Hi everyone,

Be Gentle i have read through a lot of this stuff so much in fact it runs together, i have a few questions about all of this. Here's my problem i need to push software across my network to multipule machines most of it is proprietarty but i need the normal push of adobe and office ect.

Im trying to learn this starting with Adobe reader. I understand how to get the MSI fromt he adobe package i have a basic familiarity with Group Policy ( although i never seem to get it to work right). I want to take that msi for adobe and deploy it silently across my network, and with all the information it all seems a little intimidating to me. I have a few questions.

1. In playing around with what i read i figured out i could make a shortcut to msiexec.exe and edit it with the name of the adobe.exe and add the trigger /qn to install silently on the machine im on, But how do i package this in such a way as to deploy it across my network using even basic Group Policy.

2. Is there a way to make the install process remove previous versions of the software to be installed?

3. I dont understand how to script or really use logon scripts, ive just never been exposed to it i believe it its moderately difficult i could learn, could anyone point me towards the tools to do this or give me basic over view.

4. Transform files (.MST) i dont understand how to make or utilize these. Once you have modified a msi im assuming that its recording the changes you made to orginal msi
in the transform file? Now once you have this how do you utilize,force, or deploy the MST? using basic methods of coarse.

I really dont understand why i cant figure this out but i would appreciate any help anyone can give me.


Thx

SGilbert
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Answered 06/13/2004 by: pjohnson
Orange Belt

Please log in to comment
0
SGilbert,

This is alot to bite off for one thread, but let's give it a try.

Adobe Acrobat, although not a bulky application, is often problematic to deploy and manage. Let's step back and get your feet wet with Office first.

Office arrives in a well formed .msi. Some very experienced software repackagers will edit .msi's on occassion for very specific problems or circumstances. For .msi's that come from Microsoft, though, no one (in their right mind) does. Only customize Microsoft .msi's by creating a transform that is to be applied to the .msi.

1. Put your Office disc in, go to a command line, change directories to the CD, and run a "setup /a" to perform an administrative installation point. You must do this to deploy it via AD / Group Policy. The prompts are very easy to follow and understand.

2. Next, download the Office Custom Installation Wizard that corresponds to the version of Office you wish to deploy. Google it to find it easily. There is a specific version for Office 2003, XP, & 2000 - don't deviate. Once installed, the wizard is very detailed but is understandable with some careful reading and occassional referencing. Use this tool to create your .mst, which is your "answer file" for how you want Office installed.

3A. DEPLOYMENT OPTION A: If you are installing from the command line, the use of an .mst is as follows:

msiexec.exe /i "path to your .msi file" TRANFORMS="path to your .mst file" /q[x]

The quotations are necessary if your path is a UNC, but using them all the time doesn't hurt. The "q" swithces at the end control the amount of user interaction. I don't know them all by heart; you should be able to look them up.

3B. DEPLOYMENT OPTION B: If you are deploying through Group Policy, you can find the steps to deploy Office silently at Windows startup in this thread:

http://itninja.com/question/distribution-message0&mpage=1&key=&anchor#828

When adding your software package to Group Policy, you will have an opportunity to apply your transform.

Now for Acrobat, using Reader as an example.

1. Download the FULL Acrobat Reader download, and make sure you don't say "yes" the the (IMO) annoying Adobe download assistant.

2. Start the installation, but don't complete it. As you begin the installation, have a window open to watch this directory: %SystemRoot%\Cache\Adobe Reader 6.0\

3. The .exe will extract into multiple files, including the base .msi file. Save everything into a folder to use for your deployment.

4. Next, download the InstallShield Tuner 6.x.x for Acrobat. Use this to create your .mst for Acrobat Reader. This tool is not as intuitive to use as the Office Custom Install Tool. Let us know if you have trouble with it.

5. The Acrobat .msi's are not well formed. This is one of those exceptions to the "don't mess with an .msi" rule I mentioned above. You will have to make at least one small modification to get it to work via Group Policy. It is somewhat technical, and is described here:

http://itninja.com/link/acrobat-reader-6.0-deployment-notes-from-the-field

There is loads of info on this page, so look for the section that deals with "UnsupportedInstallType". Again, let us know if you need additional help.

6. Deployment: Once you have completed the above steps for your Acrobat .msi, you can use the same technique you used to deploy Office, be it Group Policy or command line.

I hope this attempt at consolidating some information and you giving you a point of reference is helpful. I know it can be overwhelming when first delving into this task.

Craig --<>.
Answered 06/13/2004 by: craig16229
Third Degree Brown Belt

Please log in to comment
0
Thx for the info,

Boy this is making me feel a little inadequate, im working on the Reader deploy ( thx for the MS Office info too) I have extracted the MSI and even downloaded the Install Tuner,

Here is where I am at, Im trying to Use WinInstall LE to edit the package and add the registry keys for “no splash” and “EULA” I am experimenting with that now. I also played with the install tuner a bit but the main thing I want to accomplish it just a basic silent install I can deploy via Group Policy, which brings me to another question these .mst “transform” files that are greated, do I apply the .mst under the advanced tab while editing my package under the “Modifications” tab? I understand that Install Tuner makes a .mst file but are there other programs that do it for a variety of software? BTW I have zero VB experience so the scripting is out I guess.


I played around with a command line install using msiexec.exe and the triggers provided and it worked like a charm is there a way to deploy using this method?

I am sorry for the amount of questions, believe me I can get annoyed when people do this myself, but know that I have read a lot it just seems in this case the more I read the more confused I become on the whole subject.

Thx for all your time and consideration

SGilbert
Answered 06/14/2004 by: SGilbert
Senior Yellow Belt

Please log in to comment
0
SGilbert,

No need to apologize for all the questions. I never have all the answers myself, and this site is all about a meeting of the minds and sharing of info.

First, I believe (but I will need to double check) all the modifications you want to make to the Reader .msi can be done with the IS Tuner. Opinions will vary, but I try to avoid creating / modifying an Acrobat .mst within anything other than the Tuner tool.

As far as your question about applying the Transform to the package: yes, the modifications tab of your package is where you link the .msi to the .mst. BTW, be sure to use a UNC path to both the .msi and the .mst. If you have DFS setup on Active Directory, using a DFS path is even better. If not, don't feel you have to pile that on top of your to-do list right now.

I would make every effort to get your packages working under AD. It is not as powerful of a solution as something (very expensive) like Altiris, but the management capabilities over installing your packages via command line or login script are still tremendous.

Craig --<>.
Answered 06/14/2004 by: craig16229
Third Degree Brown Belt

Please log in to comment
0
Thx for all the help so far. Let me explain what a newb has accomplished and yet to accomplish.

Using the links provided here i used WinInstall LE to modify the Adobe Package, what i did was use some of the registry keys provided by the links, such as silent install ( well minimal no user interaction) no splash screen, no EULA. Saved that work to a network share. Then proceeded to use GPO in a "Test" OU i set the package under Computer-Software installation, and set it to assigned ( if i read correctly this will force it to install on the next reboot) i provided the UNC path for the newly created .msi ect.

Now what i didnt know is that using win2k3 you have to use the "gpupdate" command to force Group Policy update immediately, so while i was waiting on this and before i got to impatient so i searched for the command, i joined my LapTop to the test OU then i browsed to the .msi network share from my Laptop and double clicked on the .msi install
everything went perfect with no semi-silent with no splash or EULA. Next i used windows restore to take the laptop back to a before the Adobe install state ( didnt want to track down all the changed keys) forced group policy update with the "gpupdate" command rebooted the machine and gloriously it installed adobe reader on bootup, now here's the issue i cant resolve. When installed with the GPO adobe still displays the Splash screen and when i install it manually it dont. any ideas?

BTW wininstall le seems easier to use than the Tuner for a lay person anyway. everyone keeps referring to command line deploy i dont understand that can you reveal some more of what im missing.

WinInstall was real easy i just imported the msi you guys showed me how to extract. Then i went to the registry section which showed me the keys the msi will change when its installed, then i just added they keys that were on the links you guys provided. and it works great with manual install.


thx for the help so far man.

Does anyone else get headaches from trying to learn new stuff sometimes?

SGilbert
Answered 06/14/2004 by: SGilbert
Senior Yellow Belt

Please log in to comment
0
If you are finding success with WinInstall LE and like it, stick with it. I like Wise Package Studio and not WinInstall, but you will find others here who don't like Wise and will only use InstallShield.

Most important is not what tools you use, but learning the technology and techniques to build solid packages. No matter what you use, test thoroughly. Specifically: one of the best indicators of a good package is not just how it installs, but how it UNINSTALLS. Make sure to test this, including a reboot of the test machine. I have been zapped a couple of times when skipping this part, only to be greeted at a future time by a pretty blue screen with semi-understandable white text. Clean packages that uninstall cleanly come largely from having a good exception list.

Start keeping good documentation of what you do on each package. Post here when you can.

Regarding having to use gpupdate: gpupdate may appear to have done the trick, but it really has to do with a behavior of XP workstations called "Fast Logon Optimization". Windows 2000 machines are not affected. It is enabled by default on XP, but can be disabled. Here is the link where you can learn all about it:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/optim_gp.asp

Regarding the "splash screen" you see when the app deploys at bootup: could you be more descriptive about what you are seeing and when? The typical behavior is to see a message on the Windows startup splash screen that says something like "applying network settings", followed by something like "Installing Managed Software Adobe Acrobat 6 Reader". Or maybe you are talking about the splash screen when you first execute the program?

Craig --<>.
Answered 06/14/2004 by: craig16229
Third Degree Brown Belt

Please log in to comment
0
Craig,

Your so helpful, I never even thought of testing the stability of Uninstalls!!!

Man i enjoy learning things like this although i realize it can be a load on ones that already know it. Let me clear up the Splash screen i was referring too. In one of the links you provided was a registry key that dis-allowed Adobe to show its splash screen when firing up the program, which makes it a little faster ( maybe thats just perceived) on slower machines but its no biggy.

Maybe "Fast Logon Optimization" is what is causing some of my workstations to pull the update from group policy and not others, that is currently the demon im working on. i can reboot my test laptop with clean system and it will install the Group Policy from the OU that it is in like it supposed too, others will not.

Man so much to learn......

SGilbert

P.S. i just tried WinInstall because it was the first i seen and a small free download i will try Wise too.
Answered 06/15/2004 by: SGilbert
Senior Yellow Belt

Please log in to comment
0
Heh here's something funny or im thinking about wrong. After reading your link it seems to me that Fast Logon could be at the heart of my client randomly not pulling GP from the server. SO after reading i create a new GPO for my whole domain using the administrative templates/logon/ then i enable the "Always wait for the network at computer startup and logon" Great now each time a machine boots up it will wait for the Network to update its logon info ( if i read all this correctly) but um isnt this in itself a group policy? doesnt that kinda defeat the purpose, a GPO to force the clients that arent sync'ing with other GPO?

i got to be missing something. When i was reading about it and "tinkering" i found there are client refresh intervals ect. Is it possible to apply Group Policy Software to client machines without them rebooting and installing it at the forefront?


btw. i did get your semi-hidden meaning that i need to learn not just how to do it but the how and why's, ( i assume for future troubleshooting and actually learning it)


SGilbert
Answered 06/15/2004 by: SGilbert
Senior Yellow Belt

Please log in to comment
0
A couple of things to consider:

- Assigning managed apps to computers (IMO) so they install at startup is easier to setup in AD, but sometimes publishing an app to a user so they can install better suits an environment.

