rapidly deploying software
DESCRIPTION
TRANSCRIPT
How to Automatically and Rapidly How to Automatically and Rapidly Deploy Software in a Small EnvironmentDeploy Software in a Small Environment
Greg Shields, MVP, vExpertGreg Shields, MVP, vExpertHead Geek, Concentrated Technologywww.ConcentratedTech.com
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it
within your own organization however you like.
For more information on our company, including information on private classes and upcoming conference appearances, please
visit our Web site, www.ConcentratedTech.com.
For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg
This work is copyright ©Concentrated Technology, LLC
AgendaAgenda
Topics– Part I: The Art of Software
Packaging– Part II: The Science of Software
Deployment
3
Many IT Professionals have problems with automated software distribution because it feels
like a complicated topic.
But there are really two halves:Software Packaging
…and…Software Deployment
In this session, you’ll learn the nuances of both.
Automated Software DeploymentAutomated Software Deployment
There are two halves to rapidly and remotely installing applications:
• Repackaging – A software installation must first be reconfigured to install without prompting the user or requiring additional information.
• Deployment – The repackaged software installation is then loaded into a deployment tool and scheduled for deployment.
Part IPart IThe Art of Software The Art of Software PackagingPackaging
5
RepackagingRepackaging
Consider the typical installation…• Insert the CD/DVD media
• Double-click setup.exe or setup.msi
• Next…Next…Finish…
• Head to the next desktop
In order to deploy the same software automatically and remotely, you must…• Figure out how to complete the software
installation without requiring input by the user.
• Figure out how to execute the reconfigured setup.exe or setup.msi file locally on designated desktops.
RepackagingRepackaging
• Typical software installations arrive in one of essentially two formats.• .EXE-based setup files
•These are slowly going away•Sometimes an EXE will wrap around an MSI
• .MSI-based setup files•These are slowly becoming the primary mechanism for Windows software installations
• Copy-it-yourself formats•These are relatively rare these days.
• Of the first two above, virtually all are packaged using one of the major packaging utilities:• Wise Package Studio• InstallShield• Inno Setup• Nullsoft Scriptable Install System
RepackagingRepackaging
• Each format and packager has its own characteristics and switches.• Adobe Acrobat: %ACROBAT_INSTALLER_EXE% /s /v/qn
•We can tell Acrobat was packaged using InstallShield because of its “/s /v/qn” switch structure.
• Installation switches define the “hidden” parameters that can be used to install the package.
• Silent switches instruct the package to install without prompting for input.
• Some have neither. Some have nothing.• Thus, while every software installation is
different, they are in many ways the same.• You need to sleuth out if switches exist and what they
are• …or decide to use more complex techniques.
Repackaging – MSIRepackaging – MSI’’ss
• MSI installation works with the native Microsoft Installer system• Microsoft Installer is the framework built into every
modern version of Windows• Easy to work with because “silent” switches are
common across all installations.• Deployment and packaging tools can often
automatically interrogate the MSI database and determine silent installation and customizations.• We’ll talk about “packaging tools” in a minute.
• Customization and silencing can be done at command-line or via transform.• msiexec /i AppA.msi DESKTOP_SHORTCUTS=0• msiexec /i AppB.msi TRANSFORMS=custom.mst
MSI ExamplesMSI Examples
The standard command syntax for any MSI is…• msiexec.exe – invokes the installer
/i – Install/a – administrative install/l* – Log all information/q – No user interface/qb- – Basic user interface with no dialog boxesPROPERTYNAME=PropertyValue – Customization properties
• msiexec /qb- /l* logfile.txt /i setup.msi NAME=Value
• msiexec /qb- /l* logfile.txt /i macromedia_dreamweaver_8.msi SERIALNUMBER={value} REBOOT=SUPRESS
DEMODEMOAnalyzing an MSI InstallationAnalyzing an MSI Installation
11
Repackaging – EXERepackaging – EXE’’ss
EXE files tend to have no centralized schema for silent installation and customization.• Often post-installation registry hacking is needed to
customize.
• This is much less hard now with Group Policy Preferences
• Depending on the packager used to create the EXE, there are some known tricks.
Finding the correct “silent switches” is key to installing properly.• AppA.exe /s /v/qn
• AppB.exe /quiet /norestartDon’t reinvent the wheel. Go to www.appdeploy.com for a list of common applications and their silent
switches.
EXE ExamplesEXE Examples InstallShield (old school)
– Run the installer with the /r switch on a reference machine
– Proceed through the dialogs, answering prompts as you would on the client machine
– Complete the installation
– The installation will create a setup.iss file in %windows%
– Use this file to run the installation
– setup.exe /s /f1setup.iss [/f2logfile.txt]
InstallShield (new school, wrapped MSI)– Setup.exe /s /v/qb
– Characters after /v are passed to the wrapped MSI file.
Wise Package Studio, Others…– setup.exe /s
EXE ExamplesEXE Examples
Also Try…– /a
– /q:a /r:n
– /silent
– /passive
– /quiet
– /norestart
– /?
– /help
/? and /help will often pop up a dialog box with more information.
EXE ExamplesEXE Examples Many EXEs these days are actually MSI wrappers
– This means the EXE does little more than launch an MSI installation
– fileName /s /v/qn – Anything after the /v is passed to the wrapped MSI file
The /a switch can perform an “administrative install”, which sometimes will unpack that MSI
Alternatively, invoking the EXE installation but not running it through to completion will do the same– Double-click the EXE
– Wait for it to unpack
– When the first prompt appears, check %temp% for unpacked MSI install files
It all depends on who wrote the installer…
DEMODEMOAnalyzing an EXE InstallationAnalyzing an EXE Installation
16
Repackaging – DiffRepackaging – Diff’’ss
• Some software is exceedingly complicated, doesn’t include “silent switches”, or simply won’t install with the other two mechanisms.• For these, we run a “diff”.
• The process to do this…• Build a barebones desktop of the same OS/SP. Virtual
machines make this easy.• Snapshot its initial configuration.• Install and configure the application.• Re-Snapshot again.• Run the packager’s “diff” tool to log and subsequently
package the file/driver/registry changes.• In some cases this is easier than an EXE
install.
Repackaging – DiffRepackaging – Diff’’ss
Big problem: Most packagers that can do this are expensive (Many are ≥ $500).• Caphyon Advanced Installer
• WinINSTALL MSI Packager
• Wise for Windows Installer
• EMCO MSI Package Builder
• Acresso AdminStudio
• Acresso InstallShield
Some freeware/shareware alternatives…• Some of the above’s “free” versions
• SMSInstaller
• WinINSTALL LE (from W2000 media, v2003 on-line)WinINSTALL LE 2003 for our demos
later.
DEMODEMOAnalyzing a Analyzing a ““diffdiff”” Installation Installation
WinINSTALL LE 2003 can be found at:http://www.appdeploy.com/downloads/detail.asp?
id=4654
Post-Installation CustomizationPost-Installation Customization
For nearly all Windows applications, customization is stored in the registry.• Whole-machine customization in HKLM.• Per-user customization in HKCU.
The easiest way to determine post-installation customization is through the same “diff” packager tool.• Snapshot after installation, make single config change,
re-snapshot, package reg change, distribute as “application”.
Post-Installation CustomizationPost-Installation Customization
• HKLM easier to manipulate.• HKCU can be difficult as user must be
logged in for HKCU hive to be loaded.• HKCU hive manipulation possible offline using
“reg” tool.• Also possible to use User Configuration in
Windows Group Policy.• This process gets substantially easier with
Group Policy Preferences.• The old mechanism involved creating custom
ADM files for registry manipulation.• GPPs take almost all the coding out of this
process
DEMODEMOUsing Using ““diffsdiffs”” for Configuration for Configuration ControlControl
Group Policy PreferencesGroup Policy Preferences
Applications and Windows itself stores its configurations either in the registry or in files.– Controlling that configuration meant an easy way to modify (and
lock down) those registry keys and files.
