Installing 2Simple Software with GPO (Group Policy Objects) For the latest version of this document please go to www.2simple.com > support > networks Before reading this document, we recommend you read the general network installation FAQ here: http://support.2simpleweb.com/public/docs/general/networks.pdf This document is intended for a user with some technical knowledge about networking. You will need a Windows 2000 or above domain architecture, with 2000+ clients. The 2Simple Collection - The Collection is a combined set of 28 programs from 2Simple. If you are installing this, use the GPO method below for each of the 28 individual MSIs (note we now send out the Collection with all 28 MSIs included on one DVD. Previously, we sent the Collection with 3 DVDs. If you have 3 DVDs, the individual MSIs are in DVD 2; DVD 1 contains combined installs for the 2Simple programs, but we do not recommend deploying these via GPO the combined installs no longer have the latest versions of all 28 programs.) If you assign all 28 MSIs to all computers in one go, this could cause stress on your network it may be better to assign to subsets of computers (using organisation units), or not assign all 28 programs at once. Note also that if you assign all 28 MSIs at once, the local workstations, when rebooted, may take an hour or more to install all the programs since the total size is over 2GB. You will not be able to use the workstation during this time, so it may be best to reboot the computers at the end of the day if you plan to install all 28 programs at once. For more info on the 2Simple Collection see http://support.2simpleweb.com/public/docs/general/2simple_collection.pdf 2Email is the only 2Simple program with a 2-part install. The client MSI can be added to GPO and deployed to all machines, but the server MSI should be installed once only, on the server. Refer to the 2Email user guide for more details. Lite Installs - A number of programs have lite installs available including 2Create A Story, 2Control NXT, 2Do It Yourself, 2Paint A Picture, 2Publish+, Infant Toolkit, Music Toolkit. These installs do not include the help videos and are much smaller in size. We recommend installing the lite installs via GPO (rather than the full ones) as they are much quicker to install and take up less space on the workstations. The videos could instead be accessed from the server or from our website www.2simple.com/videos. If the lite installs are not available on your CDROM, contact 2Simple support and we will send you a download link. Method: 1. Setup a network share with permissions and copy the necessary MSIs to this folder. a. Locate an area on your server and create a directory. You could name it applications. Insert the 2Simple CD into the server, and browse the contents. Most CDs include the MSI in the root of the disc and are formatted 'name_version.msi' - eg "2Create_1.5.0.1422d.msi". Copy the MSI to the folder on the server.
b. There are 2 areas where permissions need to be set: (1) Share Permissions: Right click the application directory, and select Properties. Click the sharing tab, and select Share the folder. Now click Permissions and make sure the group named Everyone has read access allowed (this should already be set by default.) (2) NTFS Permissions: Select the Security tab, click Add, and add the Authenticated Users and Domain Computers security groups. Give them the following permissions: Read, Read&Execute, List Folder Contents. Click Advanced and tick Replace permission objects on all child objects with entries shown here that apply to child objects. Click Ok then Apply to complete.
2. Setup GPO in Active Directory for Windows 2000/2003 Server When you add a computer to the domain, the computer object will be located in the Computers container (by default). In order to apply a group policy object, these computer objects will need to be moved into a new or existing OU (organizational unit). For example, you could have an OU for Lab PC s and one for Staff PC s, thus giving you the ability to only apply the GPO to the necessary group. In the following example, we will be editing the Default Domain Policy which will apply these installation settings to ALL Organisational Units in AD. If you wish to apply the software to a particular set of PC s on your network, refer to section 2a. Windows 2000 Server : Click Start > Programs > Administrative Tools > Active Directory Users and Computers. Right-click your domain name and select Properties and then Group Policy Tab. You will notice that it reads Default Domain Policy. Click edit and you will get the Group Policy Screen. Proceed to Step 3.
Windows 2003 Server: Click Start > Programs > Administrative Tools > Active Directory Users and Computers. Right-click your domain name and select properties. Select the Group Policy Tab. You will notice that you are now prompted to open the Group Policy Management Console. Open up this console. In the Group Policy Management Console you will see Default Domain Policy under your domain name. Right click the Default Domain Policy and click edit. You will now see the Group Policy Screen. Proceed to Step 3.
2a. Create a separate OU Right click your domain name, select New then Organizational unit. Give it a name, for example Lab PCs. Right-click the OU you have just created and select Properties and then select the Group Policy tab. From here you will be able to open the Group Policy Management Console as you have done previously. Right click the OU and select Create and Link a GPO here. Give you policy a name and click OK. Now that you have created this OU you will be able to add the software installations as it has been previously specified for Default Domain Policy. The same principal can be applied to Windows Server 2000 AD
3. Setting up GPO (Group Policy Object) On the Group Policy Object Editor screen, select Computer Configuration, expand Software Settings then Software Installation. In the white area, right click and select New, then Package. Refer to Image below. 4. Navigate to the share location you created in Step 1. It is CRITICAL that you use a UNC pathname i.e. it starts with \\ and not a drive letter. This means, in the open text field type \\your-server-name\applications\ and then hit enter. Select, the MSI and Assign it on the next screen. Once complete it should appear similar to the screen below (there may be a delay before it appears on screen if the MSI is large.) You have now configured a GPO for deploying a 2Simple application to your machines. You can repeat the above step and have multiple MSI s in the one GPO object. Note that it can take up to an hour for the desktop pc s to receive the new GPO settings. You can force the desktops to receive these settings instantly by typing gpupdate /force (or secedit /refreshpolicy for 2000 clients) in the start > run box. You may also need to restart the local computer up to 2 times before the software will install. When the computer is booting into Windows, you should notice that after applying computer settings the prompt will change to Installing managed Software <<Name of MSI>>. Once complete, you will then be prompted to log on as usual. On the desktop you will notice a shortcut for the program you have just installed or you will be able to find it under start->programs->2simple Software.
5. Common Problems Permissions If permissions are not set correctly, the workstation will not be able to retrieve the MSI from the server. Since the MSIs are installed before the login screen, it is very important that the Domain Computers security group is given permission to the application folder. Also note that SHARE permissions always overrule NTFS permissions. Group Policy Replication Different networks take different times for the settings on the server to replicate to desktop PC s. You can force this by using gpupdate. Also if you want to confirm that the PC has received your new settings, go to start->run and type MMC and press enter. On the MMC screen, go to file then Add/Remove Snap in and add the Resultant Set of Policy console. Right click Resultant Set of Policy and select Generate RSOP Data. Continue hitting Next for every proceeding screen until a progress bar appears which will generate the report. If there is a problem you will notice a yellow exclamation mark or a red circle. Scroll down to the software installations folder and right click the MSI and select properties and view the error information tab. This will give you details why the installation may have failed. In the example below it has failed because we did not use a UNC pathname for the 2Email Client MSI. C Drive Space For the MSI s to be added to your GPO, your server must enough space on the C Drive (or the letter of the Operating System Drive). If you are installing every 2Simple program on your network, this can add up to about 3 GB. If you don t have enough space, you will receive an error, Add Operation Failed: Unable to extract Package Information when you try and assign the package. Please make sure you desktop machines also have enough space on the C Drive (or the letter of the Operating System Drive).
Error when assigning the Collection 2 combined install via GPO If you are installing the 2Simple Collection via GPO and use the combined MSIs rather than the MSIs for each individual program (we do not recommend this see page 1), you may receive an error, "The System administrator has set policies to prevent this installation" OR "Add operation failed. Unable to extract deployment information from the package. Run validation on the package to ensure that the package is correct". Please visit the following link and download the appropriate hot fix for your system: http://support.microsoft.com/kb/925336 (2003 Server only). This error may also occur when installing the Collection 2 MSI on a stand-alone machine. The "Add operation failed error has also been known to relate to machine drive mappings. See Error 1327. Invalid drive in www.2simple.com > support > installations. 2Simple Software support@2simple.com 020 8203 1781 Last updated 6 Feb 2012