- Before making a change to Fast Logon, compare the network cards of the computers that seem to be lagging or un-cooperative. I have had some major problems in the past with cheaper network cards, most notably Broadcoms.

- Also, you can run a "gpresult" from the command line to see a description of exactly what policies are being applied to a troublesome workstation. Sometimes you will be suprised to find that software is not being installed because Group Policy is not being applied as you thought it was.

- Don't forget to look at your event logs; many times they will give you good clues to why software isn't being deployed.

BTW - no hidden meanings in my posts, and no need to apologize for questions. Politeness gets us everywhere. Just trying to brain dump to get you on your way. Others have done the same for me. I'm not even close to being the most knowledgeable on this forum.

Craig --<>
Answered 06/15/2004 by: craig16229
Third Degree Brown Belt

Please log in to comment
0
Hmmm,

Interesting that you draw the parallel of Nic cards as the machines that are not working correctly ive noticed so far, so happen to be Dell Machines. This for yet another useful command it says something has filtered them out, for some reason. Not sure where the conflict would be on some machines I don’t know if this practice is normal but I needed to supply a GPO to a sup group within a OU.

SO its I created a OU within an OU and applied the GPO to the sub OU and moved the computers I wanted it installed to into that same sub OU. Some worked, some didn’t, even now. Could DNS be involved ect?

You may not be the smartest here but you have certainly been the most helpful to me.

SGilbert
Answered 06/15/2004 by: SGilbert
Senior Yellow Belt

Please log in to comment
0
Since the problem is only seen on your Dells, I would investigate that further.

BTW, are the Dell workstations GX270's?

I would not think you have a DNS issue if you can get output from a gpresult from an affected workstation. If this is the case, this means that the workstation is able to read a file named gpt.ini that resides on \\your_domain_controller\SYSVOL\domain_name\Policies\{sid}\ , which is where it gets the Group Policy.



Craig --<>.
Answered 06/15/2004 by: craig16229
Third Degree Brown Belt

Please log in to comment
0
Open a command prompt and type

gpupdate /force /boot

After the system reboots it should have the latest policy available to it from the DC's

If you are still not getting the apps down then run

gpresult in a command window.

This will show you the policies that have been offered and applied to the workstation. It will also show the ones that have failed to apply. also dont forget to check the eventvwr for information on policies and also software installations.

Event Viewer is your friend :)
Answered 06/15/2004 by: MSIMaker
Second Degree Black Belt

Please log in to comment
0
Thanks for the response MSI maker.

Was that command supposed to force a reboot for the offending machines because it didnt. Nor will they pick up their GPO and they are all Dells. I moved the Adobe MSI to a remote store server so when group policy called for the file it would be on their Local Intranet ( i assume this would be how to do it) i did one of my SHop built pc's no problem i did a Dell Dimension one and it would not pull it. That seems crazy to me.


M*XI
Answered 06/16/2004 by: SGilbert
Senior Yellow Belt

Please log in to comment
0
SGilbert,

So you have machines on one particular intranet, and of those machines, the only ones that are problematic are Dells? If this is true, here is something else you can look at:

Check the speed setting on the NICs in those Dells. If they are set to auto-negotiate or full/100, you might want to try half/100 (or vice versa).


Craig --<>.
Answered 06/16/2004 by: craig16229
Third Degree Brown Belt

Please log in to comment
0
Dell has a setting in the BIOS for their NIC cards that you have to change for it to work sorrectly. We had it here at work but I dont have the setting at hand...I'll check for you tomorrow and report it back here.

We couldnt RIS machines with the default settings. So I'm pretty sure this is the problem.
Answered 06/17/2004 by: MSIMaker
Second Degree Black Belt

Please log in to comment
0
As far as I could tell the Dell setting was located under the NIC configuration in the BIOS. It look like the only settings that would be there are enable and disable, but if you scroll through the available options you can see where to turn the PXE boot rom on. Without that, you machine will not try to boot to the network. It took three technicians like 3 hours to find it here, like I said the option is quite hidden.
Answered 06/17/2004 by: cdupuis
Third Degree Green Belt

Please log in to comment
0
Only thing i found was in the boot order there was boot from Lan which im assuming would be PXE.

Thanks for all the time guys.

SGilbert
Answered 06/18/2004 by: SGilbert
Senior Yellow Belt

Please log in to comment
0
SGilbert,

I ran across something the other day that might be of interest to you; it is somewhat parallel to what you have been dealing with.

I had a Dell laptop (with a Broadcom gigabit card) that would not synchronize a home directory as it was supposed to do per Group Policy. A gpresult would show that the GP was being applied as expected.

An advisory in the event log had a GUID that pointed me to the QoS Packet Scheduler. I temporarily disabled it, and GP and synchronization started working.

Have you had a chance to test the with different settings on your cards from within Windows?

Craig --<>.
Answered 06/18/2004 by: craig16229
Third Degree Brown Belt

Please log in to comment
0
Hmmm, so packet scheduler was messing it up? Maybe i should try disabling that.

which card settings within windows were you referring too?
Answered 06/24/2004 by: SGilbert
Senior Yellow Belt

Please log in to comment
0
Answered 06/24/2004 by: MSIMaker
Second Degree Black Belt

Please log in to comment
0
SGilbert,

which card settings within windows were you referring too?

Take a look at your "Media Type" or speed setting on your network card. Auto-detect is the typical default and usually works fine, but sometimes does not. Also find out what the settings are on your switch and set your network card to match.

Craig --<>.
Answered 06/25/2004 by: craig16229
Third Degree Brown Belt

Please log in to comment
0
Hey Gilbert,
now you have to deal with 2 newbies??how do I go about testing the uninstall I just finished packaging my 1st application too(its a cots used by bond traders) and i need to know how to test the uninstall, should i just uninstall from the user pc or what??BTW, we use Altiris for deployment??
Answered 07/20/2004 by: omookin
Senior Yellow Belt

Please log in to comment
0
Hello There,
I had the same problem with my Dell Optiplex workstations (amount 250). I turned off the Auto-Negotiation on the NIC and the Switch (3Com Superstack), set the media speed to 100 M/Bit full duplex, disabled fast logon and disabled spanning tree on the switch.
C.
Answered 07/21/2004 by: chrismk
Senior Yellow Belt

Please log in to comment
0
If your machines are having issues applying GPOs at boot up then here is a solution that I had to implement. I was experiencing intermittent GPO failures due to my card negotiating the speed. Here is the KB:

Microsoft Knowledge Base Article - 239924

Add the following key to the registry:

HKLM\System\CurrentControlSet\Services\TCPIP\Parameters

Value Name: DisableDHCPMediaSense
Data Type: REG_DWORD
Value Data Range: 0, 1 (False, True) Default: 0 (False)

Set it to 1, this will disable it. What this does is when your machine is booting with this option dhcp media sense enable it will quickly verify the media, on some nics this involves dropping the connection momentarily, that is where the GPO fails. The one drawback on this is that if you unplug the network cable after disabling this feature, it will not "sense" it, therefore no "network cable is unplugged" message. I had to use it on a bunch od newer P4 Dell laptops with the broadcom 440 nic. I have not come accross it on anything else, even laptops from other manufacturers that use the same chip.
Answered 07/21/2004 by: cdupuis
Third Degree Green Belt

Please log in to comment
0
There is also a couple of other things you can try.

Remove the PC from the domain and readd it. do a gpupate and reboot.
Now move it into the right OU and reboot.
Do a gpupdate and reboot.

You should get the policy now.

Also try setting the network card speed to 100 Full instead of Auto. A few Windows XP workstations I have seen don;t handle auto very well.
Answered 07/23/2004 by: MSIMaker
Second Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity