Wednesday, September 22, 2010

How to Deploy Microsoft .NET Framework 4 with Group Policy

In this blog post I'm going to show you how to mass deploy .NET Framework 4 to all PC's in your Active Directory domain.

EDIT: THIS METHOD BELOW WILL NOT WORK. MICROSOFT DOES NOT SUPPORT DEPLOYING .NET FRAMEWORK 4 VIA MSI. YOU WILL RECEIVE ERROR ERROR 25003. INSTEAD PLEASE REFER TO MY FOLLOWING ARTICLE AND PUSH IT OUT VIA STARTUP SCRIPT INSTEAD.

Deploy .NET Framework 4 using a Startup Script:
http://clintboessen.blogspot.com/2010/11/how-to-deploy-microsoft-net-framework-4.html


Download .NET Framework 4

First download .NET Framework 4 from the following location:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0a391abd-25c1-4fc0-919f-b21f31ab88b7&displaylang=en

Extract the Package

Run the setup file "dotNetFx40_Full_x86_x64.exe"

The setup file will automatically extract to a random directory on the drive with the most available disk space:



When the setup wizard opens do not click next just leave it open!

Create a new Group Policy Object

Create a new group policy object to be used for deployment. Make note of the GUID.



Move the .NET Framework Files

Navigate to a location on the network where you want to store the installation files. I stored them in the following location:

\\kbombserver\netlogon\software

Create a folder called Frameworkv4.

Copy all files from the temporary extracted directory to:

\\kbombserver\netlogon\software\frameworkv4



Once the files are copied you can cancel the .NET Framework installation wizard which we started in an above step. We only ran the setup file so it would extract the files.

Create the Administrative Install Points

Create Administrative Install Points for 4 MSI's:
- .NET Framework v4 x86 for Server Core
- .NET Framework v4 x64 for Server Core
- .NET Framework v4 x86 for XP, Vista, Win7, and Full Installations of Windows Server
- .NET Framework v4 x64 for XP, Vista, Win7, and Full Installations of Windows Server

Run the following commands in a command prompt:

msiexec /a \\kbombserver\netlogon\software\frameworkv4\netfx_Core_x86.msi EXTUI=1 TARGETDIR=\\kbombserver\netlogon\software\frameworkv4\AIP\netfx_core_x86

msiexec /a \\kbombserver\netlogon\software\frameworkv4\netfx_core_x64.msi EXTUI=1 TARGETDIR=\\kbombserver\netlogon\software\frameworkv4\AIP\netfx_core_x64

msiexec /a \\kbombserver\netlogon\software\frameworkv4\netfx_extended_x86.msi EXTUI=1 TARGETDIR=\\kbombserver\netlogon\software\frameworkv4\AIP\netfx_extended_x86

msiexec /a \\kbombserver\netlogon\software\frameworkv4\netfx_extended_x64.msi EXTUI=1 TARGETDIR=\\kbombserver\netlogon\software\frameworkv4\AIP\netfx_extended_x64



Deploy .NET Framework with Group Policy

Add the package in Group Policy.



Assign both the x64 and x86 packages extended packages.

x64 will only install on x64 machines.
x86 will only install on x86 machines.

Also assign the core ones if you have Server Core installations of windows.



The packages also need the following MST assigned from Aaron Stebner's WebLog:

http://cid-27e6a35d1a492af7.office.live.com/self.aspx/Blog%5E_Tools/netfx4%5E_aip.mst

The transform changes the condition for CA_BlockDirectInstall to False so it will not be run during the installation process.

If you dont include the MST you will get the following error when the application trys to deploy via MSI:



Place the MST with the MSI and add it to the deployed application:



Note: For the 32bit package make sure you go into advanced deployment options on the deployment tab and untick "Make this 32-bit X86 application available to Win64 machines.

Always wait for the network at computer startup and logon

My Windows 7 PC's all booted too fast and missed the application deployment during startup. They all received the following error in the event logs:

Log Name: System
Source: Application Management Group Policy
Date: 22/09/2010 8:28:12 PM
Event ID: 101
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: kbombpc.kbomb.local
Description:
The assignment of application Microsoft .NET Framework 4 Extended x64 from policy Microsoft .NET Framework 4 failed. The error was : %%1274




To resolve this I had to set the following group policy:

Computer Configuration --> Administrative Templates --> System --> Logon --> Always wait for the network at computer startup and logon



Error 25003. Error occurred while initializing fusion.

Hey guys sorry I'm currently getting the following error when it deploys:

Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 10005
Date: 22/09/2010
Time: 10:09:40 PM
User: NT AUTHORITY\SYSTEM
Computer: ARIA
Description:
Product: Microsoft .NET Framework 4 Extended -- Error 25003. Error occurred while initializing fusion.




Will let you know as soon as I have a fix.

14 comments:

  1. anthony.mcgrath@parkes.nsw.gov.auSeptember 29, 2010 at 10:20 PM

    I managed to duplicate your problem !:(

    Any resolutions?

    ReplyDelete
  2. yeah i'm working with Microsoft on this now. I think we may need to do it via startup script. I will write a new article this weekend on how to do this!

    ReplyDelete
  3. That would be useful

    ReplyDelete
  4. Have you been able to fix your problem ? I'm getting the same thing.

    Thanks!

    ReplyDelete
  5. Any resolution yet? Great post!

    ReplyDelete
  6. I've been slack. Putting the resolution together now. Sorry guys!

    ReplyDelete
  7. Hi Clint, I was having the same problem... Installing the "Client Profile" before installing the "Extended" Framework solved it.. Not 100% sure why, but there we go!

    ReplyDelete
  8. maybe you should add a notice to the top of the article so suckers like me don't complete all of the steps only to get to the bottom and be told it doesn't work.

    ReplyDelete
  9. This is a great post but still i need some more anyone can help me

    ReplyDelete
  10. FYI, this method DOES work, but you have to do two things:
    1) Use the transform listed above to knock out the CA_BlockDirectInstall property in BOTH the Core and Extended msi's
    2) Deploy the netfx_Core*.msi, THEN deploy the netfx_Extended*.msi. Deployment order matters!

    I used this to successfully deploy EMET 4.1 and .NET 4.0 via GPO.

    ReplyDelete
  11. This doesn't work at all with net framework 4.5.2. when making the administrative installation points, it gives an error that an mzz file doesn't exist (e.g. netfx_extended.mzz). And the mzz files it wants don't exist in the installation source.

    ReplyDelete