GPO

This is a note for all others searching for a Azure Data Studio version that can be deployed in Enterprise via Active Directory. I've created a full-fledged per machine and per user MSI setup for the Azure Data Studio-Team (see case 4126) to make Azure Data Studio deployable via Active Directory. If you'd like to push it out to your users desktops - it exists now. No need to wrap suxxx InnoSetup EXE installer into an MSI any longer.

Please do understand this setup as PREVIEW as it should be automatically build by Azure Data Studio project. Until a version exists that can disable automatic updates (optionally) I do not name this FINAL. The installer defaults to per machine installations and should also install per user in roaming app data folder as recommended. Automatic updates should intentionally fail as inno_updater has been dropped.

This is a note for all others searching for a VSCode or VSCodium version that can be deployed in Enterprise via Active Directory. I've created a full-fledged per machine and per user MSI setup for the VSCodium Team (see case 106) to make VSCodium / VSCode deployable via Active Directory. If you'd like to push it out to your users desktops - it's available now. No need to wrap suxxx InnoSetup EXE installer into an MSI any longer. All my hate goes to ignorant VSCode project maintainers like joaomoreno who think they do not need to support MSI (see case 33184). Maybe he has a manager who can force him to implement standard Microsoft setups that simply must exists.

Please do understand this setup as PREVIEW as it should be automatically build by vscodium project. The installer defaults to per machine installations and should also install per user in roaming app data folder as recommended.

Since Oracle has decided to charge enterprise customers with upcomming JDK11 and JRE11 people need to look for alternatives. There is OpenJDK around that can close the gap.

As you may expierienced in past - Oracle has changed the MSI files embedded into their EXE setups in version 8.x a few times and cleaned up their installer a lot. At first thought it was a WTF are they doing there in the middle of 8.x, but on the end it became clear that they cleaned up the 8.x installer only. It was an outgrown mess over the years and full of garbage. However - they broke the ability to deploy it easily. Now after the setup cleanup a lot of knowledge and guessing is required to fix the MSI database and make it installable via AD GPOs. It is clear that they like to sell the customer only enterprise MSI installer that nobody want to pay $ 100K for. With Java 9 they started to hide the MSI file more. The MSI files are no longer extracted to TEMP folder if you run the EXE setup. But it is still an MSI and this goes into C:\Windows\Installer folder. You can still make a snapshot of a virtual machine, install Java and grab the MSI from the Installer folder.

Now with Java 11 and later Oracle plans to release a new major Java version every ~6 months and force all end users to upgrade to the latest version. Java version 8.x is no longer supported after in January 2019 without a payed LTS contract. Long term versions are than only available to enterprise customers. Additionally enterprise users always need to license their servers and client computers running Java. They are no longer allowed to use the end user Java versions. End users are not affected by this change.

You may have seen that SQL Server Management Studio 2017 automatically bubbles and asks for updates. But your users do not have permission to install updates and you maintain updates via WSUS. SQL Server Management Studio 17.x is available via WSUS.

Microsoft has for unknown reasons moved this setting into HKEY_CURRENT_USER. How stupid is this... Software is deployed per machine and not per user. Software is only deployed by idiots per user.

Now you have two options:

1. Walk to every users and uncheck the Tools > Check for Updates > Automatically check for updates for SQL Server Management Studio setting. Not really an enterprise solution.
   

   

There exists an annoying bug in Windows 7 with GPOs and RODCs that makes your users waiting 20 minutes until the computer starts installing software via Active Directory.

The infrastructure has a central site with 2 DCs 2008 R2 and several branch offices with Read Only Domain Controller located on every office. The problem is that when some changes are done on the Group Policies in the central site (modify old GPOs, create new ones, most often install software like Flash player) after the restart (or gpupdate /force) when the new settings are applied it take about 20 minutes for the client to boot.

Windows boots and show a throbber with "Applying software installation policy..." for about 20 minutes (10 minutes per machine + 10 minutes for user GPO timeout). This happens only after you have changed a GPO and only once. It doesn't matter if this is a software policy or any random setting. The setting get's applied and all other future reboots are fine, until you change anything again inside a GPO.

If you'd like to deploy VMware Player in your Enterprise you need to extract the MSI setup from the standard setup. You need to download the normal VMware-player-4.0.1-528992.exe file from VMware site. Than just launch these installer .exe, wait until the setup shows the "Welcome to the installation wizard for VMware Player", but don't install the Player. While the setup is launched setup creates a folder in C:\Users\%username%\AppData\Local\Temp\vmware_[random number]. Make a copy of this folder to your distribution share. Cancel the launched setup. Now you have the required MSI file vmware player.msi in the copied folder.

If you try to deploy VMware Player 4.0.0-471780 or 4.0.1-528992 to your Desktops via Active Directory you will expierence some major difficulties. At very first it's not possible to install at all. After some investigation it looks like very many others reported this bug in the VMware Community Forums, but nobody came up with a solution.

This is a note for all others searching for a XMind - Mind Mapping version that can be deployed in Enterprise via Active Directory. I'm not a developer of XMind, but I've created a full-fledged per Machine MSI setup for the XMind Team to make XMind deployable via Active Directory. If you'd like to push it out to your users desktops - it's available now. No need to wrap suxxx NSIS installer into an MSI any longer.

It has been deployed to ~50 machines without any issues. I have not received any feedback from the XMind guys yet, but hope it will see the public light soon.

These are the setup features that have been implemented and can be enabled/disabled via transforms:

This is a note for all others searching for a Notepad++ version that can be deployed in Enterprise via Active Directory. I'm not a developer of Notepad++, but I've created a full-fledged per Machine MSI setup for the Notepad++ Team to make Notepad++ deployable via Active Directory. If you'd like to push it out to your users desktops - it's available now. No need to wrap suxxx NSIS installer into an MSI any longer.

These are the setup features that have been implemented and can be enabled/disabled via transforms:

In best practice Enterprise environments, users have a home directory and the folders like AppData\Roaming and Documents will be redirected with Windows Policy named Folder Redirection to their home drive located on network. In AppData\Roaming folder very many applications are saving their user specific data and this allows a user to log on to any PC in your company with keeping all settings intact. The AppData\Roaming folder become larger over time and 300MB are very common in todays world. For performance reasons you should not copy this on every login/logout to the computer and back to the server. There is many banana software on the market from developers that are not aware of this technology. Notify them, this are bugs - no discussion.

It's best practice to enable the policy Delete Cached copies of roaming profiles that truncates a local user profile from disk to free up disk space after a user logs off a computer. With Windows 7 this stuff can be cached locally for some time, but the performance reasons are still the same.

With version 15 Google seems to have published the very first version of Google Chrome for Business that at least starts up/opens in an Enterprise environment with Roaming Profiles and redirected AppData folders. Yes - You have read correctly - they are at version 15 and this is the first version that may work. They claimed in december 2010 with Version 11 that Chrome is Ready for Business. The only thing that was ready - was a very limiting MSI wrapper that is not a full-fledged MSI setup. These version 11 was not ready for Business and the only important functionality was the installation to %ProgramFiles% folder, but this does not make Chrome ready for Business. It's still only a suxxx MSI wrapper around the normal installer and as one example - it does not allow you to customize the icon folders.