managing microsoft & “ other software ” through gpos jim pattenaude crestwood cusd #4 terry...
TRANSCRIPT
Managing Microsoft & “other software”
Through GPOs
Jim Pattenaude Crestwood CUSD #4Terry Sullivan, Shiloh CUSD #1
Non-MS Software Installation
Presentation Slides
• www.crestwood.k12.il.us/presentations• Look in the ILTCE2009 folder
OR
• www.shiloh1.us/presentations/ietc2009– Look in the ILTCE2009 folder
Non-MS Software Installation
Resource
• http://www.robvanderwoude.com/unattendedapps.php– Some examples of silent installs
• http://wpkg.org/Category:Silent_Installers
Non-MS Software Installation
Introduction
• Active Directory• Group Policy Objects• Microsoft Installer (msi)• Network install points
• Alternate ways to automate software deployment
Non-MS Software Installation
Installing Software
• Traditional• Imaging• Group Policy Objects• Scripts• Creating or finding installation
“Packages”
Non-MS Software Installation
Traditional Method
• Requires manual intervention at each machine
• Requires administrator rights• Poor control over install options• OK for small installs or “exceptions”• Poor for large-scale deployments
Non-MS Software Installation
Installing using imaging• Software can be deployed on software “images” using
software such as Symantec Ghost• Install software using “traditional” method on “build”
computer• Once all software is installed and tested for this
configuration, run Sysprep• Follow manufacturer instructions for capturing the
image and deploying to multiple systems
Non-MS Software Installation
Customizing Software Configuration
• Manual per user• Install and create custom configuration in base
“image”• Use custom command line switches to launch
the program• Use GPO templates to push out configuration
settings– Can create custom registry script to accomplish the
same thing
Non-MS Software Installation
Using Centralized Management to install
• Good way to deploy on large scale• Requires advance planning and testing• Tight control over install options• Does not require individual intervention at the
workstation• Central Management Tools
– Active Directory and GPOs• Requires .msi file• To work “easily” requires software optimized for GPO installs
– OTHER Tools
Non-MS Software Installation
.msi Files• Microsoft installer• All recent MS software includes .msi
installer files• Much 3rd party software uses .msi• Tools available to build .msi files for
apps that do not include them
Non-MS Software Installation
Network install point
• Installer and related files must be on a publicly accessible share– Needs to be a UNC share path
• Most .msi files have “administrative” install option that allows installing to a network share for mass deployment
Non-MS Software Installation
Deploying Software through GPOs
• Overview of process• Assigning vs. Publishing• Computer vs. User• Deployment Options• Transforms (.mst)
Non-MS Software Installation
Overview of process
• Create or open Group Policy Object• Determine if software installation will be by
user or computer• Locate .msi package• Determine deployment method
– Published (User only)– Assigned– Advanced (use for additional options)
• Modify properties, security, etc.
Non-MS Software Installation
Deployment Methods
• Assign• Publish• Advanced
– Choose to Assign or Publish– Set other options– Only way to specify transform (.mst) files
Non-MS Software Installation
Assign vs. Publish
• Assign– Automatically installs the software
• Publish– software can be made available, but not installed– Not available for machine-based configuration
Non-MS Software Installation
Computer vs User
• Computer can only use “Assign” option• Software deployed based on Computer is installed
upon computer boot• Software deployed based on User is installed upon
user login
Non-MS Software Installation
Transforms (.mst)
• Used to apply customization• Different .mst files can be applied in different
policies• Multiple transforms can be applied
Non-MS Software Installation
Removing software• Right-click on package and select Remove
– Option to remove immediately will remove software the next time the machine updates its policies
– Option to remove package, but leave software installed
• If option is checked to remove when app falls out of mgmt– Software will be removed when Policy is no longer
linked– Software will be removed if machine is removed from
OU where it is applied
Non-MS Software Installation
Managing Smart Software Using Smart Install Manager
• Download from – http://www2.smarttech.com/st/en-US/Support/
Downloads/Admin+tools/AdminToolsNB.htm
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Customizing your Smart Board Drivers Software Using Smart Install Manager
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
To create a new package Click on the file menu and click openBrowse to the location that you saved the MSI file.
