In this article you will learn how to use Active Directory software installation to deploy a custom build of Internet Explorer 9 that you created by using the Internet Explorer Administration Kit (IEAK).
Latest posts by Timothy Warner (see all)

Thus far in this series about IEAK we have covered the initial configuration and creating custom build of Internet Explorer 9. In this installment we turn to how we can leverage Active Directory software installation in Windows Server 2008 to deploy our newly created IE9 installation package.

Preliminary Steps

In this tutorial I assume that we have the following assets in place:

  • An Active Directory Domain Services (AD DS) domain
  • A file share that stores our IE9 .MSI file(s)

For example, the screenshot below shows the contents of my development server’s Universal Naming Convention (UNC) path \\SERVER01\ie:

IE administration kit - IEAK package distribution point

IEAK package distribution point

I also configured the User Experience page of the Internet Explorer Customization Wizard to match what is shown in the screenshot below:

IE administration kit - IEAK User Experience

Specifying level of interaction between user and IEAK

These options are not trivial. You need to determine in advance the level of interaction you want your users to have with the IE9 installation process, as well as decide how aggressive you need the installer to be in terms of prompting/forcing system restarts.

NOTE: In general, users do not like automated software installations that force restart their computers because doing so offers them no opportunity to save their work prior to the restart’s occurrence.

Assigning the IE9 Software Package

Now let’s turn our attention to creating a Group Policy Object (GPO) with which we can assign the IE9 installation package.

In my experience, the fastest way to open the Group Policy Management Console (GPMC) is to click Start > Run on your Windows Server 2008 domain controller, type gpmc.msc, and click OK.

Once we are inside the GPMC, right-click the Group Policy Objects node and select New from the shortcut menu. In the screenshot below, I right-clicked the domain object to define and link a new GPO in a single step.

IE Adnistration Kit - IEAK- Group Policy

Creating and linking a GPO

Give your new GPO a descriptive name with no spaces.

IE Admistration Kit - IEAK - New GPO

Naming a new GPO

Use the Security Filtering tools in GPMC to scope your IE9 installation GPO for the desired AD user and computer populations.

IE Administration Kid - IEAK - Security Filtering

Filtering the scope of a GPO

Now let’s get down to work! Right-click your new GPO and select Edit from the shortcut menu; this opens the GPO in the Group Policy Management Editor.

Once there, navigate to Computer Configuration\Policies\Software Settings, right-click Software Installation, and select New > Package.

IE Administration Kit - IEAK -Creating a new software package

Creating a new software package

This next step is important: Do NOT use the Windows Explorer controls to browse to your Windows Installer (.MSI) package. Instead, type the UNC path to the target file in the File name text box. I have no idea why Microsoft allows us to specify a local path for this dialog box—it is asinine.

IE Administration Kit -Specifying the IEAK package location

Specifying the IEAK package location

In the Deploy Software dialog box, choose whether you will publish or assign your software package. When you publish software in Active Directory, users can choose to install the software at their convenience through the Programs and Features Control Panel item.

Because in this tutorial upgrade to IE9 is not an option, we will assign the software, which forces the installation.

The Advanced option performs a software assignment but also enables administrators to pass additional arguments to the installation routine.

IE Administration Kit - Selecting a package deployment method

Selecting a package deployment method

The following screenshot shows the completed GPO configuration.

IE Administration Kit - The completed GPO configuration

The completed GPO configuration

Before we mosey on over to a domain workstation to test out the IE9 deployment, we should open an administrative command prompt on our domain controller and issue gpupdate/force to mandate a Group Policy refresh throughout the domain.

IE Administration Kit - Forcing a Group Policy update

Forcing a Group Policy update

The Client-Side Experience

The next screenshot shows what the pre-upgrade browser looks like in Windows 7:

IE Administration Kit - The client browser pre-upgrade

The client browser pre-upgrade

Once the client machine processes the new Group Policy, your users will see either all dialog boxes, only progress message boxes, or nothing, depending upon the user interaction setting you specified during the creation of your custom IE9 package.

IE Administration Kit - IE9 installation status

IE9 installation status

IE Administration Kit -IE9 installation status

IE9 installation status

The last screenshot shows the client browser environment post upgrade to IE9. Note the special branding in the title bar, the new Favorites bar shortcut, and the home page that defaults to

IE Administration Kit - The client browser post-upgrade

The client browser post-upgrade


So now we have all our knowledge and skills in place to deploy a custom build of Internet Explorer 9 Web browser to our organization’s user population. You might now be wondering, “That’s well and good, but how do I make changes to my users’ browsers down the road? How can I force the adoption of particular browser preferences?”

Well, I’m glad you asked! In the fourth and final installment of this series, I will show you how to perform post-installation maintenance of IE9 in addition to how we can again leverage Group Policy, this time to lock down browser preferences. Thanks for reading!


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account