PURPOSE

The purpose of this document is to provide a detailed explanation of how to prepare and execute the installation of the Forefront Identity Manager 2010 Add-ins and Extensions through Group Policy. 

SOFTWARE REQUIREMENTS

1. Orca – You will need this tool to be able to build a Windows Installer Transform file (MST).  The tool is available in the Windows Installer SDK which you can download from http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=e96f8abc-62c3-4cc3-93ad-bfc98e3ae4a3.  Once downloaded, you will find it in the %programfiles%\Microsoft SDKs\Windows\v6.0a\Bin.
2. Microsoft Windows Server 2008 Active Directory
3. Microsoft Outlook 2007 Service Pack 2

STEPS TO PREPARE FOR DEPLOYMENT

We will cover the steps to prepare the Forefront Identity Manager 2010 Add-ins and Extensions package for deployment.  It is a good idea to execute the steps in order, as it will allow things to flow more smoothly in your deployment process.

1. Create a network installation share if you do not already have one.
2. Create a Windows Installer Transform file
3. Add the installation package to the Group Policy Management Editor and prepare it for deployment
4. Verify the package install on the client
   

HOW TO BUILD THE WINDOWS INSTALLER TRANSFORM (MST)

A transform is a collection of changes applied to an installation. By applying a transform to a base installation package, the installer can add or replace data in the installation database. The installer can only apply transforms during an installation.  You might want to add some custom information to the installation to help configure things as the product is installed.

1. Navigate to the installation folder for the Add-ins and Extensions (Forefront Identity Manager\Add-ins and extensions)

*NOTE* You will need to build a MST for each x64 and x32 if you have a mixed x64/x32 bit environment.

1. Right click on the Add-ins and extensions.msi file and select Edit in Orca

*NOTE* If you need to deploy to another language, you will need to build a MST file for each of the language packs.

1. From the Transform menu select New Transform
   1. Select Property from the left hand column

i.      At this point, you can work with Public Properties that you need to customize for your environment.  In this sample, I will be updating the following: (RMS_LOCATION, PORTAL_LOCATION, PORTAL_PREFIX, MONITORED_EMAIL, SITELOCK_DOMAIN, IE7TRUSTEDSITES, BEST_EFFORT_INSTALL)

*NOTE: For more information on the properties mentioned above, refer to the following links:
  -- Unattended installation of FIM 2010
  -- Unattended installation of FIM 2010 R2 Self-Service Password Reset

ii.      What to do when you do not see the property.

1. From the tables menu select Add Row
2. Enter the property name in all capital letters. 
3. Enter the value
4. Click Ok

iii.      What to do when you see the property.

1. Simply double click on the value and update the value.
2. From the Transform menu select Generate Transform
   1. Save it to a good location. 
   2. From the Transform menu select Close Transform
      1. *NOTE*  You have to select the Close Transform menu option.  If you do not you will not be able to associate the MST file with the MSI file.
      2. Close Orca
      3. You should now have an MST file.

For more information on Windows Installer Transforms please visit:

1. http://technet.microsoft.com/en-us/library/cc181086.aspx
2. http://msdn.microsoft.com/en-us/library/aa367447(VS.85).aspx

HOW TO ADD THE INSTALLATION PACKAGE TO GROUP POLICY

1. Open Administrative Tools and double click on Group Policy Management
2. Expand Domains and then your domain
3. Select Default Domain Policy
4. From the Action menu select Edit
5. This will open the Group Policy Management Editor window
6. Expand Computer Configuration > Policies > Software Settings
7. Select Software Installation
8. From the Action menu select New > Package
9. Point to the network share installation point using the UNC path beginning with (e.g. \\machinename\installationshare)
10. Select the Add-ins and extensions.msi file and click Open
11. Select Advanced and click Ok
12. Select Modifications and click Add
13. Point to the MST file that you created and click Ok
14. Open a command-window and type: gpupdate /force
15. You will receive a prompt to restart the computer.  Please press “N” and then press the Enter key. 
    1. *NOTE* This restart option is for the DC and not the client computer.  If you check “Y” here, the DC will prompt you that it is restarting and it will apply the installation policy to itself.
    2. The package is now ready to be deployed

VERIFY THE INSTALLATION PACKAGE ON THE CLIENT

1. Go to the client machine
2. Restart the client machine
3. Open Control Panel and then Programs and Features
4. Notice the installed package
5. Open Microsoft Outlook and start a new mail.  You should see the Group information in the Office Ribbon.

TROUBLESHOOTING

Logging and troubleshooting ideas

• How to enable Windows Installer verbose logging: http://support.microsoft.com/kb/223300
• Fixing Group Policy problems with logging: http://technet.microsoft.com/en-us/library/cc775423(WS.10).aspx
• Troubleshooting Group Policy problems: http://technet.microsoft.com/en-us/library/cc787386(WS.10).aspx
• Troubleshooting Group Policy Application Problems: http://support.microsoft.com/kb/250842
• 1704 – indication that the group policy objects have been successfully deployed.
• 107 – indication that group policy failed on the software installation
• 1040 – indication that the MSIinstaller has began a transaction
• 1042 – indication that the MSIinstaller has ended a transaction

EVENT IDs to be aware of:

EVENTS and RESOLUTIONS
========================================

Log Name:      Application
Source:        Software Installation
Date:          3/9/2010 3:20:34 PM
Event ID:      110
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      USARS.speedskaters.nttest.microsoft.com

Description:
Software Installation was unable to generate the script for \\usars\AandE\x64\Add-ins and extensions.msi.  The following error was encountered: Another installation is already in progress. Complete that installation before proceeding with this install.

RESOLUTION

This means that you have not executed a GPUPDATE yet to fully configure the installation, or you have clicked the Ok button again before the properties window closes.

1. Remove the item that added when the properties window closes.
2. Open a command-prompt
3. Type: gpupdate /force and press the <ENTER> key
4. Go back to the Group Policy Editor and add the package