Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Deploy application using MSI package.

Posted on 2013-02-05
Medium Priority
Last Modified: 2013-02-12

We service about 550+ users.  We need to start deploying application updates, virus patches, Flash, Java etc etc.. using MSI packages.  We have install Impero on all client machines.  Impero allow us to push application updates out to all our clients via MSI files.  

So, for example, we want to roll out the latest Java update.  We need to convert the .exe to an MSI package, we need to make sure that no user interaction is required when pushing out the MSI package, how?

I've tried using Exe to MSI converter, using the GUI mode which allows you to install the application (Java in this case) and record button presses, then it builds the MSI package.

However, no matter how many times I try it will not work.  When clicking the newly built MSI package, it just comes up with an installation applet that completes and does nothing, it does not actually load or even start the application it's meant to be installing.  e.g. it does not bring up the java window.

Can you recommend a way,

Question by:SpencerKarnovski
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 40

Assisted Solution

by:Vadim Rapp
Vadim Rapp earned 2000 total points
ID: 38855978
OK, here's the scoop.

The idea to distribute software by MSI packages is good.

The idea to convert setup.exe into MSI by using these automated tools is bad. The reason it's bad is because it's not real MSI, it's fake surrogate which only unpacks and launches setup.exe; then what's the point of having the MSI - you might as well simply launch setup.exe directly. All MSI advantages are lost.

There are two ways to obtain real MSI.

One is to look at the product vendor's site. Often vendors have separate setup as MSI, for corporate deployments. For example, Adobe has it for Reader and for Flash - see http://www.adobe.com/products/players/flash-player-distribution.html .

Sometimes, however, this vendor-provided MSI will be the same wrapper around the exe I mentioned above. Example: Google Chrome.

If there's none, then it's possible to convert setup.exe into true MSI, the process is called "repackaging" and usually requires high qualification and expensive tools. I personally have repackaged quite a number of products (here's one), and can assure you that this is not something that can be automated. As a sidenote, sometimes it makes sense to repackage even what software vendor has provided as MSI - here's an example of the reasons for that:


Finally, in order to deploy MSI in the active directory, you don't need any special tools, like Impero you mentioned. You can configure group policy to do it. Usually add-on deployment tools are in order to deploy not MSI, i.e. setup.exe .  setup.exe can also be deployed by using so called zap files, and by logon scripts (or machine start scripts).

Author Comment

ID: 38858586

Thanks for the information there, very informative.   I shall look into repackaging.  

The issue here is that, as a college, we have purchased the Impero application for large sum of money, thus we need to be seen using it in every regard; not just from the security stand point (basically it allows teachers to view the students desktop at any time to keep an eye on what they are doing), but from an IT operational standpoint; we need to install the latest version of Java on 500+ machines.  

You have provided good information, though,


Will leave this open for a day, just in case I have any more questions.
LVL 40

Accepted Solution

Vadim Rapp earned 2000 total points
ID: 38859135
Since you mentioned in your post both security and Java:


"The Department of Homeland Security says despite some fixes to Java, it continues to recommend users disable the program in their Web browsers, because it remains vulnerable to attacks that could result in identity theft and other cyber crimes. (...) This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment."

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question