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Follow these steps to troubleshoot why your SMART Gallery and Lesson Activity Tool kit network installation is failing.
#1 - Make sure the gallery was Downloaded from Inside Install Manager
#2 - Make sure the path was specified using a UNC path (i.e.: \\share\path\gallery“
#3 - Browse to that path and make sure the files are visible#4 - Make sure there are no $ (dollar signs) in the folder name#5 - Make sure its not too deep, 80 chars or so is fine but if the path+depth+filenames exceed 255chars it will fail
Now we know the Server side is fine, we have steps to do on the teacher side.
#1 - Make sure the Teacher can also browse to the folder where the gallery is stored.#2 - Do a manual MSI install of the software from a teacher (test) machine.To do this, you need to leverage the command:
MSIEXEC /i "\\share\path\Notebook Software.msi" TRANSFORMS="\\share\path\MYCustomMST.mst" /QB /L"LogFile.log“
You now have a detailed log of the installation, this log file contains the Gallery Setup command or in other words the end-command that reaches the PC. We need to obtain this log and compare the Gallery Setup command target source directory to the one on the actual server (make sure they match and its not a software bug basically).
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Non-MS Software Installation
Step 1 - Navigate through the options and make the changes you want! Step 2 – When you are done, select File > Save As … and save the XML file for backup purposes (we can obtain these from a network administrator and view them in technical support if errors are encounteredStep 3 – With the XML created (not necessary, but again good for technical support) we can now select File > Publish and create our MST file!
Deploy using GPOs
Non-MS Software Installation
Group Policy:Step 1 – Remove the existing versions from all machines if possible. The installer should automatically uninstall any existing version, but if we can remove it through Group Policy in advance it can be helpful.Removing Software through Group Policy
Launch your Active Directory Users and Computers, right click on the group we want to modify and select Properties. Next, select Group Policy, select the policy and pick Edit.
Non-MS Software Installation
When the Group Policy Object Editor comes up select Computer Configuration, Software Installation, right click and select New > Package.Notes: The computer configuration, changes the software on the machine before the user logs-in. What will happen is they will turn on the machine, and it will show a standard blue-loading screen saying that software is updating.When prompted browse to the MSI package and press OK.
Non-MS Software Installation
On Deploy Software, we want to select Advanced.
Non-MS Software Installation
On the first tab, name the package anything you wish. Tip: I usually add the version number in the name.Select Modifications > Add and browse to the MST file.
Non-MS Software Installation
Installing through scripts• Software that includes an automated installer, but not a
.msi file may be able to be installed using a startup or login script
• Script should check if software is already installed to prevent unnecessary processing
• Since scripts execute before user intervention is allowed, the installer must be fully automated– Looking for “SILENT INSTALL” option
• Possibly use install files (.inf or .ini for example)• Possibly use command line switches
• Can still use GPO to deploy by including script in Startup/Shutdown/Logon/Logoff policy settings
Non-MS Software Installation
Silent Install• No User Intervention• Need some way to answer all the normal
user/dialog screens– Answer file or Transform (mst)
• Some software has a silent switch– Application.exe /s
• Also look for a passive switch• Best if avoid “reboot” (check for switch)• MSI Packages
– Use “MSIEXEC.EXE” to install• Look at command line switches to modify msiexec
Non-MS Software Installation
Common Silent Switchesoptions in install packages*
• setup.exe /q• setup.exe /qn• setup.exe /silent• setup.exe /s• setup.exe /NoUserInput• setup.exe /unattended• setup.exe /CreateAnswerFile• setup.exe /quiet
Non-MS Software Installation
*Mileage may vary
• msiexec /Option <Required Parameter> [Optional Parameter]
• Install Options• </package | /i> <Product.msi>• Installs or configures a product• /a <Product.msi>• Administrative install - Installs a product on the network• /j<u|m> <Product.msi> [/t <Transform List>] [/g <Language ID>]• Advertises a product - m to all users, u to current user• </uninstall | /x> <Product.msi | ProductCode>• Uninstalls the product• Display Options• /quiet• Quiet mode, no user interaction• /passive• Unattended mode - progress bar only• /q[n|b|r|f]• Sets user interface level• n - No UI• b - Basic UI• r - Reduced UI• f - Full UI (default)• /help• Help information• Restart Options• /norestart• Do not restart after the installation is complete• /promptrestart• Prompts the user for restart if necessary• /forcerestart• Always restart the computer after installation• Logging Options• /l[i|w|e|a|r|u|c|m|o|p|v|x|+|!|*] <LogFile>• i - Status messages• w - Nonfatal warnings• e - All error messages• a - Start up of actions• r - Action-specific records• u - User requests• c - Initial UI parameters• m - Out-of-memory or fatal exit information• o - Out-of-disk-space messages• p - Terminal properties• v - Verbose output• x - Extra debugging information• + - Append to existing log file• ! - Flush each line to the log• * - Log all information, except for v and x options• /log <LogFile>• Equivalent of /l* <LogFile>• Update Options• /update <Update1.msp>[;Update2.msp]• Applies update(s)• /uninstall <PatchCodeGuid>[;Update2.msp] /package <Product.msi | ProductCode>• Remove update(s) for a product• Repair Options• /f[p|e|c|m|s|o|d|a|u|v] <Product.msi | ProductCode>• Repairs a product• p - only if file is missing• o - if file is missing or an older version is installed (default)• e - if file is missing or an equal or older version is installed• d - if file is missing or a different version is installed• c - if file is missing or checksum does not match the calculated value• a - forces all files to be reinstalled• u - all required user-specific registry entries (default)• m - all required computer-specific registry entries (default)• s - all existing shortcuts (default)• v - runs from source and recaches local package• Setting Public Properties• [PROPERTY=PropertyValue]
• Consult the Windows ® Installer SDK for additional documentation on the• command line syntax.
• Copyright © Microsoft Corporation. All rights reserved.• Portions of this software are based in part on the work of the Independent JPEG Group.
Non-MS Software Installation
Options• Standard MS Package designed for Network silent
install• Find a custom “installer package” created for the
purpose of automating network installs• Roll your own network install package• Script a silent install and use startup/logon scripts
to deploy• Manually install from, but from a central location
Non-MS Software Installation
Picasa 3.5– /S silent, and picasa launches after install– /S /L no launch after install– /S /L /L1 adds a desktop shortcut– /S /L2 no desktop shortcut, app will launch after install
• • To install Picasa 3 silently, use the following command.• picasa3-setup.exe /S /L• Note that it’s case sensitive, be sure to use capital S and capital L.
Combine it with psexec, you can do remote installation.• psexec -c \\computer_name picasa3-setup.exe /S /L
Non-MS Software Installation
Quicktime 7.4• 1. Start the Installation of the setup executable package onto a test PC, and take the two MSI files and a language transform file (e.g. 1033.mst for English) from the temp directory (it will be in one of the folders
off of temp so search for quicktime.msi to find the folder)
Changes to issript11.msi :-----------------------------
2. Remove the registry entry RunAs=InterativeUser (registry601)
Changes to QuickTime.msi :----------------------------
3. Add the property ISSETUPDRIVEN=1 to the property table. This enables the MSI to run without being launched via the setup executable
4. The vendor has written in a set directory custom action relies on INSTALLDIR being set via the commandline because it runs before costfinalise. Set this custom action to run AFTER costfinalise and this will prevent the QTCOMPONENT error seen in previous notes on this knowledgebase. This is perfectly safe because nothing else is reliant on this exact sequencing. This was an oversight of the vendor because they supply INSTALLDIR BEFORE cost finalise as a commandline option. You could do the same but by doing that you will hard code your installdir to a particular path rather than using dynamic path properties in the MSI such as [ProgramFilesFolder]
5. Place the upgrade code of the previous version into the upgrade table. To obtain this you can uninstall the previous version on a test PC, the upgrade code for this will then show up in the MSI log.
