Table of Contents
Group policy software deployment does not support exe files. You will need to use a script and group policy to deploy software with an exe. I’ll show you these steps below.
If you need to deploy an MSI file, then check out our post How to Deploy Software using GPO.
Find the installation switch of exe file
By default, if you have a MSI installation file, you can easily to check the installation switches. Most MSI file can be installed using the below command:
msiexec /i 7z2301-x64.msi /qn #This example for 7-zip
For an exe installation file, you can use the same method to check the installation switch. You can give it a try with:
- setup.exe /h
- setup.exe /help
- setup.exe /?
In some cases, if you cannot find the installation switch from cmd. You can try to install the app with silent switch such as:
- setup.exe /s
- setup.exe /silent
- setup.exe /verysilent
The last way, if the command line doesn’t help, you can find the installation switches from the internet or from the software’s vendor document. The good reference for installation switch is https://silentinstallhq.com/
For example, in this case, the installation command for Dropbox is:
dropbox.exe /S # /S will launch the Dropbox desktop application silently.Configure UNC Share for the deployment
You need to have a secured distribution point for your EXE install file. It needs to be accessible for domain computers and users. We recommended you create a hidden share (with $ at the end of share name) to prevent unwanted actions from users and make it more secure.
I walked through on how to create a secure network share in for deploying an MSI file. Check it out if you need step by step instructions.
Configure a PowerShell Script
Next, you need to create a PowerShell script as follows:
#Script to install via Group Policy - https:// bonguides.com
#Steps in this script:
#1. Check the path exists to determine if the program is already installed.
#2. If the path doesn’t exist then it will start the install process then add report.
#3. If it does exist it will move to the else line and do nothing.
$path = 'C:\Program Files (x86)\Dropbox'
if (-not (Test-Path -Path $path)) {
$filePath = '\\dc01\deploy$\dropbox.exe'
$report = '\\dc01\deploy$\report.txt'
Start-Process -FilePath $filePath -ArgumentList '/S'
Add-Content -Path $report -Value "$(hostname) `t`t$(Get-Date)"
}
else {}
It’s a very basic script. You can modify it and add logging or other options. That is the nice thing about PowerShell you can customize it to your needs.
We’ve saved it as dropbox.ps1 for later use.
Configure Group Policy Settings
For demo purposes, we’ll create a policy then assign it to the computers of HR team.
1️⃣ Create and link a new GPO to the OU containing computers. I’m going to add a new GPO to HR OU.
2️⃣ Give the GPO a name. Then edit the GPO.
3️⃣ Configure the policy as follows:
4️⃣ Once clicked on the Add button, click Browse.
5️⃣ With the browser window opened, you need to copy and paste the .ps1 file that you’ve created in the previous step into this window.
6️⃣ Click OK until you back at the main screen. This completes the GPO configuration.
7️⃣ Now reboot a computer of the HR team, and the software should be installed automatically.
8️⃣ In the PowerShell script, we’ve configured the logging file. So, we can monitor the installation status.
if (-not (Test-Path -Path $path)) {
$filePath = '\\dc01\deploy$\dropbox.exe'
$report = '\\dc01\deploy$\report.txt'
Start-Process -FilePath $filePath -ArgumentList '/S'
Add-Content -Path $report -Value "$(hostname) `t`t$(Get-Date)"
}
else {}
Method 2: Deploy Using Windows Package Manager
The second way, you can deploy the app using Windows Package Manager (Winget).
When using this method:
- You don’t need to download and save the setup file locally.
- The client computers will access to internet to download the setup file automatically.
- You don’t need to care about the installation file is exe or msi.
- The app will be installed with system context regardless user login.
You just need to create a PowerShell script then configured the GPO in the same way with the manually method above.
#Script to install apps via Group Policy - https:// bonguides.com
# Check then update Windows Package Manager (Winget).
$winget = Get-AppxProvisionedPackage -Online | Where-Object {$_.DisplayName -eq "Microsoft.DesktopAppInstaller"}
If ([Version]$winGet.Version -lt "2022.506.16.0") {
irm https://bonguides.com/winget | iex
} else {}
$wpath = "C:\Program Files\WindowsApps"
$winget = Get-ChildItem $wpath -Recurse -File -ErrorAction SilentlyContinue | Where-Object { $_.name -like "AppInstallerCLI.exe" -or $_.name -like "WinGet.exe" } | Select-Object -ExpandProperty fullname -ErrorAction SilentlyContinue
# If there are multiple versions, select latest.
if ($winget.count -gt 1){ $winget = $winget[-1] }
$wingetPath = [string]((Get-Item $winget).Directory.FullName)
# Check the path exists to determine if the program is already installed.
# If the path doesn’t exist then it will start the install process then add report.
# If it does exist it will move to the else line and do nothing.
$path = 'C:\Program Files (x86)\Dropbox'
if (-not (Test-Path -Path $path)) {
$report = '\\dc01\deploy$\report.txt'
& "$wingetPath\winget.exe" install Dropbox.Dropbox -e --silent `
--scope machine --accept-source-agreements --accept-package-agreements
Add-Content -Path $report -Value "$(hostname)`t`t$(Get-Date)"
}
else {}Method 3: Deploy Using Chocolatey Package Manager
The last way, if Windows Package Manager doesn’t help or the app doesn’t exist. You can give it a try with Chocolate Package Manager.
Here is the PowerShell script for Chocolatey:
$path = 'C:\ProgramData\chocolatey'
if (-not (Test-Path -Path $path)) {
Set-ExecutionPolicy Bypass -Scope Process -Force
irm https://community.chocolatey.org/install.ps1 | iex
}
Start-Sleep -Seconds 10
$path = 'C:\Program Files (x86)\Dropbox'
if (-not (Test-Path -Path $path)) {
$report = '\\dc01\deploy$\report.txt'
choco feature enable -n allowGlobalConfirmation
choco install firefox -y --accept-license
Add-Content -Path $report -Value "$(hostname)`t`t$(Get-Date)"
}
else {}Not a reader? Watch this related video tutorial:
