO i creat oen mSI file is enough.

    3: i Can see licenserrement and options selection page but i noyt sure hoe to bypass that.  Trying Some Silent install options...

    4: We can save the installation file of the software in SYSVOL folder as well as any shared folder. To avoid impact on bandwidth usage, we can use Publish instead of Assign.   ---> Customer requirement is "Deploy Software Teamviewer 7 via a Group Policy for Windows XP and Windows 7 on my domain clients" and tehy want to go with less impact domain.

    We have 10,000 clients with 4 sites and 6 Dc's. Can you pls expain whats differnece between publish & assigning.  Since all the computers in ame OU if i create GPO same time the policy apply to all Xp, WIn 7 clinets so i'm worry that it might imapct on user logon and domain fnctions.

    Sunday, April 08, 2012 9:06 AM
  • Can you pls expain whats differnece between publish & assigning.  Since all the computers in ame OU if i create GPO same time the policy apply to all Xp, WIn 7 clinets so i'm worry that it might imapct on user logon and domain fnctions.

    In my  earlier post i said, GPO is not the best way to deply software. Using SCCM or other 3rd party tool, you can restrict and control te bandwidth, when to deploy and you can create a group etc which is not possible with GPO. Publishing the software means software will be available via add remove program and it is manual process mean users need to go to add remove to install the particular software he needs it. Assigning the software can be configured in multiple ways like on demand,assign to uses, assign to computers. More explanation at below.

    http://technet.microsoft.com/en-us/library/cc783635%28v=ws.10%29.aspx

    http://technet.microsoft.com/en-us/library/cc778924%28v=ws.10%29.aspx


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Sunday, April 08, 2012 9:24 AM

  • Hi,

    I agree with Awinish.

    We can check those articles to learn the difference between Assign and Publish.

    Please feel free to ask if you have any question or concern.

    Regards

    Kevin


    TechNet Community Support

    Monday, April 09, 2012 1:43 AM
  • Hi Awinish,

    Customer dont want to go with any third Party tool or SCCM and they prefer GPO but before implement they want to know whats risk & impact interms of future clients increase and which one will be prfer in GPO.

    SO i need to decide which method i go in GPO and i need to expain whats the risks & impact to customer. Hoep you understand.. So far i check with GPO i'm thinking this way .. Let me know you want to add any steps and help me the queries,

    1. In a Clean Win7 or XP new Vmware install teamviewer and create MSi file which will use for both 32 & 64 bit Versions.

    2. In terms of Software deployment Custome Request is based on the "WInxp & Win 7 CLIENTS" and not the users. SO now if i assign Computers or Publish is same right?

    Assign computers --> Next time computer apply GPO it will auto install [ but not sure abt the License and other options.. will it ask in Users logon.. If so how i can give permission to domain User?

    Puplish - Not auto install.. but Visible in Add/remove prgms.. But still i need to assign permissions.

    Monday, April 09, 2012 3:02 AM
  • Hi Kevin/Awinish,

    I can see the artilces taht "Packages can be published only to users, not to computers" .  As Per my customer requirement is "To install teamviewer in all win xp & win 7" so i cannot Choose  the "Publish" option right?

    Monday, April 09, 2012 3:19 AM
  • Hi Kevin/Awinish,

    I can see the artilces taht "Packages can be published only to users, not to computers" .  As Per my customer requirement is "To install teamviewer in all win xp & win 7" so i cannot Choose  the "Publish" option right?

    Yes you are right . You can publish an application to users not to computers.

    If you need this applicaiton on all computers then better option is to go with Assigning the application (It will install the application automatically and get the application in start menu ) , which will install the application on all the computers , regardless where user is logging in.

    Refer below link to understand this better,.

    http://technet.microsoft.com/en-us/library/cc783635(WS.10).aspx

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, April 09, 2012 4:08 AM
  • Hi,

    We can assign or publish software to users but we can only assign software to computers.

    After assigning the software to computer, it will be installed for all of the people who use the computer the next time that the computer reboots. This is the next time that the Group Policy for the computer is applied.

    Regards

    Kevin


    TechNet Community Support

    Monday, April 09, 2012 7:54 AM
  • HI kevin,

    I could see the 3500 clients [ Xp, Win7] having across the sites. In order to lower donw the impact i'm plan to do like this . Let me know if anythin needs to added or revised?

    1. Prepare MSI in a clean VM [ XP or WIn7]

    2.Create a new GPO and copy the MSI file under new GPO in Sysvol share

    3.Create a Computer group with [ 500- 700] clients and Remove the "Aut. Users" group in "Security Filtering"  settings and add this Computer groups [ ref below picture]

    4.Next day i'll add next [ 500- 700] clients till i finish full... 

    5.Steps 3 & 4 can be done creata new OU and move some clients but i dont want do that since i prefer "Creating a Computer Groups"

    6.FInally i remove the Computer groups & add Auth.Users  "Security Filtering"  settings

    Tuesday, April 10, 2012 7:23 AM
  • The step looks fine to me but again be cautious 400-500 is still good number of the system.

    http://blogs.technet.com/b/askds/archive/2011/08/26/friday-mail-sack-unintended-hilarity-edition.aspx



    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Tuesday, April 10, 2012 8:40 AM
  • It is not required to remove Authenticated user from security filter and add computer group.Leave authenticated User as it is.You can assign or publish the s/w as per requirement.Also ensure that mention the UNC path when selecting the s/w msi path.If you are not placing the msi in sysvol ensure that user have correct permission on share where msi is placed.You can refer below link how to deploy the same.

    Reference link.
    http://www.grouppolicy.biz/2011/04/best-practice-how-to-deploy-software-using-group-policy/
    http://www.tech-faq.com/deploying-software-through-group-policy.html
    http://technet.microsoft.com/en-us/library/cc778924(v=ws.10).aspx

    Once the policy is define reboot the PC and check.I would recommend first test the same on two/three client PC and then deploy the same to entire computers.

    Create the test OU.Move the computers(two or three) to test OU.Assign the policy to test OU.If all is well then deploy the policy to entire computers(organisation).

    Also since the nos of computers are more if the users/computers are in remote site with low n/w bandwidth then deploying the s/w policy from main site can can lead to bandwidth choke at remote site.

    If you have multiple site with DC in that site,deploy different s/w GPO template instaed of deploying single GPO template at domain level.Create regionwise OU and deploy the policy and if you have created AD sites and services correctly you can deploy policy at site level.

    I would also recommend to go for SCCM instead for deploying the s/w GPO as the env is large.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.



    Tuesday, April 10, 2012 10:11 AM
  • Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to  reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
     
    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
     
    Best Regards
     
    Kevin


    TechNet Community Support

    Friday, April 13, 2012 1:44 AM
  • Hi All,

    I have created a Test OU with 4 xP & Win 7 clients with New GPO under Computer config --> Publish MSI package in UNC location [\\dc\software\*.msi] but i'm hetting below error in Test XP client.

    I  already check "domain computers" & "Auth Users" have read permission and i'm able to browse the location  [\\dc\software\*.msi] from client and manual install but with GPO not work.. Pls help to check this issue.

    Event Type: Error
    Event Source: Application Management
    Event Category: None
    Event ID: 108
    Date: 7/25/2012
    Time: 3:47:01 PM
    User: NT AUTHORITY\SYSTEM
    Computer: TEAMVWRTESTXP
    Description:
    Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : The installation source for this product is not available.  Verify that the source exists and that you can access it. 

    Wednesday, July 25, 2012 10:26 AM
  •  
    > I  already check "domain computers" & "Auth Users" have read
    > permission and i'm able to browse the location  [\\dc\software\*.msi]
    > from client and manual install but with GPO not work.. Pls help to
    > check this issue.
     
    Get a copy of Sysinternals psexec, and in an elevated commandline, run
    "psexec -s cmd.exe". There, try to access your MSI file (dir \\dc\...)
    and check. The error is self explaining, I'm proof sure you missed
    something - what rights did you set on share level?
     
    regards, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Wednesday, July 25, 2012 3:11 PM
  • Hi martin,

    Trying to redeploy the package with new UNC path... will let you knw the results..

    Tuesday, July 31, 2012 4:28 AM
  • Then please check %windir%\debug\usermode\appmgmt.log (maybe after increasing verbosity level through the following registry value: <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    AppmgmtDebugLevel

    0x9b

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics

    (REG_DWORD, obviously :-))

    And regarding the rights you set: What rights are set for authenticated users? (Commandline output from "net share software" and "icacls software" is better than a screenshot :-))

    regards, Martin
    <meta name="ProgId" content="OneNote.File"> <meta name="Generator" content="Microsoft OneNote 14">
    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Monday, August 06, 2012 12:10 PM

  • PFA the Permission details; regarding registry key i after HKLM\Software\Microsoft\Windows NT\CurrentVersion i not see the "Diagnostics" folder in XP client.

    So i need to create a folder and value?


    Yes. Create a key "Diagnostics", and in that key, create a value "AppMgmtDebugLevel".

    regards, Martin

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Tuesday, August 07, 2012 3:22 PM
  • Hi martin

    After enable the registry key and reboot it working fine. I'm not sure what went wrong.  But after i manually remove\uninstall teamviewer from Clients and reboot i could see Team viewer installation not happening.

    I can see the belwo errror.  My friedn suggest to change MSI Path to SYSVOL instead of UNC path. I not sure which one recommneded like Multiple sites? 

    I have  7 Dc's in remote locations so copy the MSI file in SYSVOL is better option?

    08-08 14:53:32:376 
    Software installation extension has been called for foreground synchronous policy refresh.
    The following policies are to be applied, flags are 401.
        Deploy TeamViewer (unique identifier {725A6D66-1F10-481C-98AB-A56CCCDCE3C0})
            System volume path = \\ccg.cementhai.com\SysVol\ccg.cementhai.com\Policies\{725A6D66-1F10-481C-98AB-A56CCCDCE3C0}\Machine
            Active Directory path = LDAP://CN=Machine,cn={725A6D66-1F10-481C-98AB-A56CCCDCE3C0},cn=policies,cn=system,DC=ccg,DC=cementhai,DC=com
    Set the Active Directory path to LDAP://CN=Class Store,CN=Machine,cn={725A6D66-1F10-481C-98AB-A56CCCDCE3C0},cn=policies,cn=system,DC=ccg,DC=cementhai,DC=com;.
    Enumerating applications in the Active Directory for computer CHEM-VM-TVWXP2 with flags 5.
    CSTORE: Retrieving class store path for the system account.
    CSTORE: Retrieved 1 class stores for the user or machine.
    CSTORE: Attempting to bind to class store 0 with path LDAP://CN=Class Store,CN=Machine,cn={725A6D66-1F10-481C-98AB-A56CCCDCE3C0},cn=policies,cn=system,DC=ccg,DC=cementhai,DC=com.
    CSTORE: Bind attempt returned error code 0.
    CSTORE: Enumerating packages with search filter (&(objectclass=packageRegistration)(|(|(msiScriptName=*A*)(&(canUpgradeScript=*)(msiScriptName=*P*)))(!(msiScriptName=*)))) and flags ce00000.
    CSTORE: Examining retrieved package TeamViewer 7 (MSI Wrapper).
    The following applications were found in policy Deploy TeamViewer.
        Assigned application TeamViewer 7 (MSI Wrapper) (flags a0004c70).
    Found 1 applications in policy Deploy TeamViewer.
    Enumerating the managed applications which are currently applied to this user.
    The following 1 managed applications are currently applied to this user.
        TeamViewer 7 (MSI Wrapper) from policy Deploy TeamViewer with state 509 and assign count 1.
    Found 0 applications locally that are not included in the set of applications from the Active Directory.
    Policy Logging for Software Management is attempting to log application TeamViewer 7 (MSI Wrapper) from policy Deploy TeamViewer.
    Changes to software installation settings were applied successfully.

    Software installation extension returning with final error code 0.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    08-08 16:35:08:985 
    Software installation extension has been called for foreground synchronous policy refresh.
    The following policies are to be applied, flags are 401.
        Deploy TeamViewer (unique identifier {725A6D66-1F10-481C-98AB-A56CCCDCE3C0})
            System volume path = \\ccg.cementhai.com\SysVol\ccg.cementhai.com\Policies\{725A6D66-1F10-481C-98AB-A56CCCDCE3C0}\Machine
            Active Directory path = LDAP://CN=Machine,cn={725A6D66-1F10-481C-98AB-A56CCCDCE3C0},cn=policies,cn=system,DC=ccg,DC=cementhai,DC=com
    Set the Active Directory path to LDAP://CN=Class Store,CN=Machine,cn={725A6D66-1F10-481C-98AB-A56CCCDCE3C0},cn=policies,cn=system,DC=ccg,DC=cementhai,DC=com;.
    Enumerating applications in the Active Directory for computer CHEM-VM-TVWXP2 with flags 5.
    CSTORE: Retrieving class store path for the system account.
    CSTORE: Retrieved 1 class stores for the user or machine.
    CSTORE: Attempting to bind to class store 0 with path LDAP://CN=Class Store,CN=Machine,cn={725A6D66-1F10-481C-98AB-A56CCCDCE3C0},cn=policies,cn=system,DC=ccg,DC=cementhai,DC=com.
    CSTORE: Bind attempt returned error code 0.
    CSTORE: Enumerating packages with search filter (&(objectclass=packageRegistration)(|(|(msiScriptName=*A*)(&(canUpgradeScript=*)(msiScriptName=*P*)))(!(msiScriptName=*)))) and flags ce00000.
    CSTORE: Examining retrieved package TeamViewer 7 (MSI Wrapper).
    The following applications were found in policy Deploy TeamViewer.
        Assigned application TeamViewer 7 (MSI Wrapper) (flags a0004c70).
    Found 1 applications in policy Deploy TeamViewer.
    Enumerating the managed applications which are currently applied to this user.
    The following 1 managed applications are currently applied to this user.
        TeamViewer 7 (MSI Wrapper) from policy Deploy TeamViewer with state 509 and assign count 1.
    Found 0 applications locally that are not included in the set of applications from the Active Directory.
    Policy Logging for Software Management is attempting to log application TeamViewer 7 (MSI Wrapper) from policy Deploy TeamViewer.
    Changes to software installation settings were applied successfully.

    Software installation extension returning with final error code 0.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.
    Software installation extension has been called for background policy refresh
    Software installation extension has detected changes that require a synchronous foreground policy refresh.
    Software installation extension returning with final error code 1274.

    Thursday, August 09, 2012 4:35 AM
  • HI all

    Could you pls update solution for this error message?

    In general practice how we can deploy MSI file for Multiple Site Clients as a MSI Path to SYSVOL instead of UNC path?

    Tuesday, August 14, 2012 7:32 AM
  • 1. TeamViewer installs in C:\Program Files (x86)\ for 64-bit clients while installing in C:\Program Files\ for 32-bit clients. The package is the same for both.

    2. The size depends on what additional information is stored with the exe, but generally speaking the MSI should not be much bigger.

    3. To avoid user interaction, customize all the settings via GPO. See instruction below.

    4. If bandwidth is a concern, a 3rd party deployment solution or SCCM is the way to go. Otherwise clients should pull from the SYSVOL on a server within the site. Generally this amount of bandwidth is not going to be a major concern.

    =======================================

    I was disappointed to see there was no documentation for customizing TeamViewer settings through Group Policy. I was told that the corporate version includes a login script with the MSI for deployment, but there doesn't seem to be any support for business license users. For those who have found their own way to deploy TeamViewer (whether through a custom msi or otherwise), modifying the registry values via Group Policy allows for a very fine-grained level of control.

    The following is the process that we used to Customize TeamViewer for our organization via GPO. There were some interesting issues that needed to be worked around, which is why I documented the process. I would really like TeamViewer to make this into a more official document or provide this information to it's customers.

    =======Customizing TeamViewer via Group Policy=======

    We are trying configure TeamViewer 7 via Group Policy assuming it has already been installed on each client. To do this, we exported the settings from a pre-configured client (from advanced options in TeamViewer). We then opened up the export.reg (in Notepad++) and added all of the corresponding registry keys and values to Group Policy.

    All keys and values under this path put into Customize TeamViewer - Computer GPO:

    HKEY_LOCAL_MACHINE\SOFTWARE\TeamViewer\Version7

    Define these in: Computer Configuration/Preferences/Windows Settings/Registry.

    All keys and values under this path put into Customize TeamViewer - User GPO:

    HKEY_CURRENT_USER\SOFTWARE\TeamViewer\Version7

    Define these in: User Configuration/Preferences/Windows Settings/Registry.

    If you have Remote Server Admin Tools (RSAT) installed on a client, you can import export.reg via the advanced option in TeamViewer and then use the Registry Wizard to pull all of these keys into a GPO.

    These registry settings are confirmed to be applying properly, but the settings aren't taking place in TeamViewer. We can also merge the export.reg into the registry and the settings don't take effect. The interesting thing is that the import function in TeamViewer imports the export.reg properly and the settings then take effect. The problem with this is that we can't automate the process by simply overwriting registry keys.

    Since importing the reg file works while merging it doesn't, we figured that there is something else in the import feature that happens to set the proper registry settings. We didn't see any 64-bit specific settings in the export.reg so we did some researching and found this key that wasn't included in export.reg:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TeamViewer\Version7

    We were wondering if this node was created/handled by the import function so I added all of the keys and values under this node to the computer GPO hoping that would take care of the missing settings. That didn't work either.

    Finally the last node that we found that wasn't part of export.reg was:

    HKEY_USERS\%LdapUserSid%\SOFTWARE\TeamViewer\Version7

    We thought that maybe these settings took precedence over the other registry settings, so we modified the user GPO to include these keys and values (using the %LdapUserSid% variable).

    After rebooting, everything works fine.

    Monday, December 10, 2012 8:18 PM