0

I need to unblock the installation of Internet Explorer 9, after using the Internet Explorer 9 Blocker Toolkit in a GPO. In a way the unblocking does work, after disabling it in the GPO, but the update/installation in Windows Update stays as an Optional Update, and I need it to be installed automatically.

How can I circumvent this?

Bo.Andersen
  • 1
  • Have you read the FAQ @http://technet.microsoft.com/en-gb/ie/gg615600.aspx ? Am I correct that what you want to do is to automatically install IE 9 on your client PCs? What OS? How Many? – BlueCompute Feb 13 '14 at 12:47
  • yes, I have read the FAQ, and the registry key does change, if I either disable or remove to Blocker Kit from the GPO (using a test OU of course). The Windows Update for the Internet Explorer 9 installation does show after this, but only as an Optional Update, and thus the installation never starts. It's approx. 100 machines, that need this installation. The FAQ also tells me, that the Blocker Kit disables the update from Automatic Update, but now we need it to be automatic again, which doesn't seem to be the case when it is disabled again. – Bo.Andersen Feb 13 '14 at 14:05
  • OK, this article states that IE 9 will only be offered if your users are local admins. Are they? http://technet.microsoft.com/en-gb/ie/gg615599 – BlueCompute Feb 13 '14 at 16:36
  • Approx. 90% of the users are regular users. It seems I have to find a way using logon script and an .msi package instead? – Bo.Andersen Feb 14 '14 at 07:52

1 Answers1

0

Regular users cannot install this update, as IE needs to change system-wide settings, dlls etc. but even if an admin logs in automatic updates do not automatically install it. So, you can create a startup script (not logon script, which will have the permission user have; ie. not admin), which will have permissions to change the settings and install the software.

My suggestions would be to have a startup script schedule a job that runs within 10mins or so. Then that job installs the update for the user. You can put the installer on a share where computer account (which the startup script will use) has access to. For example, under sysvol or a folder where you specifically give domain computers access to.

You could also create that scheduled task use a service account and give the service account permission to the folder where you host the installer. However, you need to make sure that account has admin privileges to be able to install an app.

Adil Hindistan
  • 419
  • 4
  • 8