locked
Script For .NetFramework 4.7.2 GPO installation RRS feed

  • Question

  • I'm trying to push .net framework 4.7.2 to some domain pcs using a logon script through GPO.

    Clients are Windows 7 SP1 x86 machines and the server is Windows 2008 R2 Std

    i''m using a .ps1 script with the following command:

    Start-Process -FilePath \\sharepath\NDP472-KB4054530-x86-x64-AllOS-ENU.exe -ArgumentList "/q /norestart"  -Wait -Verb RunAs

    I then add it as a logon script in GP under User Configuration - Windows Settings - Scripts -> logon (In powershell Scripts Tab)

    When the user logs in, the script runs fine, but because of the fact that my users don't have administrative privileges, the UAC window pops up and requires admin rights.

    Is there a way to add a command in the script to run using one of the domain admins account or any admin account so as to install the software with admin rights?

    Friday, July 26, 2019 11:41 AM

Answers

  • Don't use a logon script, use a startup script and drop the "RunAs".

    You cannot embed admin credentials in a script.  Anyone can see those credentials and use them at any time.


    \_(ツ)_/

    Friday, July 26, 2019 1:07 PM

All replies

  • Don't use a logon script, use a startup script and drop the "RunAs".

    You cannot embed admin credentials in a script.  Anyone can see those credentials and use them at any time.


    \_(ツ)_/

    Friday, July 26, 2019 1:07 PM
  • because my experience with scripts is limited, should i save the above command:

    Start-Process -FilePath \\sharepath\NDP472-KB4054530-x86-x64-AllOS-ENU.exe -ArgumentList "/q /norestart"

    as .ps1 file? or as .vbs file?

    Friday, July 26, 2019 1:26 PM
  • I recommend learning how to use a search service for questions about how to use GP and Windows.

    install net framework gpo


    \_(ツ)_/

    Friday, July 26, 2019 2:13 PM
  • Hi,

    The powershell script is suffixed with .ps1。

    Also, please refer Jrv's suggestion use a startup script.

    Or use task scheduler to specify an administrator account to run it.

    Or just use software installation policy to remotely install software.

    https://pdf.wondershare.com/business/how-to-deploy-software-with-gpo.html

    https://support.microsoft.com/en-us/help/816102/how-to-use-group-policy-to-remotely-install-software-in-windows-server

    Best  regards,

    Lee


    Just do it.

    Tuesday, July 30, 2019 6:55 AM
  • Hi Lee,

    thanks for your reply.

    I've used remotely installation policy many times with the other software packages and i was successful. remotely installation requires .msi files and that's ok. 

    i haven't been able to convert .net framework.exe to .msi yet and i think it can't be done with .net 4.7.2 but, i will try the task scheduler you suggest.

    my problem is that the script works, but only under logon script and not as startup script and with whichever script i try to use, although i've made all configuration correct. i've only need to bypass the UAC that appears when the user logs on.

    my last try will be WSUS...

    Tuesday, July 30, 2019 7:18 AM
  • For someone to end up in here to ask a question, means that he has tried many things and failed. these forums are also for people looking for advise from more experienced people, like you. i don't think your reply would help anyone...
    Tuesday, July 30, 2019 7:22 AM
  • An MSU cannot be converted to an MSI. Net Framework installs are system level installs and must be installed by the system installer.  MSI cannot install system files outside of drivers.

    WSUS can install patches and system updates which is what MSU files are for.


    \_(ツ)_/

    Tuesday, July 30, 2019 7:25 AM
  • For someone to end up in here to ask a question, means that he has tried many things and failed. these forums are also for people looking for advise from more experienced people, like you. i don't think your reply would help anyone...

    Sorry b ut we cannot overcome your issue. The only wy to do this is as noted above. If you don't understand then you will need to learn more about how Windows NT is designed and how it works. There are schools that can teach you and many books about the technology.

    Of course you could just accept an answer from someone who has been programming NT since it was in beta.

    A user cannot install system patches.  The install must be done by an Admin or under the Syatem ccount.


    \_(ツ)_/

    Tuesday, July 30, 2019 7:29 AM
  • this advise is acceptable and believe me, i do understand...

    thanks for your time...

    Tuesday, July 30, 2019 7:37 AM
  • WSUS is my next step
    Tuesday, July 30, 2019 7:38 AM