• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1815
  • Last Modified:

Deploy application using MSI package.

Hello.

We service about 550+ users.  We need to start deploying application updates, virus patches, Flash, Java etc etc.. using MSI packages.  We have install Impero on all client machines.  Impero allow us to push application updates out to all our clients via MSI files.  

So, for example, we want to roll out the latest Java update.  We need to convert the .exe to an MSI package, we need to make sure that no user interaction is required when pushing out the MSI package, how?

I've tried using Exe to MSI converter, using the GUI mode which allows you to install the application (Java in this case) and record button presses, then it builds the MSI package.

However, no matter how many times I try it will not work.  When clicking the newly built MSI package, it just comes up with an installation applet that completes and does nothing, it does not actually load or even start the application it's meant to be installing.  e.g. it does not bring up the java window.

Can you recommend a way,

Thanks.
0
SpencerKarnovski
Asked:
SpencerKarnovski
  • 2
2 Solutions
 
Vadim RappCommented:
OK, here's the scoop.

The idea to distribute software by MSI packages is good.

The idea to convert setup.exe into MSI by using these automated tools is bad. The reason it's bad is because it's not real MSI, it's fake surrogate which only unpacks and launches setup.exe; then what's the point of having the MSI - you might as well simply launch setup.exe directly. All MSI advantages are lost.

There are two ways to obtain real MSI.

One is to look at the product vendor's site. Often vendors have separate setup as MSI, for corporate deployments. For example, Adobe has it for Reader and for Flash - see http://www.adobe.com/products/players/flash-player-distribution.html .

Sometimes, however, this vendor-provided MSI will be the same wrapper around the exe I mentioned above. Example: Google Chrome.


If there's none, then it's possible to convert setup.exe into true MSI, the process is called "repackaging" and usually requires high qualification and expensive tools. I personally have repackaged quite a number of products (here's one), and can assure you that this is not something that can be automated. As a sidenote, sometimes it makes sense to repackage even what software vendor has provided as MSI - here's an example of the reasons for that:

http://forums.adobe.com/thread/1110633
http://forums.adobe.com/thread/1110822


Finally, in order to deploy MSI in the active directory, you don't need any special tools, like Impero you mentioned. You can configure group policy to do it. Usually add-on deployment tools are in order to deploy not MSI, i.e. setup.exe .  setup.exe can also be deployed by using so called zap files, and by logon scripts (or machine start scripts).
0
 
SpencerKarnovskiAuthor Commented:
Hello,

Thanks for the information there, very informative.   I shall look into repackaging.  

The issue here is that, as a college, we have purchased the Impero application for large sum of money, thus we need to be seen using it in every regard; not just from the security stand point (basically it allows teachers to view the students desktop at any time to keep an eye on what they are doing), but from an IT operational standpoint; we need to install the latest version of Java on 500+ machines.  

You have provided good information, though,

Thanks.

Will leave this open for a day, just in case I have any more questions.
0
 
Vadim RappCommented:
Since you mentioned in your post both security and Java:

http://www.nbcnews.com/technology/technolog/homeland-security-still-says-no-java-1B8000547

"The Department of Homeland Security says despite some fixes to Java, it continues to recommend users disable the program in their Web browsers, because it remains vulnerable to attacks that could result in identity theft and other cyber crimes. (...) This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment."
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now