GWKB1068 : Deploying Window-Eyes Through Group Policy

Product: Window-Eyes
Author: Ryan Shugart
Date Added: 04/17/2007
Last Modified: 04/17/2007

Using the silent install, it is possible to deploy Window-Eyes 6.1 using a group policy object. This document describes how to do so. It is assumed the reader is familiar with Microsoft Networking concepts, including Active Directory, and GPOs in general. We will also assume that all client machines are running Windows XP or Windows Vista, and all servers are running Windows Server 2003. There are 3 high level steps to complete this task:

  1. Create a share on a file server and copy the Window-Eyes 6.1 CD to this share.
  2. Create a batch file that will be executed at startup to install WE from this share to the client machines
  3. Create a GPO to run the install.

Create a Share to House the Window-Eyes CD

Since we will be installing over the network, it is necessary to create a share on a file server that will house the contents of the Window-Eyes CD. We will use a server called Denver to create the share. To do this:

  1. Log onto the file server that will house the WE share. Denver in our case.
  2. Click start, right click my computer and select manage from the context menu.
  3. From the computer management screen, expand the system tools branch of the tree view, then expand the shared folders branch. Right click on shares, and select new share from the context menu.

Follow the onscreen prompts to create the new share. In this document we will create a share called we$ in the c:\weinstall folder. Set the permissions for administrators to have full control, all other users to have read only access.
Once this is done, you should copy the contents of your Window-Eyes CD into the folder you just created.

Creating the Script

We will now create the script that computers will run during startup to install Window-Eyes. To do this, open notepad on your workstation, and create a file called weinstall.cmd with the following text:

rem batch file to deploy Window-Eyes automatically using GPO
if not defined wineyes \\fileserver\we$\wineyes\setup /vs /vn"username" /vc"companyname" /va

Creating the Group Policy

Now that we have Window-Eyes in its share and have the script created, it is necessary to create the actual group policy object. You must have domain administrator rights, or at least have been delegated permissions to create new GPOs. Perform the following steps:

  1. Log onto a domain controller, for this example we will use the machine London.
  2. Click start, administrative tools, group policy management.
  3. When the GPMC opens, expand the appropriate forest and domain. For this example, we will use the nwtraders.msft forest, and the policy will be created in an OU in the root domain of the forest.
  4. Right click on the nwtraders.msft root domain and select new organizational unit.
  5. Enter a name for the new OU, we will call this OU "WE Deploy."
  6. Right click on the OU we just created, and select create and link a GPO here.
  7. Enter a name for the new GPO, in our case we will call this GPO WEDeploy. Click OK.
  8. Right click on the new GPO, and select edit from the context menu.
  9. The Group Policy Object Editor should open. Expand computer configuration, windows settings, scripts startup shutdown Group Policy Object Editor Screen Shot
  10. In the listview, click startup.
  11. A dialog should open with an empty list of scripts, and several controls. We first need to move the script itself into the sysvol share so the script can be accessed by computers as they are starting up. Startup Properties Screen Shot
  12. Click show files.
  13. A Windows Explorer window will open. Copy the weinstall.cmd file we created into this folder.
  14. Close the windows explorer window.
  15. Click add.
  16. Browse to the weinstall.cmd file and click OK.
  17. Leave the parameters field blank and click OK again.
  18. You should now see the WEInstall script added Startup Properties Screen Shot #2
  19. Click OK.
  20. You can now close the Group Policy Object Editor and the Group Policy Management Console.
  21. Log off the domain controller.

If you are in an environment with several domain controllers, it may take a few minutes for your changes to replicate throughout the domain.

You must move a computer object into the OU before WE will be installed. To do this:

  1. Log onto London, the domain controller.
  2. Click start, administrative tools, active directory users and computers
  3. Locate the computer object you wish to move.
  4. Right click the object, and select move.
  5. In the dialog that comes up, select the wedeploy OU (the OU we created when creating the GPO.)
  6. Click OK.
  7. You may now close ADUC and log off the domain controller.

The next time the computer starts, you will see several Window-Eyes install screens while the machine is starting. Before Window-Eyes can be used, you must reboot the computer again so that the video intercept may be installed properly.