There exists an annoying bug in Windows 7 with GPOs and RODCs that makes your users waiting 20 minutes until the computer starts installing software via Active Directory.

The infrastructure has a central site with 2 DCs 2008 R2 and several branch offices with Read Only Domain Controller located on every office. The problem is that when some changes are done on the Group Policies in the central site (modify old GPOs, create new ones, most often install software like Flash player) after the restart (or gpupdate /force) when the new settings are applied it take about 20 minutes for the client to boot.

Windows boots and show a throbber with "Applying software installation policy..." for about 20 minutes (10 minutes per machine + 10 minutes for user GPO timeout). This happens only after you have changed a GPO and only once. It doesn't matter if this is a software policy or any random setting. The setting get's applied and all other future reboots are fine, until you change anything again inside a GPO.

Google Adwords Editor 9.7.1 and 9.8.1 and 9.9.0 again has been released with major design flaws, see Developers best practice for Windows user profiles. It saves itself, including Adwords data in Windows folder structures that are getting lost on a user logout. Additional to this, there is no way to redirect the data folder to a Roaming Profile folder like it's possible with Google Chrome.

The fundamental broken Windows basics are:

• Roaming Profiles are not supported
  • As result - all data and the application itself get's lost if you log off from the computer.
  • This happens for the reason that the Application is installed to LocalAppDataFolder, what is a folder that is per definition a folder that is excluded from roaming.
• Application is not installed for All Users
  • This is at least wrong design as Adwords should be used by 98% in Enterprises and not at home. The application need to be deployable per machine to be Enterprise ready.

How to workaround some of the issues?

If you'd like to deploy VMware Player in your Enterprise you need to extract the MSI setup from the standard setup. You need to download the normal VMware-player-4.0.1-528992.exe file from VMware site. Than just launch these installer .exe, wait until the setup shows the "Welcome to the installation wizard for VMware Player", but don't install the Player. While the setup is launched setup creates a folder in C:\Users\%username%\AppData\Local\Temp\vmware_[random number]. Make a copy of this folder to your distribution share. Cancel the launched setup. Now you have the required MSI file vmware player.msi in the copied folder.

If you try to deploy VMware Player 4.0.0-471780 or 4.0.1-528992 to your Desktops via Active Directory you will expierence some major difficulties. At very first it's not possible to install at all. After some investigation it looks like very many others reported this bug in the VMware Community Forums, but nobody came up with a solution.

This is a note for all others searching for a XMind - Mind Mapping version that can be deployed in Enterprise via Active Directory. I'm not a developer of XMind, but I've created a full-fledged per Machine MSI setup for the XMind Team to make XMind deployable via Active Directory. If you'd like to push it out to your users desktops - it's available now. No need to wrap suxxx NSIS installer into an MSI any longer.

It has been deployed to ~50 machines without any issues. I have not received any feedback from the XMind guys yet, but hope it will see the public light soon.

These are the setup features that have been implemented and can be enabled/disabled via transforms:

This is a note for all others searching for a Notepad++ version that can be deployed in Enterprise via Active Directory. I'm not a developer of Notepad++, but I've created a full-fledged per Machine MSI setup for the Notepad++ Team to make Notepad++ deployable via Active Directory. If you'd like to push it out to your users desktops - it's available now. No need to wrap suxxx NSIS installer into an MSI any longer.

These are the setup features that have been implemented and can be enabled/disabled via transforms:

In best practice Enterprise environments, users have a home directory and the folders like AppData\Roaming and Documents will be redirected with Windows Policy named Folder Redirection to their home drive located on network. In AppData\Roaming folder very many applications are saving their user specific data and this allows a user to log on to any PC in your company with keeping all settings intact. The AppData\Roaming folder become larger over time and 300MB are very common in todays world. For performance reasons you should not copy this on every login/logout to the computer and back to the server. There is many banana software on the market from developers that are not aware of this technology. Notify them, this are bugs - no discussion.

It's best practice to enable the policy Delete Cached copies of roaming profiles that truncates a local user profile from disk to free up disk space after a user logs off a computer. With Windows 7 this stuff can be cached locally for some time, but the performance reasons are still the same.

With version 15 Google seems to have published the very first version of Google Chrome for Business that at least starts up/opens in an Enterprise environment with Roaming Profiles and redirected AppData folders. Yes - You have read correctly - they are at version 15 and this is the first version that may work. They claimed in december 2010 with Version 11 that Chrome is Ready for Business. The only thing that was ready - was a very limiting MSI wrapper that is not a full-fledged MSI setup. These version 11 was not ready for Business and the only important functionality was the installation to %ProgramFiles% folder, but this does not make Chrome ready for Business. It's still only a suxxx MSI wrapper around the normal installer and as one example - it does not allow you to customize the icon folders.

If you'd like to add more languages or all languages to your Windows 7 deployment image this can be done by hand or with below script. This script requires some path configurations only and integrates all lp.cab files from the Microsoft Language Pack DVD.

Required:

• Windows Automated Installation Kit (AIK)
• Microsoft Windows 7 Enterprise DVD
• Microsoft Windows 7 Language Pack DVD

Steps:

1. Copy install.wim from Windows 7 DVD \sources\install.wim to local disk
2. Configure path to language packs. This is folder named langpacks with subfolders named "ar-sa", "de-de" and so on.
3. Configure all other paths
4. Run the batch file to integrate all Language Packs (may take some hours/one day).
5. Add this WMI file to your Windows Deployment Server (WDS).

Script:

This is a note for all others searching for a PDFsam version that can be deployed in Enterprise via Active Directory. I'm not a member of the PDFsam team, but I've created a full-fledged per Machine MSI setup for them to make PDFsam deployable via Active Directory. If you'd like to push it out to your users desktops - it's available now. No need to wrap suxxx NSIS installer into an MSI any longer.

I have received feedback from the main developer that we will look into it for the next official version. He took over and you can download the latest MSI version of PDFsam Basic from the project homepage.

These are the setup features that have been implemented and can be enabled/disabled via transforms:

This is a note for all others searching for a FastStone Capture version that can be deployed in Enterprise via Active Directory. I'm not an employee of FastStone Soft, but I've created a full-fledged per Machine MSI setup for them to make FastStone Capture deployable via Active Directory. If you'd like to push it out to your users desktops - it's available now. No need to wrap suxxx NSIS installer into an MSI any longer.

It was me a pleasure to help these guys and they are currently doing their in-house testing, but as these guys have been proven to be are really open minded and thankful - I'm sure they are able to provide you the new MSI setup before it get's published on their site in future. I cannot publish the setup here as this is not Open Source.