Mailbag: How can I deploy the .NET Framework 2.0 using Group Policy?

Question

You previously posted a set of instructions that can be used to run the .NET Framework 2.0 setup by calling the MSI directly. The instructions in that post describe a command line parameter named ADDEPLOY that needs to be passed to msiexec.exe to allow the MSI to install correctly.

I want to deploy the .NET Framework 2.0 in my network using Group Policy. I cannot specify a command line parameter like ADDEPLOY in the Group Policy deployment package creation UI. How can I deploy the .NET Framework 2.0 MSI on my network using Group Policy?

Answer

The following example steps can be used to create a Group Policy object to deploy the .NET Framework 2.0 in a network:

  1. Click on the Start menu, choose Run and type cmd
  2. Create an administrative install point for the .NET Framework 2.0 by running dotnetfx.exe /c:"install.exe /a" and stepping through the wizard UI
  3. Add the netfx.msi that is created in the administrative install point created above to the Group Policy object. The path to netfx.msi must be located on a share that is accessible from all computers where it will be deployed to, not on a local path (example - \\server\share\netfx20\netfx.msi not C:\netfx20\netfx.msi)

It is important to note that the .NET Framework 2.0 only supports deployment by machine assignment, not by user publishing. This is because the user may not be an administrator on the machine in the advertised scenario, and because the .NET Framework is a per-machine and not a per-user application.

Behind the scenes, the .NET Framework 2.0 MSI has a custom action named CA_BlockDirectInstall_GUIH_SKU_URT that is used to prevent users from installing by double-clicking on the MSI directly. This custom action has the following complex condition statement in the InstallExecuteSequence table:

( NOT (ADDEPLOY = 1 OR USING_EXUIH = 1 OR USING_EXUIH_SILENT = 1 OR ADVERTISED = 1 OR ProductState >= 1) ) AND ( NOT (ADDEPLOY = 1 OR USING_EXUIH = 1 OR USING_EXUIH_SILENT = 1 OR ADVERTISED = 1 OR ProductState >= 1) )

The ADVERTISED property will be automatically set if you create a Group Policy object to deploy the .NET Framework 2.0 MSI to a network by machine assignment.