by Greg Shields
Last month’s article discussed the sometimes complex steps involved with packaging software for automated distribution. That article was rightfully titled The Art of Software Packaging because the process of finding either the right set of “silent switches” or the best “diff” can sometimes take a little slight-of-hand. Yet while packaging software to enable it to run silently requires a bit of intuition along with the ability to construct a good Google search string, once complete the rest is easy.
In this, part two of this series, let’s assume that you’ve completed the repackaging process for the software you’re interested in automatically deploying. You’ve either located the necessary silent switches or you’ve repackaged the software using “diff” tools like WinINSTALL LE. Now you need to deploy it to desktops around your environment.
Large enterprise organizations often have the staffing, the funding, and the process maturity already in place to acquire high-end systems management solutions such as Altiris or Microsoft’s System Center Configuration Manager. These enterprise-class management solutions easily enable the distribution of software to highly-targeted collections of computers with rich reporting and troubleshooting functionality already baked in. On the other hand, small IT shops rarely have the budget to purchase these tools, let alone the available time for administrators to learn their nuances.
Yet the small IT shop isn’t left completely out in the cold. A number of low-cost systems management platforms from companies like Kaseya, KBOX, Hyena, and others are quickly making names for themselves. While these platforms may not scale to the level of the enterprise solutions, their installation, maintenance, and use are designed with the small shop in mind. These tools incorporate graphical interfaces for scripting client actions, packaging and delivering software and updates, and inventorying computer hardware and software with just a few mouse clicks.
Freeware solutions are available too. Two in particular are worth looking at since both involve no added cost for the organization with an Active Directory infrastructure in-place. The first, Group Policy Software Installation, leverages Active Directory’s native Group Policy for the distribution of MSI files. The second, a freeware tool called PSExec from the former Sysinternals team, enables a slick way to remotely install software to individual machines across the network. For either of these, you’ll need a file share somewhere on your network where packages are stored and can later be accessed.
Group Policy Software Installation
Software installation using Group Policy automatically takes advantage of your existing Active Directory infrastructure. If Group Policy is successfully functioning in your network today, you’ve already got the infrastructure in place to immediately begin distributing software. The process starts with creating a new Group Policy Object (GPO) and navigating to Computer Configuration | Policies | Software Settings | Software Installation. Right-click the node and choose New | Package. In the resulting dialog box, navigate to the file share that contains your repackaged .MSI installation and select the software to be installed. Ensure that you’re connecting to your .MSI file through a commonly-accessible file share or clients may not be able to access the file share when they attempt to later install the software.
Group Policy Software Installation can only be used for installing .MSI files. It is possible to work with other types of installations using special .ZAP files that are beyond the scope of this article.
When prompted to select the deployment method, choose Assigned. Finally, apply the GPO to an Organizational Unit (OU) of computers. The next time those computers reboot, they will automatically download and install the software as part of the initial Group Policy processing during startup.
By viewing the properties of the installation, you will find a number of choices that determine how the software installation behaves and works with the targeted client systems. One configuration in particular to be aware of is under the Deployment node in the box marked Uninstall this application when it falls out of the scope of management. Be careful with selecting this box. By checking this box, any time the computer finds that it is no longer under the scope of management of this particular Group Policy the software will automatically uninstall. Although this allows for a quick reconfiguration of computers as they change OU memberships over time, it can have unexpected consequences when not properly prepared for.
Group Policy Software Installation has a number of additional properties and mechanisms for configuration other than what is described here. As an example, it is also possible to configure the software installation under User Configuration instead of Computer Configuration, a change that offers installation options to user rather than an enforced install.
For details on other ways to deploy software, see the Microsoft knowledgebase article at http://support.microsoft.com/kb/816102.
Active Directory and Group Policy are excellent ways to automatically and rapidly distribute software across large swaths of your environment when the need exists. But there are times when you need only to install software to one or two computers in the environment. Perhaps those computers are outside the scope of an existing Group Policy where software is otherwise installed. Or, perhaps installation through Group Policy isn’t behaving properly. In either case, you may find yourself occasionally in the need to install software to small numbers of computers.
Doing this through Group Policy is challenging because an individual computer object can only exist in one OU at a time. In this case, the command-line Sysinternals tool PSExec can assist. PSExec is a freeware tool that is part of the PSTools. These tools can be downloaded from http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx. Once downloaded to your local desktop you’ll need to manually copy them to a location in your computer’s path such as C:Windows.
PSExec enables the launching of processes on remote computers around your environment. For example, to launch a command prompt on a remote computer named computerName, use the syntax:
psexec computerName cmd
The msiexec.exe process is the executable used to launch all .MSI installations. Like any executable, it can be remotely launched using PSExec. Launching msiexec.exe with the right set of switches and pointing it to a commonly-accessible server share that contains a repackaged .MSI file will start an installation. Doing so with PSExec can start that installation remotely over the network. This is usually done when the user is logged out of the computer, so as not to conflict with any work being done. You can minimally accomplish this with the command:
psexec computerName “c:windowssystem32msiexec.exe” /i serverpackageSharesetup.msi
Obviously if you’ve determined that the installation requires other switches or parameters for a successful installation, add them to the simple example above. Once launched, you can use the tool PSList, also from the PSTools, to monitor the process list of the computer that is installing the software. To see a constantly-updating list of processes in order by processor use that are being run on the remote computer, use the command:
pslist computerName /s
In that list, keep an eye on the msiexec.exe process. Once its process returns to zero use of the processor, you can then have a good expectation that the software installation is complete.
About the Author
Greg Shields is an independent author, speaker, and IT consultant, as well as a Partner and Principal Technologist with Concentrated Technology. With 15 years in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft OS, remote application, systems management, and virtualization technologies. He is a Contributing Editor and columnist for TechNet Magazine and Redmond Magazine, and serves as the Series Editor for Realtime Publishers, the world’s leading provider of high-quality content for the IT market. Greg is a highly sought-after and top-ranked speaker for both live and recorded events, and is seen regularly at conferences like TechMentor Events, Microsoft Tech Ed, VMworld, and more. He is a multiple recipient of Microsoft “Most Valuable Professional” award.