Search Amazon.com:
Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Post
  • Reply
Ifan
Feb 21, 2006
The Nice Operator from Heaven

The MSI the Adobe tool spits out is a bit retarded. Youre only allowed to install it silently. To get a progress bar going you need to open up the MSI/create a transform and change the UILevel property to 3. This allows you to use switches like /passive.

And a heads up if youre planning to deploy it to computers in use:
I was deploying CS5 through SCCM and got really confused when installation on 60% of the clients failed. It always worked fine in my test-environment.
After a bit of research and fidgeting i found out that running a browser on the computer during installation will break it. The original attended Adobe installer lets you know about this, but the generated MSI file doesnt care at all.

Adbot
ADBOT LOVES YOU

Ifan
Feb 21, 2006
The Nice Operator from Heaven

Users tend to ignore text in command prompts Also, users like to turn off command promts and other annoying boxes. This will in turn break the installation when you have multiple MSIs chained in the batch file. Im not sure how the exit-code gets passed either when using batch scripts.
From my SCCM experience i would not recommend using batch scripts except in task-sequences and other un-fuckupable things.

A hidden powershell script with a messagebox warning and a browserkill is probably better. This doesnt stop the user from actually turning on a browser during install though, so they can still break it. Maybe its possible to script the registry settings of software restriction policy to disallow users to start their browser during the install? Havent tried it, but it seems like a plausible solution.
And i can guaratee that the MSI exitcode gets passed with a powershell script if you do it the right way. This way reporting will work as intended.

Best option (if possible) is to deploy it after business hours, and make sure that no users are logged on to the workstation during installation. You might use a bit more time to get it out to everyone, but you save time not having to manually fix/create a fix script for botched installations.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

Yeah, i know batch scripts work. I just don't think it's the optimal solution if you need to turn on "allow user interaction" or if you need error-handling/failsafe for multiple commands in the same program.
It's just too easily broken and doesnt look good.

Users tend to break anything that can be broken

In the end it all depends on the situation anyway.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

I would also advise against using SCCM in a small environment for the reasons stated above. Just using SCCM is pretty time-consuming itself.
Actually making a software package, then making sure it installs properly unattended, disabling automatic updates and testing it properly might take longer than doing a manual install on 60 PCs (depending on the application), but again everything depends on the situation.

I'd recommend you to try out SCCM in a test environment (i believe there is a free trial out there). Figure out the ropes and whatnot. If you feel you need it, get it. If not, be happy that you learned something

Ifan
Feb 21, 2006
The Nice Operator from Heaven

Just to verify; Are you talking about flash player?
If so, you can:
A: Set the program to reboot the computer after its done running. No need for a task sequence.
B: Make a script that does the same thing, or better. Just remember to make sure that the script exits with the installers exitcode when it's done (so the reports will be accurate)

Installing/updating flash player without a reboot is not an issue, as long as you make sure that no dependent application is running during the install/update (Browsers come to mind). If a browser is running, windows installer will handle it by either killing the application, or waiting until the computer reboots. The latter will make the application live in a "limbo" where it's half-installed until next boot.

In my enterprise, we have no regular usage-times or maintenance windows for client computers. We can't just kill peoples browsers without a fair warning, or let them live in the aforementioned limbo.
As a result of this, i had to develop a powershell script which checks if the user is running any browsers that will make the installation want to reboot/force close.

The logic is fairly simple:
-If a browser isn't running, everything is fine and the installation/update will go silently.
-If browsers are running, a messagebox will appear, giving the user a 60 minute countdown to close any browsers. If the user closes his browser, installation/update (with progress bar) will begin immediately.
-If it times out, browsers will be forciby killed and the installation/update will begin.

The only negative side to this is that you have to turn on "allow users to interact..." in the SCCM program. A blank powershell window will be up for about 1-2 seconds, until it manages to initialize and understand that it's supposed to be hidden. Some users manage to close the window in that short time-frame, which will stop the installation and make it spit out a weird exitcode. This isn't a big problem though, since you can set the advertisement to rerun if failed.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

Cpt.Wacky posted:

With WPKG we have the flash installation run when the system boots up, and it kills any browser processes just to be sure. Works fine, except for those users who never turn off or log out of their PCs.

Yeah, thats part of our problem. People just put the laptops into sleep/hibernation and go.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

FISHMANPET posted:

That has not been my experience. Even if I run the MSI myself by double clicking it, it bombs out with a weird error...

Haven't experienced this before, but i don't use Adobes plain MSI files either. Some property is probably set to make it default to stop the installation instead of finish it after a reboot. Try enabling logging for the installation (msiexec /i "foo.msi" /qb /l*vx "C:\foo.log") and upload it somewhere for me to look at.

FISHMANPET posted:

Can you just use the .exe Flash installers?

To both of you;
I would advice against using the Adobes plain MSIs/EXE installers etc. Unless all your users have administrative rights to their workstation and actually updates their applications themselves, you will need to disable stuff like automatic updates (because it won't work) and set other default values. For the MSI file, this can be done through making a tranform file which you apply "on top" of the MSI during installation.
Check out appdeploy.com for some tips on how to do this, as it's a bit too much to explain in a single forum post.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

Megiddo posted:

Windows 7, but I don't see anything about applying a transform to disable updates. I also don't see anything obvious when looking at the MSI in Orca. Do you have a link to an appdeploy thread or page on that?

I haven't made the flash player transforms myself, so i don't have any information on exactly which settings needs to be set right now.
I'll split the transform open on Monday and let you know.

Zero VGS posted:

1) I have a lot of "All Users" shortcuts to change. Is there an app that can let me bring up all of the C$ shares from say a list of IP's and replace every instance of a file on every one of those local hard drives at once?

Group Policy preferences sounds like your best bet for this. You clearly know the drill about the CSEs for XP clients etc. I'd check the event logs and RSOP on your clients to see what goes wrong. If it isn't applying, something is probably set horribly wrong
Or you could just make a script to do it for you

Zero VGS posted:

2) A lot of crap is installed on older workstations, like uh, Lotus Notes. Is there a group policy to uninstall that garbage even if I can't find an MSI?

Find the product code (it's a GUID, should be located in HKLM\Software\Microsoft\Windows\Currentversion\Uninstall) and run msiexec /x {GUID} /qn for a silent uninstall. You can also find uninstall-strings for non-windows installer applications here aswell. Just play with the switches if you want it done silently.


Zero VGS posted:

3) Is there some kind of hardware independent XP image that I could load on every last workstation that can play nice with group policy and be completely user-proof?

There are many options here depending on what you really want to do. The easiest solution is probably to just use them as thin clients.
Any other options probably requires more work. I know that the stripped-down XP image on hirens boot CD works nice with most hardware i've come across. Maybe you could modify it/create something similar to it that suit your needs?
MDT has auto-apply driver capabilities aswell, but i haven't tried it myself.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

Had 5 minutes to check out the Adobe Flash Player transform today. Without going into too much detail, it basically switches out the files "mmc.cfg" and "settings.sol" to disable automatic updates.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

Megiddo posted:

(I'm pretty sure I'm the only one who even has Orca installed on their computer).

If you guys have the time, money and willingness to learn windows installer i'd recommend Adminstudio for customizing vendor MSIs and repackaging applications.
There's also a free edition for those who use novell zenworks or SCCM, but it's very limited in terms of functionality.

You can also find companies who will do this for you. You essentially subscribe to a catalog of applications. All applications will be delivered customized and deployment friendly. When an update comes around, they will deliver the update, and also make sure that it plays nice with any old versions installed. In theory, all you have to do is to remove the old version out of deployment, and put the new version in. I always do some testing first though.

I get the best of both worlds by having a subscription to the stuff that gets updated most frequently, and then repackage/make poo poo work/customize anything else myself.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

We use Atea. They do both the catalog stuff and they also do custom repackaging work. They do good work and know what they are doing. Can't tell you about anyone else though. You could check out the appdeploy forums, there ought to be some companies advertising there.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

zero0ne posted:

I've worked with Adminstudio, and I still prefer Wise package studio over it.

It could be because I was playing around with Symantec streaming and virtualization, but I think the interface and capture methods are so much cleaner.

I've tried Wise and didn't like it. I don't repackage much these days anyway. I mostly customize vendor MSIs or create installers from scratch. It's all about personal preferences i guess.
Also, it seems like Symantec doesn't care much about updating WPS.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

We are currently having this issue while trying to build an image;

http://blogs.technet.com/b/configmg...-windows-7.aspx

Problem is that have tried the hotfix, and i have verified that it gets applied by looking at the MSI logs. Still doesn't help.

Anyone had the same issue? Any hints?

Ifan
Feb 21, 2006
The Nice Operator from Heaven

peak debt posted:

Why aren't you installing the updates in the image before you capture it?

That's what were trying to do.
We apply a clean OS image with an unattend.xml, then set some OS and network settings, install the configmgr client, then a bunch of software and then finally an Install software updates step (updates gets pulled from the SCCM Software Updates thingy).
Finally we capture the image. This has been working for a long time, but now that we have a lot of updates it just gets stuck at "Downloading update 1 of 97 (0%)".

Reducing the amount of updates makes the build go through without issues, but that would negate the point of actually building the image because that would increase the time we use to deploy the image (we have a step for install updates in there aswell).

quackquackquack posted:

If ease of maintenance is more important that speed of machine imaging (or if you're using build+capture), having MDT install Windows Updates to Windows a source installation (instead of a WIM) can be very helpful.

That would be a workaround, yes, albeit not a good one. We build 6 images about every 3-4 months. Having to do this for every source (Win7 x64, Win7 x86 and WinXP) would be tedious and troublesome. Right now everything is fully automatic, and we intend on keeping the building process like it is. All i have to do is to add our latest software packages to the TS, boot the VM, press f12 twice and select the correct build sequence.

What I'm really out after is to know if someone has/have had the same problems and if they somehow managed to fix it. I feel i have tried everything and need some input. We have been using google-fu, and we have an ongoing case with MS premier support aswell.

Ifan fucked around with this message at Feb 16, 2012 around 22:14

Ifan
Feb 21, 2006
The Nice Operator from Heaven

spidoman posted:

Thanks for the tips.

It basically comes down to this: Management has given us an expectation that a computer can be reimaged from nothing (or broken) to ready to go with all the software that is needed in an hour and a half.

You could do it like us.
We have a base image with stuff everyone has (office 2010, frontmotion firefox, flash player etc.)

Then, during deployment drivers gets applied based on the computer model, and other software and remaining updates not in the image gets deployed based on what collection you have the computer in. Collection variables works like a charm

Software updates for imaged computers you just push out with mandatory updates based on queries. This requires that you have someone who knows how to customize/repackage/script/automate software installs, or you could subscribe to a service for the most usual crap. You still need to make a repository of deployment scripts though (or risk having a shitton of cases where $program doesn't work because the software ran during update and it won't get fully installed before a reboot).
Personally we usually pop up a dialog box that tells the user to close $program(s) (if it's running) within 90 minutes or it will get killed for them. We have had great success with this. The latest Flash Player update i deployed has ~11k succeeded clients and 31 failed.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

peak debt posted:

I have the hope that SCCM 2012 is finally automatable with Powershell instead of having to develop stuff in C# .NET

What kind of tasks are you thinking about?

Ifan
Feb 21, 2006
The Nice Operator from Heaven

MyLightyear posted:

So you are definitely applying it to the client install by modifying the task sequence?

Yes. Triple checked the MSI logs, the property gets set and the MSP transforms the MSI (I'm the resident software repackaging/deployment guy, our main image dude went on vacation so i had to take this case over). Microsoft Support confirmed it aswell by looking at some dumps.

peak debt posted:

A big plus would be the ability to add users to collections to publish software.

Ah crap, never thought of that. All of our software is on a per-machine basis to avoid licensing issues. Are you sure it isn't possible to make something that asks you the specify AD group, put all the usernames into an array and then add it to a collection? Problem then would be if the AD group changes... There must be some other functionality that lets you refresh your users group membership so that the advertisement pops up without logging on and off? I'll do a test monday if i have the time to see if that behaviour is consistent with my environment. It just sounds wrong...


quackquackquack posted:

Reminds me of a story! Another admin is screwing in SCCM, wants to deploy a new program. Accidentally scopes it to 'All Systems'. Starts pushing out, and he freaks out and deletes the advertisement.

Poor thing... That's why only me and one other guy are the only people allowed to push out stuff

Ifan fucked around with this message at Feb 17, 2012 around 23:22

Ifan
Feb 21, 2006
The Nice Operator from Heaven

An update on my issue:

Found an ok workaround to work with in the meantime, and that is to run updates first thing after the OS is installed, then another one almost at the end of the task sequence.

I've also tried alot of other stuff, but nothing that actually fixed the problem has worked.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

lol internet. posted:

Question: Do you really need to be a programmer to take advantage\learn powershell?

Nope.
I learned programming from working with powershell. I was at the same level as you, could read some code, understand a bit of what was going on etc. I needed to automate/fool proof poo poo at work. Figured out powershell was the way to go, then used a lot of google-fu to get what i wanted.
Half a year later i found myself making/modifying more and more complex poo poo.

Now i can program in "real" languages like C#. Once you have the foundation in place, it's not hard to learn new languages.

Before learning powershell i tried to learn programming many times, and failed. I wasn't motivated enough, and a lot of the stuff out there is written for people who already know the basics.
It wasn't before I had real use for it i actually managed to figure it out. Getting paid for learning it doesn't hurt either

Ifan
Feb 21, 2006
The Nice Operator from Heaven

FISHMANPET posted:

can't be silently installed.

Most software can be silently installed. You either have to repackage it or do some tweaking here and there. I'd recommend appdeploy.com for resources on how to do this (but beware it's something that can take a while to learn how to do properly). You an also get others to do it for you if have the money.

I really don't see the extra hassle of having the software baseline in a capture instead of during deployment. You still have to make the same packages. You still need the same programs. As soon as you have a good build sequence, you just need to swap out the old packages with the new ones, run a build + capture, then do some testing. When all is well, just change out the wim file that get's applied during your production imaging task sequences.

And a 55gb image :O What do you have in there? Adobe CS3 and CS5 master collection? My biggest image is 6.8gb and it has all the essential crap (Win7 x64, Flash, Java, Firefox, Office 2010, full winupdates +++) and a lot of other non-essential poo poo.

As for software/multiple collections, it depends.
We have som schools with no mandatory advertisements and have grouped their computers together based on what kind of courses they take (electronics, design, mechanical engineering etc).
For updates and other "standard" stuff, we just use some advanced queries. Over the years you will build up a repository of queries for everything you might need. Then it's just a copy paste job and some tweaking to the strings.

When it comes to different images for different hardware; why don't you just apply driver packages and/or other necessary software based on the computer model? This can be conditionally applied in a task sequence with WMI filtering.
Same is for specific software.
Is the computer a member of the _Adobe_CS_5.5_Master_Collection aswell as one of the imaging collections, it will get it installed during the task sequence. If not, it will just skip it. Check out the "Install multiple software" step in combination with collection variables.

lol internet. posted:

Am I missing something here? I see the blank OS + application install post imaging more beneficial then just a image.

As the other said, it's way faster and less points of failure if you have a proper build in place. We do both. A baseline is in the main image, everything else, well, it depends on where you are, what kind of computer it is, etc.


lol internet. posted:

Thanks, I started reading a free pdf called "Mastering Powershell" today.

Do you have any other recommendations?

Nope, sorry. Haven't read any books, not my way to learn. I need to have a task assigned to me and then i'll figure how to do it.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

quackquackquack posted:


Student labs in higher ed? Let me make some guesses: SPSS, Stata, Matlab, thelargest CS package, some stupid quasi-database program that doesn't support any form of client-server setup, GIS programs that also may or may not have a bunch of the data locally, etc.

True true... We just have different strategy for stuffs. We barely have any labs left in any of our schools. Every student gets their own laptop when they start.

quackquackquack posted:

(software packaging skills are hard to hire for in academia and smaller companies), and partially because of the support burden of a library of packaged software. In my 70ish unique title software library,

I agree. I've had to train every resource we've hired to help out with this from scratch. Nearly impossible to get anyone who knows Windows Installer/Adminstudio/Installshield from the get-go.

We currently have a library ~500 active packages over ~750 advertisements. Many of the packages have different configurations as well (different license keys, features etc). It's hell. When we have all of our school-software 100% up and running through SCCM i'll go on a consolidation rampage. 20 different Adobe CS packages? BEGONE!

quackquackquack posted:

See: AutoCAD 2009

If you have the money, get 2010 or newer. I have deployed 2010 and 2012 for 32 and 64bit without any issues through SCCM 2007.
As a workaround for 2009 you can make a script that waits for the child-processes to exit. After that, pull info on the installation exitcode and just exit the script with the same exitcode as the installer.

Update on the case with the hanging Windows Updates during capture;
MS has confirmed that the issue we're having is the same as the one fixed by the KB posted earlier. The hotfix has been verified applied, but it just doesn't fix the problem in our shop. I guess the hotfix only corrects issues related to the intel storage drivers, and not vmwares. I'm hoping that a revision will be out soon

Ifan fucked around with this message at Feb 29, 2012 around 15:27

Ifan
Feb 21, 2006
The Nice Operator from Heaven

spidoman posted:

We have a 2% threshold for errors in application deployments. We do phased deployments to avoid unforeseen errors.

Phased deployments are awesome, but a lot more work if you don't automate it. My environment is very homogenous, so i can usually do a test-run on one department and then an enterprise wide deployment (if needed).

When it comes to you stastics issue - keep it simple, stupid. In my deployment monitor script I won't send out any alerts before the software has been attempted installed on atleast 50 clients.
Depending on your environment, it won't take many minutes until you hit that anyway. Before hitting that threshold you always want to keep an eye on it before moving to doing something else. Don't waste hours coding stuff like if you have better things to do (hey, a new Java version just shipped!)

Ifan
Feb 21, 2006
The Nice Operator from Heaven

spidoman posted:


Don't let users open up browser windows during the upgrade process of Java. It messes everything up really bad.

Yes, yes it does.
Do you count everything as a failure like download failed, user canceled for non mandatory things or just error 1603s etc?

To avoid problems with browsers and Java I made a wrapper script that handles it.
It asks the user to turn off $process because $application needs to be updated. They have 90 minutes to comply, or the browser gets killed. They can postpone the update once (and it will try again in 2 days).
This works pretty well, and the users are pretty happy about it. Not having too many problems with people turning on the browser before it's finished installing.
I'm concidering using a local applocker policy to avoid this in the next version of the script.
I have tried the concept before in a deployment of Adobe CS6. Only problem is that the users turn off the computer / run out of battery before the installation finishes. The applocker policy is then stuck (because the script cant run it's unlock routine) and all browsers and office applications are unlaunchable until someone from IT fixes it.
Need some handling for this, i guess the task scheduler might be the way to go, or maybe register a WMI event subscriber.

I love this one:
http://java.com/en/download/help/error_25099.xml

Nothing can be done to avoid this untis Oracle gets their thumbs out of their asses.

Ifan fucked around with this message at Feb 7, 2013 around 08:48

Ifan
Feb 21, 2006
The Nice Operator from Heaven

We subscribe to a service which delivers the most usual applications (Flash, Java, iTunes etc.) deployment friendly within 3 days of release. It costs a bit, but a huge time saver not having to disable auto updates etc. every time a new version rolls around.

I just get an email when a new version is available on the share, and then add it to SCCM, do some light testing then deployment.

You could probably make a script that checks different websites for you every morning.

Ifan
Feb 21, 2006
The Nice Operator from Heaven

devmd01 posted:

Mind pointing me to the website?

http://services.atea.com/services_u.../appupdate.aspx

Has anyone successfully managed to get the Microsoft table (Surface/Pixelsense) working with Windows 8?
It works fine in Windows, and after some tweaking i managed to get the surface mode up and running.
It registers fingers, and clicks on the main screen in surface mode, but i can't click anything to invoke it.

Ifan fucked around with this message at Feb 7, 2013 around 18:30

Ifan
Feb 21, 2006
The Nice Operator from Heaven

Take a look at Group Policy preferences, the filtering options are great. It lets you filter mapping based on IP Range and Site name, aswell as remove the setting if it no longer applies.

Adbot
ADBOT LOVES YOU

Ifan
Feb 21, 2006
The Nice Operator from Heaven

peak debt posted:

But note that GPPs execute on logon, while location aware printing does when the laptop receives an IP address. If people carry their laptops around on standby or have to manually connect to the WLAN after logging in, GPPs won't work.

I totally forgot about how that worked since it's a couple of years since i've actually had to plan and implement anything new. Just looked it up, they process during the regular refresh aswell, but the regular interval would be way to slow for that.
Not sure if it's possible natively, but what about something that refreshes policies everytime you change site / ip range. Won't be too hard to create a service that does this from scratch.

The solution you posted looks good, but it looks like the other printer connections will be there aswell. 10 printers will give you confused users.

Another alternative would be implementing one queue for all locations, and a card-reader attached to the machine to pull your print. The drawback of this is that the user must initiate the print-job on the machine, but this increases security as it will eliminate the problem of documents printed to the wrong location.

Ifan fucked around with this message at Feb 11, 2013 around 20:31

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply