HKLM\Software\Policies\Microsoft\Shared Tools\Web Server Extensions\14.0\ SharePoint\DisableInstall (DWORD): 1
This will ensure that setup.exe is blocked on the computer. You can use domain group policy to add this registry setting to all computers. If you want to do this using PowerShell, you will require Group Policy PowerShell cmdlets. The following steps will show you how to do that.
Import-Module GroupPolicy Set-GPRegistryValue -Name "Default Domain Policy" -Key "HKLM\Software\Policies\Microsoft\Shared Tools\Web Server Extensions\14.0\SharePoint" -ValueName "DisableInstall" -Type DWORD -Value 1
The above commands will first import the Group Policy cmdlets and then use Set-GPRegistryValue cmdlet to include the new registry setting. Since we changed the default domain policy iteself, it will now apply to all the systems in the domain. Once this setting is applied, if you try to run SharePoint 2010 setup.exe, you will see a message as shown here.
Blocked SharePoint install
Now, there are several ways to unblock a computer from this group policy to deploy SharePoint 2010 on it. For smaller number of computers, you can just create a WMI filter to filter to all the computer names and assign that filter to GPO. Something similar to what is shown in the below screenshot.
WMI Filter
In the above example, I wanted to unblock (or not apply the registry key) SharePoint 2010 install on computer named WFE3. So, before GPO starts applying the settings to a target computer, it will first evaluate the given WMI query and applies the settings only if the query evaluates to true. Since I am cheking for computer name “not equals” WFE3, this will return false on a computer named WFE3. This is probably the easiest way to exclude computers from a GPO. But, if the number of servers is large, you can create a separate OU and place all the authorized computers in that OU where the domain group policy is not applied.
This is it for today. I will talk about how to track SharePoint 2010 installs in an enterprise using active directory and PowerShell in the next post. Stay tuned.!
