Silent Install Script for Third Party Programs
In this day and age with budget concerns, etc. one wants to keep things updated, but in the cheapest manner possible. Here I put forth a script that can install third party updates (such as those for Flash, Java, Quicktime) behind the scenes with no user interaction required. As any sysadmin knows, updates can't be left to the users' discretion.
1.) Create a txt file and name it what you would like.
2.) Make sure to be viewing file extensions (Windows' Explorer window --> Organize --> Folder and search options
3.) Go to the View Tab and uncheck the box next to Hide extensions for known file types
1.) Create a txt file and name it what you would like.
2.) Make sure to be viewing file extensions (Windows' Explorer window --> Organize --> Folder and search options
3.) Go to the View Tab and uncheck the box next to Hide extensions for known file types
4.) Now you will take your file and rename it to a .cmd or .bat
5.) Now right click and choose Edit
***To get the full benefit of this script, you will want to create it on a network share accessible by the user account it will run as
6.) Inside this file follow this sample code
#Make a directory to store logs in. This way you can check to see if the install has been run previously
mkdir %systemdrive%\ITlogs
#Check to see if the .txt file exists (meaning this installer has been previously run). If so, skip to the next...
if exist %systemdrive%\ITlogs\FFflash11_5_502_146.txt goto IEFLASH
#If not, run the following installer and then output the .txt file for next run
\\server\share\deploy\FFflash.exe /install > %systemdrive%\ITlogs\FFflash11_5_502_146.txt
#Location to jump to from above if txt file for FFflash is found
:IEFLASH
#Again, check to see if this installation has been run
if exist %systemdrive%\ITlogs\IEflash11_5_502_146.txt goto FFOX
#If not, run the following installer and then output the .txt file for next run
\\server\share\deploy\IEflash.exe /install > %systemdrive%\ITlogs\IEflash11_5_502_146.txt
#Location to jump to from above if txt file for IEflash is found
:FFOX
#Again, check to see if this installation has been run
if exist %systemdrive%\ITlogs\FF18_1.txt goto END
#If not, run the following installer and then output the .txt file for next run
\\server\share\deploy\FirefoxSetup.exe -ms > %systemdrive%\ITlogs\FF18_1.txt
:END
exit
*** There are several more programs that could be scripted in this manner; Java, Adobe Reader, Adobe Shockwave, and Quicktime being among the ones that I have tried
*** When a new update is released, simply overwrite the installer with the newest one and then update the .txt file to be written out to match the new version IN ALL PORTIONS OF THE SCRIPT
Example: New Firefox 18.2 is released
1.) Copy installer for new 18.2 over the FirefoxSetup.exe
2.) Update all references for FF18_1.txt to FF18_2.txt
***The first time it won't find FF18_2.txt and will, therefore, install the update
*** You also have to keep in mind that companies change the way their commandline installs function. Such as that documented for Java in a previous post of mine.
*** Finally, one other piece of advice I can give you is to download the updates from an OS OTHER THAN WINDOWS. Especially with the Adobe products, they like to give you "online" installers that download the content each time the install is run or even disappearing installers where the executable is removed after the first install attempt.
7.) You will then want to create a scheduled task that points to the script on the share.
8.) Make sure to run it as an administrator with Highest Privileges and Whether or not the user is logged on
9.) Set it to run at Logon of Any user
10.) Point it at the script
***Final Disclaimer:
I know that there are many caveats to this system of deploying third party updates. As with any patch management solution, follow the one-some-many approach for deployment. If an install fails, you will be none-the-wiser; the .txt file will still be created. It stores the admin's account that runs the script in the registry. You have to schedule the task on all machines you want to run it; and on and on.
However, if you have no budget, this can be a good stopgap till funds can be procured for an actual appliance or patch management service such as Ninite. In my opinion, mitigation of having things patched outweighs the detractions.
Comments