|
Unattended for automated Windows installs. WSUS for Windows/Office updates. WPKG for non-MS software updates.
|
#
¿
Jul 14, 2010 22:09
|
|
|
|
| # ¿ Apr 27, 2024 00:02 |
|
|
Syano posted:I've never seen WPKG. Can you give me a little insider info on how it works for you, maybe some things you like and don't like? It's a free open source project so naturally the documentation is garbage. Sorry if this is a bit long, but I've meaning to write some documentation on WPKG and this about as close as I'm going to get for a while. Basically it's a single javascript file. It reads from 3 XML files from a file server share that define software packages, software profiles, and hosts. On the workstation side you install the WPKG Client which is just a service that runs as SYSTEM. The service pulls runs wpkg.js at start up which then pulls the 3 xml files off a file server share. Every piece of software you want to potentially install on any machine gets a definition in packages.xml. The package definition has an ID, like a short name that doesn't change with new versions like "pdfcreator" and a full name including version that shows up in event log messages. Then it has a revision number which is different from the software version (although many people put the version in there and it's a bad idea). The revision number is how wpkg.js knows that it needs to update the software from the new package definition. There are some other fields like whether or not reboot is allowed afterwards and a priority level. The package definition has one or more "checks" to determine the installed version, and then one or more actions for install, update, and remove. The actions are processed in order. Here's a simple example for Silverlight: code:Once you have your packages defined then you can start making software profiles. I use a default profile that includes the software everyone gets, and then extra profiles for any software that only some machines get. You can make one profile depend on another profile and hosts can be assigned multiple profiles. code:code:I use a dedicated machine for testing new package definitions. It has a WPKG Client configured to get it's XML files from \\server\WPKG-test instead of \\server\WPKG. When they're ready to deploy I just copy them over to \\server\WPKG. What I like about it is that it makes sense to my unixy mind. It works a lot like unix-style package systems, and it's all driven by text files. I also like easy and automated it is to use once you figure it out and get it set up. I don't have to spend weekends at work manually updating software anymore. Ugh. What I don't like is the reporting, which is basically non-existent. You can connect to the remote event viewer logs to see the messages but I find that inconvenient. I rolled my own Python script to find the installed versions of software and report if it's not current. This hasn't been a big issue though, WPKG just works.
|
|
#
¿
Jul 15, 2010 18:01
|
|
|
Welcome to the forums Ben. Don't sign your posts. I posted back on the first page about using WPKG to manage software installation and updates. One thing I said I didn't like was the reporting. I just saw on the WPKG mailing list a better way to do reporting. Create a package definition that always runs and copies the WPKG xml (containing what is installed and which revision) back to a network share: code:
|
|
#
¿
Aug 22, 2010 23:39
|
|
|
I use the msi on a 32-bit OS with WPKG so it "just works". You might find some useful information on the WPKG wiki: http://wpkg.org/Java#Alternate_Java_6_.28JRE.2FSDK.29_Installer_.28seems_very_complicated.29 Software management is one place that Windows really sucks compared to Linux and BSD.
|
|
#
¿
Aug 24, 2010 00:26
|
|
|
Noel posted:Didn't they deprecate -ms? It's undeprecated now. https://wiki.mozilla.org/Installer:Command_Line_Arguments
|
|
#
¿
Feb 11, 2011 17:56
|
|
|
quackquackquack posted:As much as I enjoy pandering to my mild OCD, is there any reason to uninstall pre 1.6u10 versions of java (when in-place upgrades began)? I don't know about update prompts, but you should remove old versions of Java for security reasons.
|
|
#
¿
Mar 1, 2011 23:41
|
|
|
AcridWhistle posted:I think starting with 1.6u20 or 21 that it uninstalls previous versions. I may be wrong. It was 1.6u10. WPKG has the msiexec commands to uninstall old versions: http://wpkg.org/Java#Uninstalling_Old_Versions
|
|
#
¿
Mar 2, 2011 19:31
|
|
|
quackquackquack posted:I'd love to hear of a better way to do this. I know this thread is pretty heavily biased towards SCCM and other MS products, but I have posted a few times about WPKG which works well in our environment of Samba 3 and XP workstations. The short version is that I manually keep track of which user is assigned to which computer in a spreadsheet. I use WPKG to assign software to profiles and profiles to computers based on Windows computer name. Here are the gory details... WPKG is a JavaScript file that handles installing, updating and removing software. It is typically run as SYSTEM by WPKG Client, a service that runs on Startup. The configuration for WPKG is a handful of XML files with fairly simple structure: packages.xml, profiles.xml and hosts.xml. Packages.xml defines pieces of software with version number, configurable checks to determine if they're installed, and then groups of commands to be run in order to install, upgrade, downgrade, or remove the software. You can put any executable command into these command statements. Most packages just use msiexec, but some software needs customization with reg commands, copying additionally files, running vbscript, etc. code:code:code:You can also define a Profile and apply it to multiple computers, like if an entire department needed a certain set of applications. If user gets a new computer or moves to a computer in a different office, I just need to go change the computer name on the Host entry and the next time the old computer starts up it will remove the extra software, and the new one will install it. You can also force WPKG to run by restarting the WPKG service, but I try to avoid this except when testing on my own equipment since some packages need to kill processes before the update can run.
|
|
#
¿
Mar 8, 2011 18:39
|
|
|
bear shark posted:What about WPKG? It seems like the sort of tool that fills the 60-PC niche for a very attractive price. I've been considering using MDT to automate the initial deployment, then WPKG to keep it up to date. Is that a reasonable plan? I've been using Group Policy for the more irritating items (Flash, Java) but it's only so powerful. I'm not familiar with MDT, but I'd say keep your OS deployment separate from your software installation and updating. MDT and WPKG should work very well that way, each doing what they're best at. I've been using WPKG for at least a year now for about 125 workstations and it works very well. The catch is that I'm using it on XP, and I've heard of some issues with Vista/7, mostly to do with people wanting to install updates on shutdown. Apparently Vista/7 doesn't allow any process to delay shutdown. If you're going to use it on VIsta/7, take a look at wpkg-gp too. I use Clonezilla to load a base sysprepped image that prompts for PC name and joins the domain automatically. Then one batch file to set a few local group policies like pointing to the WSUS server, and another batch to install the WPKG Client and start the service. WPKG installs everything else with only one reboot for Office 2k3. I used Unattended for a while but I'd recommend against it now. The current latest release is 4.8 from April 2009. In order to boot on recent hardware you have to get 4.9 RC4 from February 2010, and it's has a bug where you have to type in the kernel in the bootloader because someone messed it up when packaging. Development seems to be slow and small. Take a look at WPKG if you can't afford SCCM. The wiki has ready to use stuff for all the popular applications, and it's not hard to configure new installers once you understand how WPKG works. I'm happy to answer any questions about it, and their mailing list is reasonably good too.
|
|
#
¿
Apr 11, 2011 02:22
|
|
|
bear shark posted:Is WPKG suitable to perform initial deployment on a blank OS image in such a way that I can guarantee the presence and availability of packages that need to be installed? Yes, that should work fine but what about updates? Most of my experience is using WPKG Client which is just a service that runs wpkg.js as the SYSTEM user at start up, or when the service is restarted. Updates come out, I update my WPKG package definitions, test them, then copy them over to the live setup and everything gets updated the next time it starts or restarts. You can even remotely restart the WPKG service to force updates, but some updates kill running processes (like Firefox) to avoid problems. If you really need to verify what is installed you can look at the wpkg.xml that gets written to the system32 directory. I actually have a "package" defined that is "installed" every time WPKG runs and it just copies the wpkg.xml file to a network share, renamed to computername.xml. Then I can run a script against all the XML files to generate a report on which machine has what software installed. Keep in mind you'll have to decide how to want to define which machines get which software. WPKG has a package for each application, and those are grouped into profiles, and then profiles are assigned to hosts based on the Windows computer name. You can use some basic pattern matching for the hostnames, and one typical use is a catch-all default profile. If you're running 64-bit on 7 then you'll probably need to adjust some of the package definitions to account for different locations and names of things like the Program Files folder. Some definitions have the conditional logic and some don't.
|
|
#
¿
Apr 12, 2011 06:36
|
|
|
I have some Windows licensing questions. The licensing thread was archived, so I hope this is a good place for them. How do small-medium size business handle Windows licenses? I'm coming from an all XP environment with a VLK, and everything is pretty simple. We have about 100 PCs, all running XP. 75% of them have been bought about 5 at a time over the last 2-3 years, all with Vista Home or 7 Home. The other 25% are 8+ years old and will be replaced. Should we get OEM Pro licenses with the new PCs, get upgrade licenses for the rest of them, and then get the OEM licenses for any future machines? Or, should we buy the new ones with 7 Home, and get upgrade licenses for all of them? How are these licenses handled and managed compared to XP's volume license key? How would either type of license affect our ability to deploy workstations through imaging? Would we need to remember which PCs had an OEM license and go type it in off the sticker each time it was imaged? Licensing makes my head hurt, so I appreciate any advice.
|
|
#
¿
Jun 30, 2011 00:23
|
|
|
Nebulis01 posted:Why would you buy double licenses? Purchase Pro OEM licenses on your machines (it's cheaper this way) buy one VLK license for ease of installation and have at it. If you need SA then you're required to buy something that's 'upgradeable'. I forgot to mention that we qualify for the Open License for Charity too. From Dell it looks like adding 7 Pro is $45. The price we can get for the charity license w/o SA is $58. I'm just trying to figure out the pros and cons between buying 25 PCs with OEM 7 Pro, and 75 7 Pro open license for charity versus buying 25 PCs with OEM 7 Home and 100 7 Pro open license for charity. Since we'll be adding more PCs over time in the future it sounds like we might as well only get the volume licenses for the PCs we already have, and the OEM licenses for anything new. Will I need to keep track of which PCs have OEM licenses and remember to go put the license key in when it gets imaged? We're definitely getting Office through the Open License for Charity since it's dramatically cheaper. We're going to continue using WPKG to install software, including Office, so all I need from imaging is a quick way to get the base OS installed with the right drivers.
|
|
#
¿
Jun 30, 2011 17:21
|
|
|
quackquackquack posted:Trying to do imaging with mixed licenses will be a pain in the rear end. Can you go into more detail about why? How do larger businesses handle this when they buy additional new computers?
|
|
#
¿
Jun 30, 2011 21:27
|
|
|
adaz posted:You buy the absolute cheapest OEM copy of windows available for those PCs and then when you get the PCs image them with 7 enterprise or whatever you bought. Ok, so say I have 100 PCs and a volume license for 100 copies of 7 Pro. Six months later we buy 1 more PC (or 5, or 10). I call up my reseller and ask for what exactly? Can I just buy more copies that add on to this volume license whenever I need to?
|
|
#
¿
Jun 30, 2011 23:39
|
|
|
adaz posted:Typically you true up at the end of your fiscal year. Your VLK is probably good for many thousands of actual licenses, at the end of the year they'll ask you how many PCs you have and you pay that amount. So you never have to deal with it outside the true up and initial setup. Typically nowadays they also license by user not computer as well, so you can have 3 computers licensed to yourself or whatever, handy for people who have laptops. No kidding. Part of the reason I put this off for so long is how frustrating it can be to figure out what to buy. From what I read this afternoon, it sounds like you're describing the Open Value model and that makes sense for commercial businesses. The Open License for Charity only seems to have the "transactional" model, which I guess means we buy what we want when want. Thanks for the help. I'm going to bug my reseller about it.
|
|
#
¿
Jul 1, 2011 00:23
|
|
|
With WPKG we have the flash installation run when the system boots up, and it kills any browser processes just to be sure. Works fine, except for those users who never turn off or log out of their PCs.
|
|
#
¿
Jul 7, 2011 17:10
|
|
|
kapinga posted:What do you all use for managing updates on "mission critical" network accessible servers like a domain controller? That is, how do you keep such computers secure, without rebooting them for every patch Tuesday? What is the reason you don't want to reboot? Is there any way you can design around it? The main risks are services that listen for connections, people using the machine and executing code (drive-by attacks from websites) and people plugging things into it like USB flash drives. If it's only used for a specific purpose with physical access secured, you use the built-in software firewall, and turn off any unnecessary external services then it would be reasonably secure. But unpatched servers are a bad idea, so avoid doing this if at all possible.
|
|
#
¿
Jul 11, 2011 19:22
|
|
|
Noghri_ViR posted:What's everyone doing for encryption? I work for a healthcare company and we use PGP whole disk encryption but I hate the fact that it's not centrally manageable. Anything out there that does whole disk encryption that's better then PGP? Using TrueCrypt whole disk encryption here. Also not centrally managed, but free. Bitlocker is probably better but requires Win 7 Enterprise.
|
|
#
¿
Jul 22, 2011 20:52
|
|
|
Wicaeed posted:For those of you in the know for WDS & Windows 7, is it possible to have a sysprepped Win 7 image prompt the user for a CD key the first time it is deployed/run (for use with an OEM key) as opposed to specifying a KMS/MAK key at image build time? I don't know poo poo about WDS but I know MDT can do this and a million other things.
|
|
#
¿
Oct 27, 2011 18:19
|
|
|
We disabled the global search thing when it was introduced to keep Thunderbird from bloating roaming profiles:code:Exchange is coming for us and it won't be soon enough.
|
|
#
¿
Jan 9, 2012 21:11
|
|
|
Gyshall posted:Can anyone recommend a decent, simple, and hopefully Exchange/Active Directory integrated trouble ticket system for us? We are a small (15+) person firm with about 8 techs, and we need something simple to use to keep track of all our customers' issues. Outlook + Tasks ain't cuttin' it. For free? Spiceworks. There are ton of other options if you're willing to pay.
|
|
#
¿
Jan 13, 2012 01:42
|
|
|
Techsoup is the way to go for smaller places, assuming you qualify. Otherwise any reseller can get you the better prices, again assuming you qualify.
|
|
#
¿
Jan 25, 2012 18:49
|
|
|
I've been testing out WDS today. With MDT I was able to use OSDComputerName=%SerialNumber% to set the computer name to the serial number. Is that possible to do with WDS? Would running the tests in a VM cause it to fail for lack of a serial number? Right now I have the "second" XML file with "4 specialize" and Windows-Shell-Setup setting ComputerName to %SerialNumber% and the install fails at "Setup is applying system settings" with error "could not parse or process the file for pass [specialize]. The setting cannot be applied for component [Microsoft-Windows-Shell-Setup]". The XML file passed validation.
|
|
#
¿
Feb 3, 2012 01:27
|
|
|
peak debt posted:No, the %serialnumber% variable is an MDT specific thing. Thanks, I settled on WDS with an unattended domain join and a single Admin autologin to rename the PC.
|
|
#
¿
Feb 13, 2012 23:22
|
|
|
It's not automated. Maybe I'll look into it in the future, but right now the FNG can do it.
|
|
#
¿
Feb 14, 2012 01:48
|
|
|
ryo posted:If I had 10 Server 2008 boxes and 100 users, would I need 1000 CALs? Or does 1 CAL license a user to access all instances of Server 2008 in an organisation? It's 1 CAL per user (or device) regardless of how many servers. Be aware that you may need additional CALs for other services like Exchange and RDS. You may also want some alcohol to cope with the frustration of figuring out MS licensing.
|
|
#
¿
Mar 26, 2012 16:24
|
|
|
I'm trying to get Silverlight deployed in this new environment (2008 R2 and Win7 x64), but I'm not sure what I'm doing wrong. Local WSUS server has Silverlight checked under Products and Classifications. Automatic approval is set for everything (including Feature Packs) except Drivers, Service Packs and Tools for all computers. I checked under All Updates and found IE9 and two Silverlight updates were Unapproved because they need the EULA accepted. The only other unapproved updates are for the Malicious Software Removal Tool. I approved the Silverlight and IE9 updates and then manually checked for updates on a workstation and it found IE9 but not Silverlight. I can manually deploy Silverlight through WPKG but I'd rather do it through WSUS if I can.
|
|
#
¿
Jul 18, 2012 18:04
|
|
|
What is the right way to set up wireless for an enterprise windows environment? I've got a 2008 R2 domain and all Windows 7 clients. The wireless network is a few Cisco Aironet 1140s with WPA2 and a pre-shared key. The laptops are connected by logging in, selecting the SSID from the list and entering the password. The trouble is that the laptop doesn't seem to be joining the network until a user logs in. They'll get the warning about not being able to load their roaming profile. Subsequent logins work fine since it's already connected. What should I be looking at? RADIUS? 802.1X? Certificates instead of PSK?
|
|
#
¿
Aug 3, 2012 19:26
|
|
|
Thanks, that looks like just what I needed. Guest SSID is already up and running.
|
|
#
¿
Aug 3, 2012 19:45
|
|
|
I feel like I'm misunderstanding something very simple with file permissions. I have a new domain and I want to be able to use an admin account to browse through people's redirected folders and roaming profiles if needed. I already figured out the group policy that adds the Administrators group to newly created profiles but now I'm going back to the existing profiles and trying to fix them too. I've got a folder with BUILTIN\Administrators having Full Control but I can't browse it without getting the pop-up saying "You don't have permission, click Continue to add it permanently" and then it adds my specific user account with Full Control. The server is joined to the domain and I verified that Domain Admins is a member of BUILTIN\Administrators, and my admin account is a member of Domain Admins. It seems like everything is correct, but it's still not working. Any ideas?
