Mir's Blog

I am working with Microsoft as Infrastructure Consultant

How to automate Lync Client 2010 deployment in multi architect environment using Active Directory Group Policy

How to automate Lync Client 2010 deployment in multi architect environment using Active Directory Group Policy

  • Comments 13
  • Likes

The Lync server 2010 client is a single unified communication client that replaces previously released Office Communicator and Live meeting client, single client performs all the functions of the previous clients including instant messaging (IM), web conferencing, white boarding, desktop sharing, and enterprise voice.

There are two versions of the Lync 2010 client, one for x86 and one for x64 operating systems.  The difference is the bootloader and the prerequisite software included in the client installer (Microsoft Visual C++ 2008 Redistributable - x86 or x64 and SilverLight).  If you try to deploy the x86 version of the client on an x64 computer (or vice versa), you will get an error message. "Installer is not supported on your computer, please use the 64-bit installer to complete the installation.

NOTE:The online meeting Add-On will match the 32bit or 64bit version of version of Office 2007/2010 installed, regardless of the Lync client architecture installed.

It is not uncommon in todays world that there are multi architecture clients (x86 and x64) running in the environment, and it is possible that you dont have any software or tool available to automate the software distribution with right set of bits to the clients, and it can be bit difficult to automate the software distribution using Group Policy as well, The rest of the document will demostrate how we can deploy Lync client 2010 in multi architecture environment using a simple batch file and GPO toghether

I will break this complete process in three parts, to make it look easy and undrestandable

1.  Preparing the environment

2.  Configure GPO to deploy the login script on client machines

3.  Deploy the software bits on the client via the configured login script.

Note: Installation of the client software would require a user to have administrator rights on the local machines, for that reason we will use computer startup script to deploy the software as the software will be installed using local system account which by default has permissions

Preparing the Environment

As there are Windows XP, Windows Vista and Windows 7 clients in both X86 architecture and X64 architecture, we need to ensure that the right bits are installed on the clients, so we need to make the right bits available to clients.

  • Create a file Share on your file server or any other server which is accessible from the network and users can communicate with, for example your file server “FileServer1” and name the folder and file share as “Client_Software_bits
  • Share the folder and give everyone read permissions on the share to ensure all users can read for this share
  • Create two folders inside the folder create in step 1 and name them as Lync2010 and Office365
  • Create two folders inside each of the above new folders and name them X86 and X64 respectively
  • Now we will have a UNC path like
    • \\FileServer1\Client_Software_bits\Lync2010\X86
    • \\FileServer1\Client_Software_bits\Lync2010\X64
  • Now though we have all the four UNC paths created and available for clients to access, copy the correct platform to the respective version of client software into the folders, X86 bit of client software to X86 folder and X64 bit of client software to X64 folder

Software Bits/Architecture

File Name

Lync 2010 Client/x86

LyncSetup32.EXE

Lync 2010 Client/64-bit

LyncSetup64.EXE

  • Check the file name for the client software, it might look like LyncSetupx86 or LyncSetupX64, rename the files to LyncSetup in both the folders to have common file name which will be used in script
  • Test to access the shares from one of the client machines to ensure you are able to see the files in these folders
  • The script also fires the results of the installation onto a file; in order for that to happen, an additional file share is required which must be accessible by all users and users must have create/write access which can be used to centrally track the installation success
  • In the same file share, create a folder named "Client_deployment_results" on the file server and share the folder with everyone or to be more specific share the folder with Domain users and Domain Computers groups and assign “Create and Modify” permissions to “Domain Users” and "Domain Computers" groups
  • The UNC path for the results folder would look like \\FileServer1\Client_Deployment_Results

Understanding the Login Script

The script is broken into 3 parts,

  • This part of the scripts sets a condition about which platform (Architecture) software to install x86 or x64 and if the software is already installed exit the script

If Exist %systemroot%\%computername%.txt goto END
If Exist "C:\Program Files (x86)\" goto X64

Set ARCHITECTURE=x86

This part of the login script automates the creation of the respective folders under the user’s profile in the desktop

REM Creating Lync and office suite Client folder on %USERPROFILE%
IF NOT EXIST "%USERPROFILE%\Lync_Client\X86" MKDIR "%USERPROFILE%\Lync_Client\X86"

Note: Since we are using computer startup GPO to apply the script on the client machines %userprofile% refers to directory “C:\windows\system32\Config\systemprofile” on windows 7 machines and on windows Xp machines %userprofile% refers to the logged in users profile "Documents and Settings\Users", to manually check whether software bits are copied you need to check the respective directory as per your operating system

  • This part of the script copies the required installation files into the folders created from the previous step.

