Automated software deployment

[opethdisciple]

How do you guys manage automated software deployments and updates in your enterprise?

We used to use WPKG in my old company, but this will be a HUGE undertaking for a single admin of 60 odd machines.

 

[opethdisciple]

Hmm thanks guys!!

My manager suggested we use GPO. But SCCM could be a possibility if it's free.

Thanks for the Octopus recommendation too.

I'll take a look.

 

[opethdisciple]

Yea. The solution needs to be free.

Now it makes sense why my previous, manager opted for WPKG.

Our requirements don't need to be elaborate or complicated. We just need a way of rolling out updates to common applications in an automated way rather than doing everything by hand.

 

[opethdisciple]

At the moment my biggest project is to set up a WDS server and get a netbootable Win 10 image on the system.

I'm half way there. I've got the WDS server serving images over tftp. My next step is to sysprep an image.

As far as I understand it, I can set up the image exactly including apps and then sysprep it and this will become the base image I will host on the WDS server.

Of course over time the base set of applications in the image will be out of date, when a new machine boots for the first time.

Do you think GPO will work in this sort of scenario?

The applications are simple:

Chrome
Firefox
Skype
Office 2016 (will be part of image but updates handled by WSUS)
VLC
Xnview

---

As a side note, we currently have a KMS server working which activates both Win 10 and Office 2016.

I'm not concerned about Win 10, but will the KMS server still be able to activate Office 2016 if it is part of the base image I sysprep?

I'm assuming the answer is yes as the purpose of sysprep is to strip the machine of any identifying information.

 

[opethdisciple]

You can use the unattended answer file to apply a kms client key to windows and office, and activate them for you. Office will require an additional kms install on the server for office activations.

Do note that it won't activate until you get 5 Office activation requests and I think Windows activations was 25. I use a KMS emulator to make the initial requests normally as sysprep doesn't always leave you with a unique office ID.

If you need any WDS client/image unattend help, I've just finished a custom W10 Education build.

There are many different things I could use to get the next step completed.

But I was going to set up a VM install all the applications and settings and then sysprep it which will then become the base image I will deploy via WDS.

Should work.... from the videos I've been watching!

 

[opethdisciple]

ugh dont install application in an image! unless you never intend to use it again down the line as it will be horribly out of date.

Write some scripts to install the software unattended from a network share and use Runonce to call them.
It adds a bit of time to the build time of each one but as your using wds, multicasting works quite well.

Yea. I agree. But is it not better for the image to come with a base set of applications and then you can still make your calls to scripts/GPO to install/update applications?

 

[opethdisciple]

I've had a chat with one of the senior engineers here and we've decided to take out of the base image all the software that is frequently updated and only put in the stuff that is rarely changed.

That way we can manage it better via another solution.

Now I need to look at SCCM or PDG Deploy etc....

 

[opethdisciple]

Having had a discussion with my manager, it doesn't have to be free.

I guess it just needs to be the right solution for the business.

The network is only around 60 possibly 70 machines if you include the laptops.

We only need it really to keep things like Chrome, Firefox, Opera and Flash uptodate on Win 10. There is a few other bits and pieces but they aren't critical and they don't get updated often.

The other thing is any solution that takes a lot of the admin out of it for me would be good as they brought me on board to assist the current Linux admin after my initial few months where my job is to sort out their internal Office IT requirements. So the less Windows I do the more time I will have to do Linux which is my aim.

Chocolatey looks like a possibility. Haven't looked in to it yet. Also was going to look at GPO deployments too. I am the only support admin at the company at the moment so can only really process one project at a time.

 

[opethdisciple]

have you looked into MDT (Microsoft deployment toolkit)?

this effectually a free, cut down of what you get in SCCM. it sits on top of WDS and lets you run a Task sequence of actions during your deployment. this is not a patch management solution but it does add a lot of flexibility to the initial deployment setup. i use it a lot now to run scripted installs of applications. we can select what we need at deployment time and then it installs whatever is the current version.

have a look at this vid,
https://www.youtube.com/watch?v=Iv-Rc_V08-s

and this playlist as well is a good starter (same guy)
https://www.youtube.com/playlist?list=PLY27VNfjvp0XLVfTJx1tNpSb0B8xhyjF9

I am working towards finishing our first reference image now for a win 10 enterprise deployment that will end up on over 1000 machines, though just starting on ~50 this summer hopefully.

Dan

I haven't yet. I'm currently working on a WDS deployment too. I've heard MDT mentioned a bit so far. However last week I worked on setting up the WDS server and now I am working on syspreping a Win 10 image.

I'll have a look at MDT. Thanks

What I'm really looking for is a way to manage on going software deployments.

I posted this else where but no one commented. Maybe you would know:

"For those of you that run Win 10 at home you've probably come across the scenario where you initially had a local account but after adding your MS email in the Win 10 app your account sign on suddenly gets tied your email account.

As I'm on the cusp of rolling out Win 10 at work to about 60-70 machines which are all on the domain, does anyone know what will happen if the end users start adding their personal accounts to the Win 10 apps. Such as email etc....

1. Do they roam if the user changes PC?
2. What happens to the domain login when the user adds their personal account to the apps?"

 

[opethdisciple]

Thanks for the recommendations guys. I'm currently investigating PDQ deploy.

It looks easy enough, has a deploy now as well as a schedule function. And critically also has a free mode.

Comparing the free vs pro functionality I can see with the paid version you can uninstall remotely the applications.

For people that have actually used PDQ deploy how far can you go why free mode? Can you base an enterprise class deployment solution just using free mode?

I guess it's not THAT expensive to buy PDQ deploy and PDQ inventory. Both would cost £740 odd.

Unfortunately the company I work for does have tight margins so money saved is always better making free the premium choice.

 

[opethdisciple]

With the free version, the deployments are limited to 1 step rather than multiple steps, so you have to write batch files to push out, but if you're doing that then youre defeating the purpose of automated software deployment and updates.

I've used PDQ for about 5 years, nothing I dont really know about it, I use it to manage 3000 devices over 5 sites and i've lost count of the amount of installs and auto-installs is does - it's stupidly feature rich and if you tie it in with inventory, you can automate lots!

It's worth every penny

I think we will end up paying for the pro version. My manager doesn't seem to think £740 a year is too much.

It looks exactly what we are looking for.

Tell me one thing, if you push out say a Chrome update to the machines in AD.

1. If the end user is on the PC and using Chrome what will happen? Obviously we dont want it to just close the browser from under the user in order to update it.

2. What if the end machine is turned off? Will it queue and activate the deployment when the machine turns on next?

---

I didn't have time today to technically download it and go through the motions of actually using it to see how it functions. Probably something I do tomorrow or next week.