Deploy Applications in Enterprise like a PRO

Hello, my name is Tomasz Gościmiński and I’m an Infrastructure Consultant at Predica. Today’s post is about the value of deployment tandem called System Center Configuration Manager and his smaller companion PowerShell App Deployment Toolkit. When both are integrated in your environment great things can happen – so let’s start…

Business Problem: Recently, Contoso experienced a number of system outages in which the Company’s core business applications shut down unexpectedly. After several days of investigation, John Snow, Contoso Infrastructure administrator, discovered that the outages were the result of a number of vulnerabilities in Enterprise Line of Business applications and users Software. Since then, it is critical for Contoso to manage lifecycle of applications:

  • initial creation and testing of application deployment;
  • updating the deployed application to a newer version;
  • update and removal of the application from computers on the production network.

To reduce unplanned downtime in the future, Contoso must find a way to ensure being always up to date and manage lifecycle of applications in a controlled manner.

Business Solution: Company IT Director decided to invest in System Center 2012 R2 Configuration Manager to support IT Department staff. He wants to ensure:

  • compliance
  • unattended deployment
  • redrawn apps
  • tracking
  • versioning
  • reporting

Business Case: Application Lifecycle – Adobe Reader example

Scenario: John is the Configuration Manager administrator at Contoso who must deploy the latest version of Adobe Reader 11 to 200 users, according to the requirements. So far Contoso corporate standard is to use Adobe Reader 10 which has few important security vulnerabilities found few days ago. John decided to redrawn Adobe Reader 10 and replace by Adobe Reader 11 in automated manner. John needs to be sure if the user is currently using Adobe Reader, so it can be safety closed by user or Configuration Manager before installation. Requirements:

  • Unattended redrawn Adobe Reader 10.0.14 and installation of Adobe Reader 11.0.09.
  • Mechanism that can defer installation by user to allow save work and proceed.
  • Mechanism to allow display of custom messages for users.
  • Mechanism should check if Adobe Reader or other specified apps are running before installation.

The following sections provide example steps for how to use Configuration Manager to create, deploy, and manage applications together with PowerShell Application Deployment Toolkit in your organization.

  • Download Adobe Reader 11.0.09 MSi
  • Extract Adobe Reader binaries
  • Download PowerShell App Deployment Toolkit
  • Prepare ConfigMgr Package Content
  • Modify PS1 to fulfil requirements
  • Prepare ConfigMgr 2012 Application
  • Prepare ConfigMgr Adobe Reader 11.0.09 Collection
  • Deployment
  • User Experience

Detailed Steps

  1. From site: http://get.adobe.com/reader/enterprise/ download Adobe Reader 11.0.09 for proper OS.
    clip_image001
  2. After download of .exe extract installation files open Command Line prompt then go to Adobe Reader download folder and execute command: AdbeRdr11009_en_US.exe -nos_o”C:\download\AR11.0.09″ -nos_ne clip_image002
    After few seconds extracted installation files are stored in C:\download\AR11.0.09 folder. We will need them to deploy app.
  3. From site: https://psappdeploytoolkit.codeplex.com/ download and extract PSAppDeployToolkit_v3.2.0.zip.
  4. From previously extracted PSAppDeployToolkit_v3.2.0.zip archive copy Toolkit folder to network share where ConfigMgr packages are stored. Rename folder Toolkit according to your needs. In example: PS Adobe Reader 11009.
    clip_image003
    Just renamed PS Adobe Reader 11009 folder contain Files folder. Copy extracted Adobe Reader binaries inside Files folder to ensure all of them are in one place ready to distribute.
    clip_image004
  5. Modify Deploy-Application.ps1 to fulfill requirements. I recommend to read Powershell App Deployment Administration Guide. In our example Deploy-Application.ps1 look as follow:

    [code lang=”powershell”]
    <#
    .SYNOPSIS
    This script performs the installation or uninstallation of an application(s).
    .DESCRIPTION
    The script is provided as a template to perform an install or uninstall of an application(s).
    The script either performs an "Install" deployment type or an "Uninstall" deployment type.
    The install deployment type is broken down in to 3 main sections/phases: Pre-Install, Install, and Post-Install.
    The script dot-sources the AppDeployToolkitMain.ps1 script which contains the logic and functions required to install or uninstall an application.
    To access the help section,
    .EXAMPLE
    Deploy-Application.ps1
    .EXAMPLE
    Deploy-Application.ps1 -DeployMode "Silent"
    .EXAMPLE
    Deploy-Application.ps1 -AllowRebootPassThru -AllowDefer
    .EXAMPLE
    Deploy-Application.ps1 Uninstall
    .PARAMETER DeploymentType
    The type of deployment to perform. [Default is "Install"]
    .PARAMETER DeployMode
    Specifies whether the installation should be run in Interactive, Silent or NonInteractive mode.
    Interactive = Default mode
    Silent = No dialogs
    NonInteractive = Very silent, i.e. no blocking apps. Noninteractive mode is automatically set if an SCCM task sequence or session 0 is detected.
    .PARAMETER AllowRebootPassThru
    Allows the 3010 return code (requires restart) to be passed back to the parent process (e.g. SCCM) if detected from an installation.
    If 3010 is passed back to SCCM a reboot prompt will be triggered.
    .PARAMETER TerminalServerMode
    Changes to user install mode and back to user execute mode for installing/uninstalling applications on Remote Destkop Session Host/Citrix servers
    .NOTES
    .LINK
    Http://psappdeploytoolkit.codeplex.com
    "#>
    Param (
    [ValidateSet("Install","Uninstall")]
    [string] $DeploymentType = "Install",
    [ValidateSet("Interactive","Silent","NonInteractive")]
    [string] $DeployMode = "Interactive",
    [switch] $AllowRebootPassThru = $false,
    [switch] $TerminalServerMode = $false
    )

    #*===============================================
    #* VARIABLE DECLARATION
    Try {
    #*===============================================

    #*===============================================
    # Variables: Application

    $appVendor = "Adobe"
    $appName = "Reader"
    $appVersion = "11.0.09"
    $appArch = ""
    $appLang = "EN"
    $appRevision = "01"
    $appScriptVersion = "1.0.0"
    $appScriptDate = "03/11/2014"
    $appScriptAuthor = "Tomasz Gosciminski"

    #*===============================================
    # Variables: Script – Do not modify this section

    $deployAppScriptFriendlyName = "Deploy Application"
    $deployAppScriptVersion = [version]"3.2.0"
    $deployAppScriptDate = "09/01/2014"
    $deployAppScriptParameters = $psBoundParameters

    # Variables: Environment
    $scriptDirectory = Split-Path -Parent $MyInvocation.MyCommand.Definition
    # Dot source the App Deploy Toolkit Functions
    ."$scriptDirectory\AppDeployToolkit\AppDeployToolkitMain.ps1"
    # Handle ServiceUI invocation
    If ($serviceUIExitCode -ne $null) { Exit-Script $serviceUIExitCode }

    #*===============================================
    #* END VARIABLE DECLARATION
    #*===============================================

    #*===============================================
    #* PRE-INSTALLATION
    If ($deploymentType -ne "uninstall") { $installPhase = "Pre-Installation"
    #*===============================================

    # Show Progress Message
    Show-InstallationProgress "Performing Pre-Install cleanup. This may take some time. Please wait…"

    # Show Welcome Message, close Internet Explorer if required, allow up to 3 deferrals, verify there is enough disk space to complete the install and persist the prompt
    Show-InstallationWelcome -CloseApps "iexplore,acrord32" -AllowDefer -DeferTimes 3 -CheckDiskSpace -PersistPrompt

    # Show Progress Message (with the default message)
    Show-InstallationProgress

    # Remove Adobe Reader
    Remove-MSIApplications "Adobe"

    #*===============================================
    #* INSTALLATION
    $installPhase = "Installation"
    #*===============================================

    Show-InstallationProgress "Installing Acrobat Reader 11.0.09. This may take some time. Please wait…"

    # Perform installation tasks here
    Execute-MSI -Action Install -Path "AcroRead.msi"

    #*===============================================
    #* POST-INSTALLATION
    $installPhase = "Post-Installation"
    #*===============================================

    # Perform post-installation tasks here

    # Display a message at the end of the install
    # Show-InstallationPrompt -Message "You can customise text to appear at the end of an install, or remove it completely for unattended installations." -ButtonRightText "Ok" -Icon Information -NoWait

    #*===============================================
    #* PRE-UNINSTALLATION
    } ElseIf ($deploymentType -eq "uninstall") { $installPhase = "Pre-Uninstallation"
    #*===============================================

    # Show Welcome Message, close Internet Explorer if required with a 60 second countdown before automatically closing
    Show-InstallationWelcome -CloseApps "iexplore, acrord32" -CloseAppsCountdown "60"

    # Show Progress Message (with the default message)
    Show-InstallationProgress

    #*===============================================
    #* UNINSTALLATION
    $installPhase = "Uninstallation"
    #*===============================================

    # Perform uninstallation tasks here

    #*===============================================
    #* POST-UNINSTALLATION
    $installPhase = "Post-Uninstallation"
    #*===============================================

    # Perform post-uninstallation tasks here

    #*===============================================
    #* END SCRIPT BODY
    } } Catch { $exceptionMessage = "$($_.Exception.Message) ($($_.ScriptStackTrace))"; If (!($appDeployToolkitName)) {Throw "Failed to dot-source AppDeployToolkitMain.ps1 – please check if the file is present in the \AppDeployToolkit folder"; Exit 1}
    Else { Write-Log "$exceptionMessage"; Show-DialogBox -Text $exceptionMessage -Icon "Stop"; Exit-Script -ExitCode 1 } } # Catch any errors in this script
    Exit-Script -ExitCode 0 # Otherwise call the Exit-Script function to perform final cleanup operations
    #*===============================================
    [/code]

  6. Now we are going to create Adobe Reader package in Application Model.
    1. Open ConfigMgr Administrative Console and go to Software Library | Overview | Application Management.
    2. Right Click Applications and choose Create Application.
    3. Check Manually specify the application information. Click Next.
    4. In General Information tab fulfill as below. Click Nextclip_image005
    5. On Application Catalog tab click Next.
    6. On Deployment Types tab click Add.
    7. In Create Deployment Type Wizard, General tab check Manually specify the deployment type information. Click Next.
    8. On General Information tab fulfill as below. Click Next.clip_image006
    9. On Content tab ensure fields are as follows:
      1. Content location: [network location of Adobe Reader package]
      2. Installation program: Deploy-Application.exe Install
      3. Uninstall program: Deploy-Application.exe Uninstall
        clip_image007
    10. On Detection Method tab click Add Clause and fulfill as follows:
      1. Settings Type: Windows Installer
      2. Product code: {AC76BA86-7AD7-1033-7B44-AB0000000001}
      3. Note: Value is provided automatically when we choose AcroRead.msi from location of Adobe Reader package.
      4. Choose This MSI product code must exist on the target system to indicate presence of this application.
    11. On User Experience tab fulfill as follows.
      1. Installation behavior: Install for system
      2. Logon requirement: Only when a user is logged on
      3. Installation program visibility: Normal
      4. Check: Allow users to view and interact with the program installation
    12. Rest of tabs leave with default options.
    13. Distribute Adobe Reader application on Distribution Point according to TechNet article: http://technet.microsoft.com/en-us/library/gg712694.aspx#BKMK_DistributeContent
  7. Create collection according to TechNet article: http://technet.microsoft.com/en-us/library/gg712295.aspx
  8. Create deployment according to TechNet article: http://technet.microsoft.com/en-us/library/gg682082.aspx
  9. Few screens from user experience
    1. There is Adobe Reader 10 icon on Desktop which will be replaced by 11.0.09. Applications of Adobe Reader and Internet Explorer are running to simulate daily user work.
      clip_image008
    2. After policy is retrieved Application Deployment Toolkit check running processes and display message accordingly. User can defer installation for later after work is done and saved or can ask PADT to help close apps. Custom message is visible at top.
      clip_image009
    3. After few dozen of seconds Adobe Reader 11 is installed and ready to go.
      clip_image010

Summary PowerShell Deployment Toolkit is a must have for every ConfigMgr Admin. Saves time and has great amount of features. And even more important …IT IS FREE! To learn more: https://psappdeploytoolkit.codeplex.com

Thank you and happy deployment! Tomasz