I have an MSI which is configured for machine level installation because it is a device driver.
I can deploy it via Active Directory and Group Policy just fine. However on a newly booted machine a user can login before the installation has a chance to complete and I get an warning in the event log saying it couldn't complete and will be tried at next reboot.
How can I make the login screen wait for the installation to be completed?
You may want to test the SyncForegroundPolicy group policy setting. When enabled, you should see the Software Installation splash banner before the logon dialog.
"This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing is not synchronous; client computers typically do not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available.
"Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two logons to be detected."
You can't, really.
There's no native way to do it, and the only ways to work around it I (or the folks at MS) are aware of involve hacky workarounds like disabling the keyboard and mouse or adding a long
waitperiod to the script or boot routine that would prevent anything else from happening, either of which is likely to prompt the user to make a bigger mess by hitting the power button.Best approach I can think of it to tell everyone to reboot their machines when they leave for the day so that the installation has plenty of time to finish while all the users are not around to muck things up.
If that's not an option for whatever reason, you could try making the install a logoff or shutdown script - which should force the logoff or shutdown to wait for the installation to finish before proceeding. Of course, this would require that your users actually logoff or shutdown as a semi-regular activity, which my experience tells me isn't very likely.