REM Copying Lync software to Lync Software folder on %USERPROFILE%
pushd "\\fileserver1\Lync2010\Lync_Software\x86\"
XCOPY "*.exe" "%USERPROFILE%\Lync_Client\X86" /I /Y /Q

  • This part of the script will setup the Lync2010 and Office365 suite silently and end user would not experience any GUI or any interferences.

Note: End users should still be informed that their computer is going to have a change so that users aren’t surprised to see the Lync, Silverlight, Visual C++ Distribution installed in their machine. Silverlight and Visual C++ distribution are pre-requisites for Lync2010 client and are installed automatically by LyncSetup.exe

"%UserProfile%\Lync_Client\%ARCHITECTURE%\LyncSetup.exe" /install /silent /fulluisuppression
Echo "Lync and Office clients Successfully installed" on %COMPUTERNAME% > %systemroot%\%Computername%.txt
Echo "Lync and Office clients Successfully installed" on %COMPUTERNAME% >\\fileserver1\Client_Deployment_Results\%computername%.txt

  • The Login Script will first of all set the architecture to X86 and then check on the system if “C:\Program Files (X86)” exist, as this folder is available only on 64-bit machines with 64-bit operating system, if the condition is true then the script will set the architecture to x64, and then run the setup locally from the folders we created in first part of the script, Since we have set the architecture to either x86 or x64 and we are using variable %Architecture% in the command line to ensure the right bit of software is run, after the Lync2010 is immediately office 365 suite software will be installed.
  • X64 bit portion of the script will follow the same process as above

:X64

If NOT EXIST "C:\Program Files (x86)\" goto END

Set ARCHITECTURE=x64

REM Creating Lync Client folder on %USERPROFILE%
IF NOT EXIST "%USERPROFILE%\Lync_Client\X64" MKDIR "%USERPROFILE%\Lync_Client\X64"
REM Copying Lync software to Lync Software folder on %USERPROFILE%
pushd "\\fileserver1\Lync2010\Lync_Software\x64\"
XCOPY "*.exe" "%USERPROFILE%\Lync_Client\X64" /I /Y /Q
"%UserProfile%\Lync_Client\%ARCHITECTURE%\LyncSetup.exe" /install /silent /fulluisuppression
Echo "Lync and Office clients Successfully installed" on %COMPUTERNAME% > %systemroot%\%Computername%.txt
Echo "Lync and Office clients Successfully installed" on %COMPUTERNAME% >"\\fileserver1\Client_Deployment_Results\%Computername%.txt"

:END
EXIT

  • At the end of the script it will create two results files one in the local drive and one on the remote writable file, the environmental variable %COMPUTERNAME% is used to have text file created with the ‘machine_name.txt’ to keep the track.

Configuring the GPO

To get the individual machines to run this login script, GPO is used to help enforce the Startup script to machines to run at startup.

  • The startup script is the file that does the actual action. It could be almost any action, as noted above. Unlike the "old fashioned" method of using ADUC and the Profile tab of the users' account properties, the default location for GPO-initiated logon scripts is the deep within the SYSVOL special folder, which, by default, is shared on all Domain Controllers in an Active Directory forest, and is located in the following folder:

%SystemRoot%\SYSVOL\sysvol\<domain DNS name>\Policies\{GUID}\machine\Scripts\startup

  • Where %SystemRoot% is usually “C:\Windows”, <domain DNS name> is the DNS name of the domain, ‘dc.capitaland.com’, and {GUID} is a hexadecimal string representing the GUID (unique identifier) of the specific Group Policy Object in use. This folder, which is a part of the SYSVOL special folder, is replicated to all the Domain Controllers in the domain. Each GPO has its own internal User and Machine subfolders, and under them it has, if used, a Logon, Logoff, Startup and Shutdown subfolder where appropriate
  • Copy the logon script (CTRL+C) at the file level, during the creation of the GPO it will be necessary to paste the file into the UI.
  • Startup and Shutdown scripts run under the machine credentials. It is recommended that the “Domain Computers” group shall be given permission to any resources used by either of these scripts. For example, if the startup or shutdown script writes to a log file, the group “Domain computers” should be given read/write access to the file or the folder where the log file is located.
  • In order to assign the GPO and edit it, Group Policy Management console, or GPMC in short is used. This tool is not installed by default in Windows Server 2003, and neither is it installed by default in Windows Server 2008. In Windows Server 2008, GPMC is considered to be a "Feature", and you must install it before being able to use it. However, unlike in Windows Server 2003 where you must download and install the tool, in Windows Server 2008, GPMC is already a part of the operating system, you simply need to add it. If the Windows Server 2008 server is also a Domain Controller, GPMC will be automatically installed as part of the DCPROMO procedure. If it's not a DC, you'll need to manually add it.
  • Open Group Policy Management Console from the Administrative Tools folder (or gpmc.msc from RUN)

 

  • As described in the above paragraph, you decided to apply the script to ONLY a SPECIFIC SET of computers, expand the domain tree, locate the OU where the computers are located. Right-click the OU and select Create and Link a GPO Here 

 Note: It might be possible that a GPO already exists and it is linked to the object level you need. In that case you don't need to create a new GPO; you can use the existing one

  •   In the New GPO window, give the new GPO a descriptive name, such as "Client Logon Script GPO". Click Ok 

 

  • If you don't see it already, refresh the GPMC view and find the new GPO you've just created under the OU
  • When you click on the new GPO you might be prompted with a message window. Click Ok 

  

 

  • Right-click the new GPO and select Edit 

 

  • In the Group Policy Object Editor window, expand Computer Configuration > Windows Settings > Scripts 

 

  • Double-click Startup in the right-hand pane
  • In the Startup Properties window, click Show Files 

  

 

  • A window will open. The path will be a folder similar to the following: \\domain.com\SYSVOL\testdomain.com\Policies\{Guid}\machine\Scripts\startup. Paste the logon script you've copied in the previous part of this article. Close the window
  • Back in the Logon Properties window, click Add 
  • In the Add a Script window, click Browse and you will see the logon script step #11. Whatever you do, DO NOT manually browse for the file, it should be in front of your eyes. If it's not there, check the previous steps for a mistake. Click Ok

  • Back in the Startup Properties window, see if the logon script is listed, and if it is, click Ok 

 

 

  • Since we are targeting multi Architectural environment where we have windows xp, windows vista, and windows 7 machines, on windows vista and windows 7 machines “User Access Control” feature is enabled by default and any installation would require administrator to allow installation, to silently install the software we would need the feature to be disabled using GOP, follow the steps below

  

 

  • In Group Policy Management Editor expand Security SettingsèLocal PoliciesèSecurity Options
  • In the right hand page scroll down and locate User Account Control:Behavior of the elevation prompt for Administrators in admin approval mode, double click on the option and click on check box Define this policy and from the drop down menu select Elevate without prompting and click OK

 

 

 

  • Next locate User Account Control:Run all Administrators in Admin Approval mode, double click on the option and click on Define this Policy and select the option Disable, click on OK
  • Close the Group Policy Object Editor window
  • Close the GPMC window

Replicating the GPO

To replicate the DCs in the domain by using either Active Directory Sites and Services, Replmon, Repadmin, or wait a few moments (depending on the number of DCs). As a simple follow up to this article, I suggest you use Active Directory Sites and Services.

Testing the Login Script

  • On one of the computers that is part of the domain, logoff the specific user account
  • Logon and test. If you don’t see the client software installed after about 15 minutes, go to command prompt

Note

On machines with Windows 7 as the Operating System, open as Administrator

 

  • Type following commands, this command will generate a report where you can see whether the policy is applied on the user or not, if you don’t see the policy applied type following command
    • C:\>GPresult  /H: >C:\gpresult.html  /Scope:Computer (windows 7)
    • C:\>Gpresult /Scope:Computer >C:\Gpresult.txt
    • To force the GPO update on the client machine apply the following command, logoff and login again to test
      • C:\>Gpupdate /force
  •  It is possible sometimes logon process completes but the script doesn't run properly, it can happen on clients running windows xp, or later running on fast network, the first thing to look at would be the event viewer at client machine and you can also look at the longon process logs Userenv.log file which is located in %systemroot%\debug\usermode directory, to enable debug loggin refer to article http://support.microsoft.com/kb/221833

Please post your comments and feedback on this post, shall you have any questions regarding this please post the questions in technet

Comments
  • Hi Mubashir,

    I tried your script but have a problem with it... I tested it on several computers (three Win7 and one XP), and script installed everything (C++ redistr., Silverlight and Lync Client) correctly, BUT after installation, Lync client don’t  want to start... When I click on Silverlight and Lync Recording manager they appear regularly, but when I click on Lync Client nothing happens... Programs are installed with computer policy, and I even gave later everyone full control permission on Lync folder and started program with administrator privileges, but nothing happens... What can be the problem? What if Outlook account has not been previously created for that user profile, and that’s why it can’t installing Lync add-in for Outlook? Maybe I forgot to put something in the script? Here it is:

    If Exist %systemroot%\%computername%.txt goto END

    If Exist "C:\Program Files (x86)\" goto X64

    Set ARCHITECTURE=x86

    REM Creating Lync and office suite Client folder on %USERPROFILE%

    IF NOT EXIST "%USERPROFILE%\Lync_Client\X86" MKDIR "%USERPROFILE%\Lync_Client\X86"

    REM Copying Lync software to Lync Software folder on %USERPROFILE%

    pushd "\\10.0.1.82\Client_Software_bits\Lync2010\Lync_Software\x86\"

    XCOPY "*.exe" "%USERPROFILE%\Lync_Client\X86" /I /Y /Q

    "%UserProfile%\Lync_Client\%ARCHITECTURE%\LyncSetup.exe" /install /silent /fulluisuppression

    Echo "Lync Successfully installed" on %COMPUTERNAME% > %systemroot%\%Computername%.txt

    Echo "Lync Successfully installed" on %COMPUTERNAME% >\\10.0.1.82\Deployment_Results\%computername%.txt

    :X64

    If NOT EXIST "C:\Program Files (x86)\" goto END

    Set ARCHITECTURE=x64

    REM Creating Lync Client folder on %USERPROFILE%

    IF NOT EXIST "%USERPROFILE%\Lync_Client\X64" MKDIR "%USERPROFILE%\Lync_Client\X64"

    REM Copying Lync software to Lync Software folder on %USERPROFILE%

    pushd "\\10.0.1.82\Client_Software_bits\Lync2010\Lync_Software\x64\"

    XCOPY "*.exe" "%USERPROFILE%\Lync_Client\X64" /I /Y /Q

    "%UserProfile%\Lync_Client\%ARCHITECTURE%\LyncSetup.exe" /install /silent /fulluisuppression

    Echo "Lync Successfully installed" on %COMPUTERNAME% > %systemroot%\%Computername%.txt

    Echo "Lync Successfully installed" on %COMPUTERNAME% >\\10.0.1.82\Deployment_Results\%Computername%.txt

    :END

    EXIT

    Regards,

    Ilija Knezevic

  • It looks I solved the problem... It can't work if there are both /silent and /fulluisuppression, it works only with /silent (and off course /install) switch...

    Regards,

    Ilija Knezevic

  • Hey, very sorry for the delayed response... i havent been able to follow my blog lately, Yes you need to remove /Fullunsuppression

  • Do not use /fulluisuppression this stops the lync client from displaying after installation

  • I used your script to deploy Lync to my organization. It seems that it only deployed to 50% of my machines. There is no indication in the event viewer that it tried to install. How do I troubleshoot installations that do not happen?

    Thanks,

    Aaron

  • To help with troubleshooting i have replaced the following lines of code

    Echo "Lync Successfully installed" on %COMPUTERNAME% > %systemroot%\%Computername%.txt

    Echo "Lync Successfully installed" on %COMPUTERNAME% >\\10.0.1.82\Deployment_Results\%Computername%.txt

    WITH this code

    if %errorlevel%==0 (goto Successfull) else (goto Fail)

    :Successfull

    Echo "Lync Successfully installed" on %COMPUTERNAME% > %systemroot%\%Computername%.txt

    Echo "Lync Successfully installed" on %COMPUTERNAME% >\\10.0.1.82\Lync_Deployment_Results\%computername%.txt

    goto END

    :Fail

    Echo "Lync Setup ended with error code %errorlevel% " on %COMPUTERNAME% > %systemroot%\%Computername%.txt

    Echo "Lync Setup ended with error code %errorlevel% " on %COMPUTERNAME% >\\10.0.1.82\Lync_Deployment_Results\%computername%.txt

    goto END

    With this code in place you will be able to find out what  error code the "lyncsetup.exe" ended with, by looking in the txt file for that machine.

  • Many thanks for this, we got the file transfer and installation to work nicely from a Windows 7 SP1 (office 2007) desktop, from a Windows Server 2008R2 file store; however when we tried to deploy and install to a Windows XP SP3 (Office 2007) desktop we received an error 6009 and the install failed, no file copy either; when we moved the files to a Windows 2003 file server and recreated the shares then we had success on both the Windows 7 SP1 and Windows XP SP3 desktops. Is there something we need to do to get this to work from a windows Server 2008R2 server to copy and install on to a Windows XP SP3 desktop?

    Many thanks

    Dave

  • Do NOT user /FullUisuppression it's a trainwreck!

    msdn.microsoft.com/.../hh345230.aspx

  • I have been fighting this for a few days not on an off and Lync does not want to install.  It does install Silverlight properly and I think there is a chance that it installs the C++  however Lync itself isn't installed.  I think it isn't able to create the OCSetup folder in Program Files.  I am trying to do the install with the install files from Office 365.  Has anyone had and fixed this issue or know how I can fix it.

  • I try to find out where the H*** the client is located. SErver is up and running. No client to install anywhere.

  • I'm afraid setting UAC to Elevate without prompting is a system wide setting that decreases security.  It's the one concern I have for this method. Otherwise it looks fine.

    Regards

  • Hello,

    I run as script as recommended but LyncSetup.exe will be copy to C:\Windows\System32\config\systemprofile\Lync_Client\X64 (windows 7 64bit) and then nothing happen...

    If i run LyncSetup.exe directly from above directory it's showing message: The specified module could not be found.

    Any help is appreciated,

  • Thanks for sharing.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment