• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

GPO installation of client

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> GPO installation of client Page: [1]
Message << Older Topic   Newer Topic >>
GPO installation of client - 15.Feb.2005 3:35:00 PM   


Posts: 4
Joined: 21.Jan.2005
From: Leeds, UK
Status: offline
I want to roll out ISA 2004 client using a GPO in Active Directory. I'm testing the setup prior to Assigning it to around 300 PCs.

I can get it to work just fine, but I find that the next login after installation triggers a pop-up window wanting information on the ISA server and so on. The fields are all pre-filled-in with the correct information (I've set up Autodiscovery).

My question is: how do I prevent this pop-up window? I know I could instruct all my users to press OK, but I'd prefer that it install completely silently.

The only silent installation I can find uses login scripts; but Active Directory GPOs are a much better approach in my situation.

Many thanks in advance for any advice.

Stephen Franks
Post #: 1
RE: GPO installation of client - 18.Feb.2005 1:41:00 AM   


Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Stephen,

Are you assigning the Firewall client to the machines or users?

IIRC, when its assigned to PCs, the install is completely transparent and uses the default of autodetect.


(in reply to sfranks)
Post #: 2
RE: GPO installation of client - 21.Feb.2005 6:59:00 AM   
Hi Stephen and Tom,

I'm having the same problem you describe. I've assigned the GPO to some test WinXP computers and the Firewall Client installs perfectly as the computer starts up but the next time someone logs in to that machine, the configuration page appears. I've watched the registry and file system closely using ntregmon and ntfilemon and the only place I can see the configuration being stored is in <Documents and Settings>\<User>\Local Settings\Application Data\Microsoft\Firewall Client 2004\management.ini and common.ini.

I find it very strange that MS would release a product that uses ini files instead of the registry to store settings. It makes central management of this feature such a pain.


(in reply to sfranks)
  Post #: 3
RE: GPO installation of client - 28.Feb.2005 11:52:00 PM   


Posts: 34
Joined: 10.Sep.2003
From: Denver
Status: offline
I've also had this issue. Assigning the FW_FWC.MSI under Computer Configuration \ Software Settings \ Software Installation (as assigned) in group policy does indeed install the client, but it adds "Microsoft Firewall Client Management" to the startup folder, which opens upon startup, giving users an opportunity to change the settings... Anyone have a workaround for this to make it a completely silent install?



(in reply to sfranks)
Post #: 4
RE: GPO installation of client - 2.Mar.2005 8:17:00 AM   


Posts: 1
Joined: 28.Feb.2005
Status: offline
hello. this is my first post [Smile]

and i'm having this problem too.

could you show your scripts? the ones you use to auto-configure client not to pop-up (and i guess, to hide when connected - i'd prefer this one too).

(in reply to sfranks)
Post #: 5
RE: GPO installation of client - 2.Mar.2005 4:28:00 PM   


Posts: 6
Joined: 9.Feb.2004
Status: offline
I looked at this issue today and found that checking the box to hide the icon in the notifcation area seems to be what causes the pop-up when the Firewall Client Management shortcut is launched.

If you don't want users to see the management utility at all, just make a machine startup script via group policy to detect and remove the shortcut from the All Users profile...

...and remember that if your environment is properly secured, disabling the client should get your users nowhere! Of course you may just want to protect them from themselves and prevent those "My internet isn't working!" help desk calls after they fiddle with it.

Edit: After looking some more. It seems there is a bit more to this than I thought. The pop-up due to checking the 'hide' icon' box is only true if the management app is already running. It is a separate issue from the pop-up after installation. I do see this pop-up after assigning the client to computers (not users) through group policy. Still the best solution is probably to delete the shortcut...

[ March 02, 2005, 04:51 PM: Message edited by: Mike12 ]

(in reply to sfranks)
Post #: 6
RE: GPO installation of client - 4.Mar.2005 12:19:00 AM   


Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
You are correct the first run after assigning via GP and logging in the user is presented with the configuration screen set to auto-detect. If they click OK it will resolve and set, and never pop up again.

This is even if the wpad and autoconfiguration information is functioning properly. In our rollouts the users are just told to click ok if they get a popup and they will never see it again. It would be nice to eliminate the first run popup, I'm certain if a custom ADM were created with the registry keys populated by the first auto-config it may eliminate the problem. I just haven't had time to play with it. If I find a solution I'll post it here.

(in reply to sfranks)
Post #: 7
RE: GPO installation of client - 11.Mar.2005 5:31:00 AM   


Posts: 17
Joined: 3.Mar.2005
Status: offline
Im getting something slightly different.. On some Windows XP and Windows 2000 machines they get the pop up the first time the client is installed. However then on some other XP and 2K machines the window pops up EVERY time the user logs on which is damn annoying!

Has anyone been able to fix this yet??


(in reply to sfranks)
Post #: 8
RE: GPO installation of client - 11.Mar.2005 5:51:00 AM   


Posts: 17
Joined: 3.Mar.2005
Status: offline
ok fixed those pc's just had to be rebooted after the GPO went through now the box has gone away.. sweeeet! If only the initial box after install wouldnt pop up then it would be 100% rock solid..

(in reply to sfranks)
Post #: 9
RE: GPO installation of client - 22.Mar.2005 1:57:00 AM   


Posts: 11
Joined: 19.Mar.2005
Status: offline
I created an MST file that can be used when deploying the client. All it does is remove the shortcut from the startmenu. You can create it pretty easily with Orca or just download it here.


(in reply to sfranks)
Post #: 10
RE: GPO installation of client - 13.Apr.2005 8:14:00 PM   


Posts: 23
Joined: 5.Jan.2005
Status: offline
I'm getting the same thing. How do you use the mst file?

(in reply to sfranks)
Post #: 11
RE: GPO installation of client - 18.May2005 11:38:00 AM   


Posts: 17
Joined: 26.Apr.2005
From: Hollywood, FL
Status: offline
Scotte - thanks for the link. However when using the .mst to delete the shortcut, the firewall client does not work upon restarting the computer. No icon in the taskbar and no access. I found that creating a .mst to just restart the computer upon completion of software deployment did the trick quite nicely. No pop-ups at logon or anything. Granted, this will only work if you have your autodetect setup correctly as it will run with the default settings.

I will post a link just as soon as I can get it set up (having hosting issues).

[ May 19, 2005, 11:09 AM: Message edited by: JSHarris ]

(in reply to sfranks)
Post #: 12
RE: GPO installation of client - 10.Aug.2005 8:25:00 AM   
JSHarris - I'm new to Orca, how do you create an MST file which reboots the client machine?

(in reply to sfranks)
  Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> GPO installation of client Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts