Deploy application using MSI package.

Posted on 2013-02-05
Last Modified: 2013-02-12

We service about 550+ users.  We need to start deploying application updates, virus patches, Flash, Java etc etc.. using MSI packages.  We have install Impero on all client machines.  Impero allow us to push application updates out to all our clients via MSI files.  

So, for example, we want to roll out the latest Java update.  We need to convert the .exe to an MSI package, we need to make sure that no user interaction is required when pushing out the MSI package, how?

I've tried using Exe to MSI converter, using the GUI mode which allows you to install the application (Java in this case) and record button presses, then it builds the MSI package.

However, no matter how many times I try it will not work.  When clicking the newly built MSI package, it just comes up with an installation applet that completes and does nothing, it does not actually load or even start the application it's meant to be installing.  e.g. it does not bring up the java window.

Can you recommend a way,

Question by:SpencerKarnovski
  • 2
LVL 40

Assisted Solution

by:Vadim Rapp
Vadim Rapp earned 500 total points
ID: 38855978
OK, here's the scoop.

The idea to distribute software by MSI packages is good.

The idea to convert setup.exe into MSI by using these automated tools is bad. The reason it's bad is because it's not real MSI, it's fake surrogate which only unpacks and launches setup.exe; then what's the point of having the MSI - you might as well simply launch setup.exe directly. All MSI advantages are lost.

There are two ways to obtain real MSI.

One is to look at the product vendor's site. Often vendors have separate setup as MSI, for corporate deployments. For example, Adobe has it for Reader and for Flash - see .

Sometimes, however, this vendor-provided MSI will be the same wrapper around the exe I mentioned above. Example: Google Chrome.

If there's none, then it's possible to convert setup.exe into true MSI, the process is called "repackaging" and usually requires high qualification and expensive tools. I personally have repackaged quite a number of products (here's one), and can assure you that this is not something that can be automated. As a sidenote, sometimes it makes sense to repackage even what software vendor has provided as MSI - here's an example of the reasons for that:

Finally, in order to deploy MSI in the active directory, you don't need any special tools, like Impero you mentioned. You can configure group policy to do it. Usually add-on deployment tools are in order to deploy not MSI, i.e. setup.exe .  setup.exe can also be deployed by using so called zap files, and by logon scripts (or machine start scripts).

Author Comment

ID: 38858586

Thanks for the information there, very informative.   I shall look into repackaging.  

The issue here is that, as a college, we have purchased the Impero application for large sum of money, thus we need to be seen using it in every regard; not just from the security stand point (basically it allows teachers to view the students desktop at any time to keep an eye on what they are doing), but from an IT operational standpoint; we need to install the latest version of Java on 500+ machines.  

You have provided good information, though,


Will leave this open for a day, just in case I have any more questions.
LVL 40

Accepted Solution

Vadim Rapp earned 500 total points
ID: 38859135
Since you mentioned in your post both security and Java:

"The Department of Homeland Security says despite some fixes to Java, it continues to recommend users disable the program in their Web browsers, because it remains vulnerable to attacks that could result in identity theft and other cyber crimes. (...) This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment."

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question