6. Remove the condition NOT ISSETUPDRIVEN from the findrelatedproducts action otherwise the upgrade will not work.
Other things you may want to include :-----------------------------------------
To preconfigure settings e.g. disable automatic updates. Configure on a test PC, take the file ALL USERS\APPLICATION DATA\APPLE COMPUTER\QUICKTIME\QUICKTIME.QTP and put this file into your package to be installed into the same location.
The quicklaunch and desktop shortcuts can be removed by dropping the relevant rows from the shortcut table.
You can disable the systray icon by modify the DWORD registry entry QTTaskRunFlags to equal 2. This can be found at HKLM\Software\Apple Computer, Inc.\Quicktime\ActiveX. You will have to do this via a deferred custom action late on in the installation rather than via the registry table because one of the custom actions will overwrite your entry to equal 0. The PC will need to be rebooted after installation for this setting to become active because the systray icon is already launched via the custom action that installed it.
To install Quicktime silently after making your changes :--------------------------------------------------
Run the following commands:
msiexec /i isscript.msi /qnmsiexec /i quicktime.msi TRANSFORMS="mytransform.mst;1033.mst" /qn Above Entry Provided on 7/8/2006 by ColinBragg
Non-MS Software Installation
Example - FireFox 3.5.5
• Grab Front Motion MSI package and “adm” templates
• http://www.frontmotion.com/Firefox/
• Expand & copy to an Admin Install Point• Use GPO – software install to deploy• Use “adm” template and GPO to configure
Non-MS Software Installation
Non-MS Software Installation
• http://www.frontmotion.com/Firefox/fmfirefox.htm
Non-MS Software Installation
Creating .msi files (roll your own)
• WinINSTALL LE– Included with Windows 2000 & Initial 2003– DISCOZ.EXE is used to build .msi
• MakeMSI– Freeware tool– http://dennisbareis.com
• Advanced Installer (free version simple project)– http://www.advancedinstaller.com/
• Epsilon Squared– Freeware tool– http://www.epsilonsquared.com/
Non-MS Software Installation
Software Install MakersCreates “appname.exe”
• My Inno Setup (Jordan Russell’s Software)
– http://isx.wintax.nl/• Advanced Installer 3.8.1 (Caphyon)
– http://www.advancedinstaller.com/
• OnDemand Software $$– Winstall & Winstall LE – 2003
• http://www.ondemandsoftware.com/PurchaseLE.asp
Non-MS Software Installation
Demonstration – Create and MSI file
• Requires “clean” system to start• Software takes a before “snapshot• Installation proceeds as typical• Software takes an after “snapshot”• All changes are recorded and stored in the .msi
package• TO USE – apply the newly created .msi file to
another machines and all the recorded changes are applied to the target system
Non-MS Software Installation
Example – IrfanView 4.00
• Roll your own Package• Copy to Network Install Point• Use GPO – Software Install
Non-MS Software Installation
Example OpenOffice 2.3.0
• OpenOffice.org– Grap package and expand– Point to MSI installer and script
“msiexec.exe”– call msiexec /qb! /i \\Srv2k3testapp\Installers\OpenOff2\
OOffice2.3InstallFiles\openofficeorg23.msi ALLUSERS=1 SELECT_WORD=0 SELECT_EXCEL=0 SELECT_POWERPOINT=0
• Run script from a ComputerOU – Startup Script
Non-MS Software Installation
Same Script but this is a VB Version for comparison
• Dim WshShell• Set WshShell = WScript.CreateObject("WScript.Shell")
• WshShell.Run ("msiexec /qb! /i msiexec /qb! /i \\Srv2k3testapp\Installers\OpenOff2\OOffice2.3InstallFiles\openofficeorg23.msi ALLUSERS=1 SELECT_WORD=0 SELECT_EXCEL=0 SELECT_POWERPOINT=0", 3, true)
• WScript.Quit()
Non-MS Software Installation
Oxygen Open Office 3
Non-MS Software Installation
---------------------------Setup---------------------------Usage:
/? : Shows this dialog. /a : Performs an administrative installation. /j[u|m] : Performs an advertising installation. /q[n] : Do not show any user interface (silent mode).
