MSIEXEC and application uninstall tip

I was inspired to write this post when a colleague of mine approached me today asking how to uninstall a previous version of an MSI and install a newer version. While this doesn’t directly tie int to OS Deployments, the need to uninstall & reinstall applications deployed on the estate is a very common task amongst Enterprise Solutions Administrators. Unfortunately, there isn’t a single command you can run from MSIEXEC which will find and destroy all older versions of an application. To do this, it would require the use of WISE packaging studio, or some other app packaging program.

One of the easiest methods for uninstalling an MSI is to use the /x command. Here is an example below.

msiexec /x “c:\vmtools\VMware Tools.msi” /qn /norestart /log c:\toolsUnInstall.log

However, what if you find yourself in the scenario where you don’t have the MSI of the older version you’re trying to uninstall. Luckily, that information can be found in the REGISTRY.

The information can be found at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

There should be the product ID there as well as a direct command you can run to uninstall the software.




Folder Redirection Policy for Windows 7

Raise your hand if you’re using Windows XP in your corporate environment and make use of a VPN client to connect back to your network resources when you’re off campus. Does your company leverage any type of manual folder redirection for your My Documents folder to point to a network location? If so, how many of you struggle with accessing your home directory (e.g. My Documents) when you’re working away from the office. This is a very common complaint amongst the information worker. The issue is, when you go home, logon to your laptop, connect to the VPN, and click on your My Documents, you don’t have access to your data. My wife complains to me, “Why can’t I access my home drive?!” This is because when you logon to your machine, you’re not connected to the corporate network. A workaround is either knowing the UNC on the network you can browse to access your data. While this can be annoying for some, but an annoyance anyway, there are solutions out there that can help.

My first piece of advice is to eliminate the use of the VPN client altogether. There are technologies out there that can provide a more , Cisco’s AnyConnect or Microsoft’s Direct Access solution. Depending on customer requirements, you’ll need to examine the clientessVPN solutions that are out on the market.

As part of your Windows 7 Deployment Project, you may consider leveraging group policies to create a more secure and managed desktop environment. Folder redirection is one of the policies you might want to consider. Generally speaking most organizations have a User Data Policy, which dictates where user data should be stored. In the corporate environment it is a very good idea to backup user data to a network location such as  SharePoint, Network Share, Home Directory, etc. Alternatively, the use of external devices such as USB, external hard disk, etc. can be used. Folder redirection policy is a great way to ensure that as a user logs on, their documents are pointed to a network location.

When creating a new User Account in Active Directory Users & Computers (ADUC), you have the ability to create a Home Folder to point to a network location. One of the most common scenarios is to map a Drive Letter to point to a specific UNC on a filer where you would like to store the user’s My Documents folder.

Additionally, if your intention is to implement Windows RE into your deployment solution, Documents Folder Redirection is a critical piece of the ability to self restore a PC. If the user’s primary source data is not kept on a Network Share, when the System Image Restore process is initiated, there is some potential for the loss of all local data.

Configuring Folder Redirection Policy in Windows 7

Step by Step

1)      In the GPMC, right-click the OU on which you want to apply Folder Redirection (at the time of this writing the policy is configured on Test OU – Test – Users) , and choose “Create a GPO in this domain, and Link it here.”

2)      Name the GPO, say, “Win 7 Documents Folder Redirection

3)      Right-click on the policy and choose Edit.

4)      Drill down to Folder Redirection: Select User ConfigurationPoliciesWindows SettingsFolder Redirection

5)      Go to the Documents folder, right-click and choose Properties.

6)      On the Target tab make the Setting set to Basic – Redirect everyone’s folder to the same location.

7)      The Target folder location is set to Redirect to the following location

8)      The Root Path is set to %HomeShare%\My Documents

9)      Click Apply



Windows 7 Deployment Useful Tip # 1 – Creating Read-only partitions during deployment with MDT 2010

Depending on your organization’s security policy, you may have the need to make a partition read-only. I have been working on a solution for the last 4 weeks to implement Windows RE into the build process with MDT 2010. Because of security requirements, this drives needs to be marked as read-only.

In MDT 2010 Task Sequence, you can do this by configuring two command lines during State Restore.

Task Sequence steps were created to run CACLS command line to make R: drive Read-Only for “Authenticated Users”.


cacls R: /E /R “Authenticated Users”

Highlight Tip with Trace32.exe

I was working with Scott Culbertson (MCS) today troubleshooting a custom process to install HP hardware based drivers using the SSM.EXE tool. He shared a useful tip when using Trace32.exe. We were parsing through the SMSTS.log looking for validation on some specific conditions set in the task sequence. In this particular case there was an entire Group in State Restore that was being skipped completely. One useful thing you can do with Trace32.exe is Highlight the specific error you’re searching for. This is particularly helpful when searching through lengthy log files looking for a specific error or step in the TS.

Open Trace32.exe and go to Highlight. From there you can enter the string to search for and all lines containing the text will be highlighted.

Simple, but useful tip. 🙂

Unattend.XML, Windows 7 Deployments, and PC naming

You may experienced an error when installing Windows 7, “Windows could not parse or process unattend answer file [C:\Windows\Panther\unattend.xml] for pass [specailize]. The answer file is invalid.”

There could be several reasons for this error and the best place to start looking is in the Windows Setup log file in C:\Windows\Panther. In this case, I found the following error in the setup log.

<ComputerName>MENDTVMware-50 0e 64 8d bd df 91 77-98 ee 3b a4 bb 58 7b b4</ComputerName>

Windows has a limit of 15 characters for the computer name. To resolve this issue, you may want to reconsider your PC naming convention strategy in your organization. 🙂