MSI Manager: Reinstall Applications Assigned by Group Policy

Software installation via Group Policy is a great feature that can save any administrator HOURS of time over installing apps one by one on all machines within the network. But what happens when those applications go bad? Microsoft has not provided a way to force re-installation of GPO-Managed software on a SINGLE machine, opting instead to only give you the option to redeploy the application on ALL machines. On top of this, if you remove the application from Add/Remove Programs the application does NOT get reinstalled! 

Enter MSI Manager…

MSI Manager is a tool I have created with AutoIt that will allow you to connect to any machine, get a quick list of the software that has been assigned, and select what you want to have reinstalled. On the next reboot the machine will re-install the chosen apps automatically. Problem solved.

By the way, the keys that are being modified are located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt.  There will be a key for each piece of software that has been assigned.  To force a reinstall, simply delete the associated key and then run gpupdate/force on the target computer.

Download: MSI Manager

Advertisements

26 thoughts on “MSI Manager: Reinstall Applications Assigned by Group Policy

  1. Works great, but I need to make a solution to automate. the prosess for many computers.

    I’m trying to kick off a reinstall of group policy installed software for computers that have problems with the software. But I haven’t managed to get a stable reinstall, so would it be possible to get some info of what MSIManager actually do.

  2. MSI Manager is really just meant for one-off reinstalls. If you have to do this on many computers you can just redeploy the application directly from GPMC. Right click the application in group policy, goto “All Tasks” and then click “Redeploy Application”. I will also update my post with the registry keys that are being deleted so that you can create a tool to do what you need manually if the redploy option does not suit your needs for any reason.

  3. Thanks for the answer. The application is the Internet Security (anti-virus/malware/firewall) for ALL the clients. Some of them (100+) really need a complete reinstall. I have made all the scripts for removing the software, but have failed to consistently invoke reinstall after the forced reboot. The redeploy solution would not work because, first it will redeploy on 2000+ machines. Second I need to synchronize it with the forced removal of the software. The reinstall doesn’t work unless I remove the existing software first.

    Is it only registry settings that are done? I see the gpupdate is run, is this necessary for force the reinstall? And what parameters are used?

    I really appreciate the help, this has been really frustrating to solve.

  4. I thought that may have been the problem with redeploy 🙂

    Yes those are the only registry settings you need to delete to force a reinstall. This does NOT uninstall the application, just removes the keys that group policy uses to determine that the application has already been installed. Gpupdate needs to be run with the /force switch so that it will completely refresh and reapply group policy even if no changes have been made.

  5. Hi all. This situation is bag of GPO or by design ? ..When i remove Application from add\remove list, and then tried to redeploy ( All tasks-> Redeploy application..) , then it not reinstalled on next reboot. It is the same problem as listing above ?

  6. Hmmm. I can now connect to the FTP site in the link, but the directory is empty. Do I need a login? Thanks for the help 🙂

  7. If you are trying to browse the FTP site then that is by design. If you just click the link it should download immediately. I just tested from offsite and it works for me.

  8. When I run this app again my local PC or against a remote PC, it shows me the list of applications, but the “Reinstall” and “Refresh Policy” checkboxes are greyed out. Any thoughts?

  9. It doesn’t appear to since the registry paths from XP have been moved in Win 7 (I assume in Vista as well). I’m working on another project at the moment, so when I am done with that I’ll revisit Win7 support for MSI Manager.

  10. Hello, nice job!

    You state “On top of this, if you remove the application from Add/Remove Programs the application does NOT get reinstalled! ” – this is indeed the observed fact.

    But… Do you have a reference or a link where this behavior is actually documented by Microsoft?

  11. Thank you soo much for making this wonderful application!

    I just ran it on a Laptop running Windows 7 Professional to remove software we deploy for our Hitiachi StarBoard’s.

    I was finding it VERY frustrating to manually uninstall/reinstall from a driver CD and was finding it not as reliable as allowing it install via Group Policy as it has got a bunch of customizations that only seem to come through the MSI via GP.

    I had to mess with MSI Manager a bit, but found that if I right-clicked MSI Manager and ran as Administrator and left the force restart unchecked, it worked like a dream!

    I shall be speading the word about this awesome little time saver.

    Kudo to you for making such a great app!

  12. Would it also be possible to have MSI Manager delete the installation record for the applications in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History ?

    I have found that si the only way that I can 100% get the apps to reinstall.

    Thanks!

  13. Works well but only for local machine, Each time i try to scan a remote computer nothing appends…

    Do you have an idea?

    Maybe a port to open ?

  14. In reply to comment 22 (Android-XS)

    When the App Deployment GP Extension processes the GPOs, it builds the list of all GPOs that define app deployments, ant then compares their current versions (as reported by AD) to the “Version” values in subkeys of its key in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}. The version is two packed 16-bit numbers, standing for Computer policy version, and User policy version. If it finds that the version of GPO is newer than its history value, then it builds the apps-to-deploy list, and then looks into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt to find out if these apps were already deployed. It installs only those apps that hasn’t been installed yet (or had problems during previous install attempt). So in order to ensure that the app will be re-deployed the following options exist:

    Option A:
    1. Delete the subkey in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt that contain the install state of the app
    2. Either
    2.1 set the Version value under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\[some-number-that-relates-to-GPO-in-question] to 0, or
    2.2 delete the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7} altogether (a little worse, as it will cause some extra processing and network traffic to re-create all this info), or
    2.3 Somehow update the GPO in the AD (e.g. set some value, then reset it back).

    Option B:
    In the app deployment in the GPO, set it to be removed if client falls out of the scope of the GPO, and then, after this change has been processed by clients, modify the security of the GPO so that it will not apply to selected machines. Then at next reboot the app will be removed from those clients. After that, you may reset the security to original state so that the app will be installed again. However, if you define several app deployments in this GPO, you may force all these deployments to be re-deployed this way.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s