## Cleanup Group Policy Software Installations

Group Policy can be a wonderful way to manage software. As long as you can come up with a .msi, all you have to do is assign the appropriate group to the software Policy, assign the workstation to the appropriate group, and Active Directory takes care of the rest. You can even specify in the policy that the software should automatically uninstall when it falls out of scope (when the Policy is deleted, disabled, or the workstation is removed from the group). This leaves the workstation ready for the next version to be installed, or ensures the software is removed for licensing reasons.

This also introduces a problem. Sometimes you will run into applications that, for whatever reason, do not come off cleanly. They may be removed from the machine, or mostly removed, but if the computer still thinks they are partly installed it will continue trying to remove them every time policy is applied at startup. Not only that, but no new software installations via group policy will take place until the situation is resolved. Obvously, if you are trying to upgrade one or more applications, this is an issue. All of the applications successfully remove themselves, save our problem app, and now NONE of the new versions can be installed.

One way to fix this is to install run the Microsoft Installer Cleanup Utility (retired by MS, but still available if you look). This utility will show applications that still have remnants hanging about in the system, even if they don’t show up in add/remove programs, and allow you to remove the remaining references. Thus, group policy processing is happy, and the rest of your installs proceed the next time you boot.

That way is obviously not ideal when you are managing ~2000 workstations. So, finally, I have managed to develop a better method. Run the following VBScript as a startup script on the affected workstations. It will do the following:

1. Delete the reference to the app inthe Group Policy reg key, making GP happy and allowing other apps to install.
2. Reinstall the app from the msi, for a pristine new install that can then be…
3. Removed cleanly

Startup scripts run after software installation is processed, so it will take two reboots to complete the upgrade. Depending on how large the application is, give it sufficient time to install and uninstall before you reboot.

Here is the magic! Save it as whatever.vbs

  'Created by Jay P Morgan 'Locate the application under \AppMgmt\ in the registry 'Modify strHive, strKeyPath, strMSI - then run. 'http://msdn.microsoft.com/en-us/library/aa393664(v=VS.85).aspx Option Explicit Const strHive = "HKLM\" Const strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{enter the key here}" Const strMSI = """\\server\share\path\to\file.msi""" Const strComputer = "." Const WindowHidden = 0 Const WaitForRun = True Const HKCR = &H80000000 Const HKCU = &H80000001 Const HKLM = &H80000002 Const HKU = &H80000003 Const HKCC = &H80000005 Const HKDD = &H80000006 Dim objRegistry, objShell Dim arrValueNames(), arrValueTypes() Dim strInstall, strUninstall strInstall = "msiexec /i " & strMSI & " /qn" strUninstall = "msiexec /x " & strMSI & " /qn" Set objRegistry = GetObject("Winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") If objRegistry.EnumValues(HKLM, strKeyPath, arrValueNames, arrValueTypes) = 0 Then ' wscript.echo "GP registry key found; Deleting Key" objRegistry.DeleteKey HKLM, strKeyPath Set objShell = Wscript.CreateObject("Wscript.Shell") ' wscript.echo "Reinstalling program" objShell.Run strInstall, WindowHidden, WaitForRun ' wscript.echo "Removing program" objShell.Run strUninstall, WindowHidden ' wscript.echo "Complete" 'Else ' wscript.echo "GP registry key Not found" End If 

~ by Jay P Morgan on February 24, 2011.