|
|
#
¿
Aug 21, 2012 19:25
|
|
|
Thanks. Takeown.exe is giving me some trouble with recursing so it looks like I'll have to try something with powershell tomorrow.
|
|
#
¿
Aug 22, 2012 00:27
|
|
|
Cpt.Wacky posted:Thanks. Takeown.exe is giving me some trouble with recursing so it looks like I'll have to try something with powershell tomorrow. It turns out that takeown.exe has issues running over the network and craps out after a few folders. I ended up logging in to the server hosting the profiles and running these two commands: code:
|
|
#
¿
Aug 23, 2012 18:35
|
|
|
Yeah, they'll complain about not being genuine software. I believe you can use the rearms to extend it by 30 days if you still have any left.
|
|
#
¿
Aug 24, 2012 00:02
|
|
|
Has that changed recently? I swear when I was first setting it up a while ago that virtual servers didn't count and I wasn't sure about virtual 7 counting. Now I'm finding an MS page that says they all count.
|
|
#
¿
Aug 24, 2012 01:46
|
|
|
Wicaeed posted:While not technically "software", has anyone seen or heard of a script that can take a list of Dell service tags and grab a list of installed components such as CPU, Memory, HDD, etc off of the Dell website at the Dell Support Website? Spiceworks automatically creates a clickable link from the service tag that opens a new browser tab to the Dell site so it must be a fairly simple URL. You'd still have to do some page scraping to pull out the specs though.
|
|
#
¿
Sep 26, 2012 04:38
|
|
|
So I've got a problem with printers. Just about everyone has their own personal laser printer in their office. We've been setting them up on wireless so it's more convenient to install in these offices. Then we've got one group policy that pushes out all the printers on the print server to everyone. Now people are starting to complain that they don't like trying to find their own printer out of a list of 30 or more. I don't see any easy way to assign specific printers to specific people or computers without making a poo poo ton of individual GPOs, and we don't have any sensible grouping like Dept X, Y, and Z or floors 1, 2, and 3. Am I missing something here? (Besides dragging all the printers out into the parking lot and having a big bonfire.)
|
|
#
¿
Jan 28, 2013 23:11
|
|
|
Cpt.Wacky posted:So I've got a problem with printers. Just about everyone has their own personal laser printer in their office. We've been setting them up on wireless so it's more convenient to install in these offices. Then we've got one group policy that pushes out all the printers on the print server to everyone. Now people are starting to complain that they don't like trying to find their own printer out of a list of 30 or more. It turns out I was missing something. When we tried having users add their own printers before we were also migrating between Samba and AD and the add printer wizard was having a hard time quickly and consistently finding the printers on the print server. Now that we're fully moved over to AD (and I found the right-click List in Directory option) it is working smoothly. I made the change this morning and sent out an email with instructions and the tickets are rolling in already.  e: Make sure you enable Computer Config / Policies / Admin Templates / Printers / Add Printer wizard - Network scan page (Managed network) and change Number of directory printers to something big enough to cover all your printers. Cpt.Wacky fucked around with this message at 17:29 on Feb 12, 2013 |
|
#
¿
Feb 12, 2013 16:59
|
|
|
I've been downloading the MSI from http://www.skype.com/go/getskype-msi and I always uninstall before installing a new version. Other than that I just the registry settings to disable version checking and supernode.
|
|
#
¿
Feb 28, 2013 00:11
|
|
|
Docjowles posted:Yeah. Technically you can patch Adobe and Java with just group policy but it is a pain in the rear end, very fragile and will basically become your full-time job with how often those two get updated. If anyone really doesn't want to use or pay for SCCM and doesn't mind an unsupported open source solution... I've been using WPKG for a few years now to handle my software deployment and patching. First on XP with regular WPKG and now on 7 with WPKG-GP.
|
|
#
¿
May 22, 2013 17:47
|
|
|
|
| # ¿ Apr 27, 2024 00:02 |
|
|
Moey posted:A little old but seconding Meraki. Dead simple to use and not too costly either. Pick up some Z1 boxes for the remote offices and an MX60 for your main site. Meraki also does dynamic DNS so even if the remote offices are on a consumer line and their IP changes, you don't have to bat an eyelash. Do these effectively replace whatever existing router you have at the main and remote sites? Are there any ongoing costs after the initial purchase, like a subscription to their cloud management stuff?
|
|
#
¿
Jun 28, 2013 23:03
|
|