What was needed…– A toolset that allows admins to easily input custom configurations
without requiring coding.
– Environment variables, files, folders, INI files, registry settings, network shares, shortcuts
– Data sources, devices, folder options, local users and groups, network options, power options, printers, scheduled tasks, services
All this needs to integrate with existing Group Policy and work with all clients.
Group Policy PreferencesGroup Policy Preferences
Group Policy PreferencesGroup Policy Preferences
Group Policy PreferencesGroup Policy Preferences
What you need…– Server 2008 or Vista SP1 with the Remote Systems
Administration Toolkit (RSAT) as the location for management.
– CSE’s for down-level clients. This includes Vista RTM, Server 2003, and XP. CSE’s are the client processing components that recognize the use of GPP’s.
– The knowledge, experience, and intestinal fortitude to start really, really working with the registry of your clients from a global perspective.
Who here is still scared of directly manipulating the registry?
DEMODEMOGroup Policy Group Policy PreferencesPreferences
Part IIPart IIThe Science of Software The Science of Software DeploymentDeployment
From Package to SoftwareFrom Package to Software
Now that you’ve got a software package, you need to get it deployed to machines.
Multiple software deployment solutions exist, with various price points…• Microsoft ConfigMgr 2007
• Microsoft SCE 2007
• Altiris
• Kaseya
• Kace KBOX
• Active Directory
• PSExecFree
Not Free
GP Software InstallationGP Software Installation
Group Policy Software Installation (GPSI) is no cost and arrives as a component of Active Directory– Generally limited to MSI installations.
ZAP files allow limited use of EXE installations. Programmatic.
– Challenging learning curve
– (If not set up right) Eliminating GP can automatically uninstall software
– No reporting component. No way to know where failures have occurred.
…but, it is free.
GP Software InstallationGP Software Installation Four Steps to installing software via GPSI:
– Obtain a “silenced” MSI installation package
– Create a software distribution shared folder
– Create a GPO
– Assign or Publish the software
Assignment vs. Publishing– When a package is Assigned, the software isn’t
downloaded and installed until its initial use. The user must click its icon to start the process.Eliminates software that users don’t use, but increases the time to start on first use.
– When a package is Published, it appears in Add/Remove Programs.The user must choose to “Install a program from the network”You cannot Publish to Computer objects
DEMODEMOGroup Policy Software Group Policy Software InstallationInstallation
32
PSExec-based InstallationPSExec-based Installation The problem with GPSI is its reliance on Group Policy.
– Group Policy refresh intervals take time.
– Little to no reporting capabilities. Hard to know where it worked and where it didn’t.
– Sometimes you just want to push immediately, without waiting, and without creating GPOs.
PSExec is a remote command execution tool.– Runs commands on remote systems as if they were local.
– Clientless
– Free
– Part of the PSTools from Microsoft (formerly Sysinternals)
– Any executable that you would run locally could be run remotely via PSExec. You just need to encode the executable properly.
psexec \\computerName cmd
PSExec-based InstallationPSExec-based Installation
Although PSExec was intended for running basic commands on remote computers, it can be used to invoke the Windows Installer.
psexec \\computerName “c:\windows\system32\msiexec.exe” /i \\server\packageShare\setup.msi– Useful for onsey-twosey installs once packages are
created.
DEMODEMOPSExec-based InstallationPSExec-based Installation
For Cost SolutionsFor Cost Solutions
Both of these solutions suffer from limitations…– They’re relatively hard to use.
– They are not inventory-based.
– They have no reporting component.
– There is little to no security & workflow associated with software distribution.
For Cost Solutions exist that add these necessary features for the not-so-small environment.• Microsoft ConfigMgr 2007, Microsoft SCE 2007,
Altiris, Kaseya, Kace KBOX, others…
• Prices range from “wow” to “HOLY WOW”.
This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it
within your own organization however you like.
For more information on our company, including information on private classes and upcoming conference appearances, please
visit our Web site, www.ConcentratedTech.com.
For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg
This work is copyright ©Concentrated Technology, LLC