Wednesday, December 7, 2011

Redeploy Group Policy Application

So you uninstall an application from a client machine and now want Active Directory to redeploy the application via Group Policy Software Installation. You don't want to redeploy the app domain wide so where do we go? The registry right? That would be correct but where and what keys/values? Microsoft recommends redeployment by deleting the respected subkey in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt

Here is the article from MS.

But here is an easier way to list those keys. PowerShell style!
Wildcards are allowed for the Parameter 'ApplicationName'

function Get-GPODeployedApp {

<# .SYNOPSIS Lists all of the group policy applied applications on the local computer. .DESCRIPTION Lists all of the keys under hklm:\software\microsoft\windows\currentversion\group policy\appmgmt This key contains all of the applied group policy software installations. .PARAMETER ApplicationName Filter on the GPO Name or the GPO Deployment Name .EXAMPLE PS C:\> Get-GPODeployedApp
Lists all of the applied GPO Software Installations.
PS C:\> Get-GPODeployedApp -ApplicationName Acrobat

param ([string]$ApplicationName = '')
# Get all keys for GPO Application installations
$keys = ls 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt' | Get-ItemProperty |
where { $($_."gpo name" -match $applicationName) -or $($_."Deployment Name" -match $applicationName) }

# Build custom object
foreach ($key in $keys) {
$myObject = New-Object -TypeName system.Object

$myObject | Add-Member -MemberType noteproperty -Name GPO_Name -Value $key."gpo name"
$myObject | Add-Member -MemberType noteproperty -Name DeploymentName -value $key."Deployment Name"
$myObject | Add-Member -MemberType noteproperty -Name GPO_ID -Value $key."gpo id"
$myObject | Add-Member -MemberType noteproperty -Name Path -Value $key.pspath



Ok so now we have listed all the subkeys. How do we remove them? Here is the function on how. It accepts pipeline input from the above function so you can do something like this:

Get-GPODeployedApp -ApplicationName Acrobat | Remove-GPODeployedApp

Remember, making registry changes require that you run the Remove-GPODeployedApp as Administrator with UAC turned on.

function Remove-GPODeployedApp {

<# .SYNOPSIS Remove GPO keys from registry for GPO application redeployment. Must be ran as Administrator. .DESCRIPTION Removes the required keys from the local registry so GPO installed applications can be redeployed. The cmdlet must be ran as Administrator. .PARAMETER Path The registry path to the key that is to be deleted. .EXAMPLE PS C:\> Remove-GPODeployedApp -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\{a903040e-351f-4...'
This deletes the gpo key for any given application. Run gpupdate /force for GPO
PS C:\> Get-GPODeployedApp -ApplicationName Acrobat | Remove-GPODeployedApp
This filters all keys with Get-GPODeployedApp function and removes them with the
Remove-GPODeployedApp. Run gpupdate /force for GPO redeployment.
PS C:\> Get-GPODeployedApp | Remove-GPODeployedApp
This will remove all applied GPO application installation keys. Run gpupdate /force for GPO

[Parameter(Position=0, Mandatory=$true,ValueFromPipeline=$True,

process {
Remove-Item -Path $path -confirm
end {


No comments: