- Install Ansible on Windows - Thu, Jul 20 2023
- Use Azure Bastion as a jump host for RDP and SSH - Tue, Apr 18 2023
- Azure Virtual Desktop: Getting started - Fri, Apr 14 2023
Thus far in this series about IEAK we have covered the initial configuration and creating custom build of Internet Explorer 9. In this installment we turn to how we can leverage Active Directory software installation in Windows Server 2008 to deploy our newly created IE9 installation package.
Preliminary Steps
In this tutorial I assume that we have the following assets in place:
- An Active Directory Domain Services (AD DS) domain
- A file share that stores our IE9 .MSI file(s)
For example, the screenshot below shows the contents of my development server’s Universal Naming Convention (UNC) path \\SERVER01\ie:
IEAK package distribution point
I also configured the User Experience page of the Internet Explorer Customization Wizard to match what is shown in the screenshot below:
Specifying level of interaction between user and IEAK
These options are not trivial. You need to determine in advance the level of interaction you want your users to have with the IE9 installation process, as well as decide how aggressive you need the installer to be in terms of prompting/forcing system restarts.
NOTE: In general, users do not like automated software installations that force restart their computers because doing so offers them no opportunity to save their work prior to the restart’s occurrence.
Assigning the IE9 Software Package
Now let’s turn our attention to creating a Group Policy Object (GPO) with which we can assign the IE9 installation package.
In my experience, the fastest way to open the Group Policy Management Console (GPMC) is to click Start > Run on your Windows Server 2008 domain controller, type gpmc.msc, and click OK.
Once we are inside the GPMC, right-click the Group Policy Objects node and select New from the shortcut menu. In the screenshot below, I right-clicked the domain object to define and link a new GPO in a single step.
Creating and linking a GPO
Give your new GPO a descriptive name with no spaces.
Naming a new GPO
Use the Security Filtering tools in GPMC to scope your IE9 installation GPO for the desired AD user and computer populations.
Filtering the scope of a GPO
Now let’s get down to work! Right-click your new GPO and select Edit from the shortcut menu; this opens the GPO in the Group Policy Management Editor.
Once there, navigate to Computer Configuration\Policies\Software Settings, right-click Software Installation, and select New > Package.
Creating a new software package
This next step is important: Do NOT use the Windows Explorer controls to browse to your Windows Installer (.MSI) package. Instead, type the UNC path to the target file in the File name text box. I have no idea why Microsoft allows us to specify a local path for this dialog box—it is asinine.
Specifying the IEAK package location
In the Deploy Software dialog box, choose whether you will publish or assign your software package. When you publish software in Active Directory, users can choose to install the software at their convenience through the Programs and Features Control Panel item.
Because in this tutorial upgrade to IE9 is not an option, we will assign the software, which forces the installation.
The Advanced option performs a software assignment but also enables administrators to pass additional arguments to the installation routine.
Selecting a package deployment method
The following screenshot shows the completed GPO configuration.
The completed GPO configuration
Before we mosey on over to a domain workstation to test out the IE9 deployment, we should open an administrative command prompt on our domain controller and issue gpupdate/force to mandate a Group Policy refresh throughout the domain.
Forcing a Group Policy update
The Client-Side Experience
The next screenshot shows what the pre-upgrade browser looks like in Windows 7:
The client browser pre-upgrade
Once the client machine processes the new Group Policy, your users will see either all dialog boxes, only progress message boxes, or nothing, depending upon the user interaction setting you specified during the creation of your custom IE9 package.
IE9 installation status
IE9 installation status
The last screenshot shows the client browser environment post upgrade to IE9. Note the special branding in the title bar, the new Favorites bar shortcut, and the home page that defaults to 4Sysops.com.
The client browser post-upgrade
Conclusion
So now we have all our knowledge and skills in place to deploy a custom build of Internet Explorer 9 Web browser to our organization’s user population. You might now be wondering, “That’s well and good, but how do I make changes to my users’ browsers down the road? How can I force the adoption of particular browser preferences?”
Well, I’m glad you asked! In the fourth and final installment of this series, I will show you how to perform post-installation maintenance of IE9 in addition to how we can again leverage Group Policy, this time to lock down browser preferences. Thanks for reading!
