Force Group Policy installed software to reinstall

Navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup PolicyAppMgmt

Subkeys contain information about deployed software. Find the one with the correct product name and delete that key.

Then run gpupdate /force


UNC hardening

Create a new GPO that applies to ALL computers and servers. (Configure Group Policy to apply to all domain-joined computers link)

Computer Configuration > Policies > Administrative Templates > Network > Network Provider: Hardened UNC paths


Enable it and add these two entries:

\*NETLOGON  RequireMutualAuthentication=1, RequireIntegrity=1
\*SYSVOL    RequireMutualAuthentication=1, RequireIntegrity=1

Computer Configuration > Preferences > Windows Settings > Shortcuts

Add new shortcut, type in a name, target type – file system object (file/folder), web URL, or shell object (My Computer, My Documents, My Network Places, etc)

Location – All users desktop

Can leave everything else blank.

Software installation Group Policy

Create a folder & set share permissions (not folder permissions) to allow read access to Everyone. Put the MSI file in that folder.

Create a GPO, Computer configuration > Policies > Software Settings > Action > New > Package

Type in the UNC path to the MSI (e.g. \serversharedchrome.msi)

Choose assigned, click OK.

Set up Central Store and install ADMX templates

Create a folder %windir%SYSVOLsysvol[Domain Name]PoliciesPolicyDefinitions

Copy files from %windir%PolicyDefinitions to PolicyDefinitions folder on the server (\[server]SYSVOL[Domain Name]PoliciesPolicyDefinitions) – the en-US folder and the admx files.

Now, downloaded ADMX templates can be installed – copy en-US folder and admx file into PolicyDefinitions folder (on server)

Blog at

Up ↑