---------------------------OK ---------------------------
7zip - download
• http://www.7-zip.org/• Download 7-Zip 4.65 (2009-02-03) for Windows:• Link Type Windows Size• Download .exe 32-bit 1 MB• Download .msi x64 1 MB
Non-MS Software Installation
start /wait msiexec /qn /norestart /i openofficeorg23.msi
• Example 1 • To install OpenOffice.org with the following options • use {OOo}} as the default application for DOC, XLS and PPT files (recommended if you want to
open MS Office files with OpenOffice.org seamlessly) • use C:\Open Office as the target installation folder • install all components except for the Database module (Base) • you have to issue the following command: • start /wait msiexec /qn /norestart /i openofficeorg20.msi SELECT_WORD=1 SELECT_EXCEL=1
SELECT_POWERPOINT=1 INSTALLLOCATION="C:\Open Office" ADDLOCAL=ALL REMOVE=gm_p_Base,gm_p_Base_Bin,gm_p_Base_Help
Non-MS Software Installation
• "msiexec /qn /norestart /i %PP%\UTILITY\OPENOFFICE31\openofficeorg30.msi SELECT_WORD=1 SELECT_EXCEL=1 SELECT_POWERPOINT=1 ADDLOCAL=ALL REMOVE=gm_p_Math,gm_p_Impress,gm_p_Draw,gm_p_Base,gm_o_Quickstart,gm_o_Testtool"
Non-MS Software Installation
ISSUE: GPO processing
• Computer Configuration --> Administrative Templates --> System --> Logon --> Always wait for the network at computer startup and logon --> Enable
Non-MS Software Installation
Example – PhotoStory 3• Grab the installer from Microsoft• It is an “MSI” package but not intended for
scripted install• Point to MSI installer and script
“msiexec.exe”• Script it:
– call msiexec /i \\Srv2k3testapp\Installers\PhotoStory3\PStory.msi /quiet /passive /norestart
Non-MS Software Installation
Java 6.4 Runtime
• Download the FULL installer• Use the “/s” silent install switch
– \\Srv2k3testapp\Installers\JAVA\jre-6u4-windows-i586-p.exe /s
• Call with a script via GPO – Computer Startup Scripts
Non-MS Software Installation
ITALC - Windows• Automated installation • You can also automate iTALC-installation (especially
useful for installing a lot of clients). This is done by making a reference-installation on a client and check the option "Save installation-settings" at the end of installation. Then a file called installsettings.xml will be created in the directory which setup.exe is located in. This file can be used for installing other clients by passing the file name as a parameter the next time, e.g.
• setup installsettings.xml – http://italc.sourceforge.net/wiki/index.php?title=Installation
Non-MS Software Installation
Plan B: Manual but from central location
• Use the MSTools now owned by Microsoft
• Run as a command remotely using PSEXEC
• PSEXEC.exe @computerlist.csv –high -s -d msiexec /i \\Srv2k3testapp\Installers\PhotoStory3\PStory.msi /quiet /passive /norestart
Non-MS Software Installation
Adding ADM templates
• Find the ADM package• Copy to Server
– %systemdrive%\windows\inf• Open GPMC policy editor and ADD ADM---------------------------------------------------------• Advanced Course – can create custom adm
template files
Non-MS Software Installation
Office 2007 Compatibility Pack
• Download the Compatibility Pack Utility for Office XP-2003
• Expand with the command line to get the MSI file:– compatibilitypacksp1-kb940289-fullfile-en-us.exe
/extract:path_to_package
• Place the package in a UNC Share• Assign the package to install via GPO
Non-MS Software Installation
Resources/Ideas• OpenOffice-Enterprise
– http://openofficetechnology.com
• Sites with ideas and package managers– http://www.appdeploy.com/– http://wpkg.org/– http://intelliem.editme.com/depappswitches
Non-MS Software Installation