How to Automatically and Rapidly How to Automatically and Rapidly Deploy Software in a Small Deploy Software in a Small Environment Environment Greg Shields, MVP, Greg Shields, MVP, vExpert vExpert Head Geek, Concentrated Technology www.ConcentratedTech.com
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
How to Automatically and Rapidly How to Automatically and Rapidly Deploy Software in a Small EnvironmentDeploy Software in a Small Environment
There are two halves to rapidly and remotely installing applications:
• Repackaging – A software installation must first be reconfigured to install without prompting the user or requiring additional information.
• Deployment – The repackaged software installation is then loaded into a deployment tool and scheduled for deployment.
Part IPart IThe Art of Software The Art of Software PackagingPackaging
5
RepackagingRepackaging
Consider the typical installation…• Insert the CD/DVD media
• Double-click setup.exe or setup.msi
• Next…Next…Finish…
• Head to the next desktop
In order to deploy the same software automatically and remotely, you must…• Figure out how to complete the software
installation without requiring input by the user.
• Figure out how to execute the reconfigured setup.exe or setup.msi file locally on designated desktops.
RepackagingRepackaging
• Typical software installations arrive in one of essentially two formats.• .EXE-based setup files
•These are slowly going away•Sometimes an EXE will wrap around an MSI
• .MSI-based setup files•These are slowly becoming the primary mechanism for Windows software installations
• Copy-it-yourself formats•These are relatively rare these days.
• Of the first two above, virtually all are packaged using one of the major packaging utilities:• Wise Package Studio• InstallShield• Inno Setup• Nullsoft Scriptable Install System
RepackagingRepackaging
• Each format and packager has its own characteristics and switches.• Adobe Acrobat: %ACROBAT_INSTALLER_EXE% /s /v/qn
•We can tell Acrobat was packaged using InstallShield because of its “/s /v/qn” switch structure.
• Installation switches define the “hidden” parameters that can be used to install the package.
• Silent switches instruct the package to install without prompting for input.
• Some have neither. Some have nothing.• Thus, while every software installation is
different, they are in many ways the same.• You need to sleuth out if switches exist and what they
are• …or decide to use more complex techniques.
Repackaging – MSIRepackaging – MSI’’ss
• MSI installation works with the native Microsoft Installer system• Microsoft Installer is the framework built into every
modern version of Windows• Easy to work with because “silent” switches are
common across all installations.• Deployment and packaging tools can often
automatically interrogate the MSI database and determine silent installation and customizations.• We’ll talk about “packaging tools” in a minute.
• Customization and silencing can be done at command-line or via transform.• msiexec /i AppA.msi DESKTOP_SHORTCUTS=0• msiexec /i AppB.msi TRANSFORMS=custom.mst
MSI ExamplesMSI Examples
The standard command syntax for any MSI is…• msiexec.exe – invokes the installer
/i – Install/a – administrative install/l* – Log all information/q – No user interface/qb- – Basic user interface with no dialog boxesPROPERTYNAME=PropertyValue – Customization properties
– Run the installer with the /r switch on a reference machine
– Proceed through the dialogs, answering prompts as you would on the client machine
– Complete the installation
– The installation will create a setup.iss file in %windows%
– Use this file to run the installation
– setup.exe /s /f1setup.iss [/f2logfile.txt]
InstallShield (new school, wrapped MSI)– Setup.exe /s /v/qb
– Characters after /v are passed to the wrapped MSI file.
Wise Package Studio, Others…– setup.exe /s
EXE ExamplesEXE Examples
Also Try…– /a
– /q:a /r:n
– /silent
– /passive
– /quiet
– /norestart
– /?
– /help
/? and /help will often pop up a dialog box with more information.
EXE ExamplesEXE Examples Many EXEs these days are actually MSI wrappers
– This means the EXE does little more than launch an MSI installation
– fileName /s /v/qn – Anything after the /v is passed to the wrapped MSI file
The /a switch can perform an “administrative install”, which sometimes will unpack that MSI
Alternatively, invoking the EXE installation but not running it through to completion will do the same– Double-click the EXE
– Wait for it to unpack
– When the first prompt appears, check %temp% for unpacked MSI install files
It all depends on who wrote the installer…
DEMODEMOAnalyzing an EXE InstallationAnalyzing an EXE Installation
16
Repackaging – DiffRepackaging – Diff’’ss
• Some software is exceedingly complicated, doesn’t include “silent switches”, or simply won’t install with the other two mechanisms.• For these, we run a “diff”.
• The process to do this…• Build a barebones desktop of the same OS/SP. Virtual
machines make this easy.• Snapshot its initial configuration.• Install and configure the application.• Re-Snapshot again.• Run the packager’s “diff” tool to log and subsequently
package the file/driver/registry changes.• In some cases this is easier than an EXE
install.
Repackaging – DiffRepackaging – Diff’’ss
Big problem: Most packagers that can do this are expensive (Many are ≥ $500).• Caphyon Advanced Installer
• WinINSTALL MSI Packager
• Wise for Windows Installer
• EMCO MSI Package Builder
• Acresso AdminStudio
• Acresso InstallShield
Some freeware/shareware alternatives…• Some of the above’s “free” versions
• SMSInstaller
• WinINSTALL LE (from W2000 media, v2003 on-line)WinINSTALL LE 2003 for our demos
later.
DEMODEMOAnalyzing a Analyzing a ““diffdiff”” Installation Installation
WinINSTALL LE 2003 can be found at:http://www.appdeploy.com/downloads/detail.asp?
For nearly all Windows applications, customization is stored in the registry.• Whole-machine customization in HKLM.• Per-user customization in HKCU.
The easiest way to determine post-installation customization is through the same “diff” packager tool.• Snapshot after installation, make single config change,
re-snapshot, package reg change, distribute as “application”.
• HKLM easier to manipulate.• HKCU can be difficult as user must be
logged in for HKCU hive to be loaded.• HKCU hive manipulation possible offline using
“reg” tool.• Also possible to use User Configuration in
Windows Group Policy.• This process gets substantially easier with
Group Policy Preferences.• The old mechanism involved creating custom
ADM files for registry manipulation.• GPPs take almost all the coding out of this
process
DEMODEMOUsing Using ““diffsdiffs”” for Configuration for Configuration ControlControl
Group Policy PreferencesGroup Policy Preferences
Applications and Windows itself stores its configurations either in the registry or in files.– Controlling that configuration meant an easy way to modify (and
lock down) those registry keys and files.
What was needed…– A toolset that allows admins to easily input custom configurations
– Data sources, devices, folder options, local users and groups, network options, power options, printers, scheduled tasks, services
All this needs to integrate with existing Group Policy and work with all clients.
Group Policy PreferencesGroup Policy Preferences
Group Policy PreferencesGroup Policy Preferences
Group Policy PreferencesGroup Policy Preferences
What you need…– Server 2008 or Vista SP1 with the Remote Systems
Administration Toolkit (RSAT) as the location for management.
– CSE’s for down-level clients. This includes Vista RTM, Server 2003, and XP. CSE’s are the client processing components that recognize the use of GPP’s.
– The knowledge, experience, and intestinal fortitude to start really, really working with the registry of your clients from a global perspective.
Who here is still scared of directly manipulating the registry?
DEMODEMOGroup Policy Group Policy PreferencesPreferences
Part IIPart IIThe Science of Software The Science of Software DeploymentDeployment
From Package to SoftwareFrom Package to Software
Now that you’ve got a software package, you need to get it deployed to machines.
Multiple software deployment solutions exist, with various price points…• Microsoft ConfigMgr 2007
• Microsoft SCE 2007
• Altiris
• Kaseya
• Kace KBOX
• Active Directory
• PSExecFree
Not Free
GP Software InstallationGP Software Installation
Group Policy Software Installation (GPSI) is no cost and arrives as a component of Active Directory– Generally limited to MSI installations.
ZAP files allow limited use of EXE installations. Programmatic.
– Challenging learning curve
– (If not set up right) Eliminating GP can automatically uninstall software
– No reporting component. No way to know where failures have occurred.
…but, it is free.
GP Software InstallationGP Software Installation Four Steps to installing software via GPSI:
– Obtain a “silenced” MSI installation package
– Create a software distribution shared folder
– Create a GPO
– Assign or Publish the software
Assignment vs. Publishing– When a package is Assigned, the software isn’t
downloaded and installed until its initial use. The user must click its icon to start the process.Eliminates software that users don’t use, but increases the time to start on first use.
– When a package is Published, it appears in Add/Remove Programs.The user must choose to “Install a program from the network”You cannot Publish to Computer objects
DEMODEMOGroup Policy Software Group Policy Software InstallationInstallation
32
PSExec-based InstallationPSExec-based Installation The problem with GPSI is its reliance on Group Policy.
– Group Policy refresh intervals take time.
– Little to no reporting capabilities. Hard to know where it worked and where it didn’t.
– Sometimes you just want to push immediately, without waiting, and without creating GPOs.
PSExec is a remote command execution tool.– Runs commands on remote systems as if they were local.
– Clientless
– Free
– Part of the PSTools from Microsoft (formerly Sysinternals)
– Any executable that you would run locally could be run remotely via PSExec. You just need to encode the executable properly.