Deploying the Altiris Agent through a Domain GPO

book

Article ID: 179601

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

Question
How can I deploy the Altiris Agent through a Domain GPO (Group Policy Object)?

Answer
 

The following process has been created in response to requests to deploy the Altiris 6.0 Agent via Active Directory group policies.

Note: This process no longer works after version 7.1 SP2. From 7.5 and on use the pacakge availalbe from the Agent Push page in the console...no flags or parameters required.

 

Only MSI install is supported for GPO software distribution, with no support for command line parameters. The Agent installation service requires parameters to specify which Notification Server from which to download and report to once the Agent is installed. Using a MSI transform file (*.MST) we can overcome this problem, a script has been supplied to create a MST from the original ‘AeXNSCInstSvc.msi’ file.

 

 Step 1, Create MST file:

 

Copy the Text at the end of this document into new file called ‘CreateInstallSvcTransform.js’. Use the ‘CreateInstallSvcTransform.js’ with the existing ‘AeXNSCInstSvc.msi’ file to create an MST.

 

CreateInstallSvcTransform [Install Svc Msi File] [NS hostname] [Transform file name]

 

  • [Install Svc Msi File] is the name of the install service MSI to generate a transform for, ie AeXNSCInstSvc.msi
  • [NS hostname] is the hostname of the Notification Server
  • [Transform file name] is the file name of the generated transform

Example usage: “cscript CreateInstallSvcTransform.js AeXNSCInstSvc.msi NShostname AeXNSCNSServer.mst”

 

 Step 2, Create a file share to distribute the Install Service

 

Once the transform is created it must be placed on a share to which all the target machines have access. Please see http://support.microsoft.com/default.aspx?scid=kb;EN-US;278472 for more information.

 

In our test scenario we created a file share on the Domain Controller called ‘InstSvcPackage’ and added the ‘AeXNSCInstSvc.msi’ and the ‘AeXNSCNSServer.mst’ transform file. 

 

Step 3, Create the AD Group Policy

 

Using the Active Directory Users and Computers MMC create a new OU for machines that will have the ‘AeXNSCInstSvc.msi’ deployed to them.

After the OU is created right click on the OU and select Properties from the pop-up menu.

Then select the Group Policy tab of the displayed dialog.

 

Click the New button to create a new group policy object.

After giving the GPO a useful name select it and click the Edit button to display the Group Policy Object Editor window.

Select the Computer Configuration\Software Settings\Software installation item and right to click display the pop-up menu and select New-> Package.

 

Select the msi from the share on the DC. When the Deploy software dialog appears select the ‘Advanced’ option and click OK.

Select the Modifications tab from the package properties window. Click Add and select the transform file (*.MST) to use.

To install the software at next logon select the Deployment tab and click the Assigned radio button, the Install this application at logon check box will then become enabled.

Check this checkbox to install the software at logon.

Click OK to save the options to the package.

 

 Step 4, Add machines to Target OU

 

Once this is done add/move the machines that will have the software deployed to them to the new OU with the Agent GPO applied.

 

Notes:

For Windows XP and Windows Server 2003 machines it may be necessary to set the Always wait for the network at computer startup and logon policy if the package deployment is required at logon. See http://support.microsoft.com/default.aspx?scid=kb;en-us;305293.

 

SSL and use of alternate ports for Agent / Server communications are not supported using this install process.

 

It is important to remember that the Agent install service only will be downloaded from the file share, the Agent install executable will be ‘trickle’ downloaded from the /NScap share on the Notification Server itself.

 

Contents of the ‘CreateInstallSvcTransform.js’ file

 

Save the following contents (between the <CreateInstallSvcTransform.js> tags) to a new file called ‘CreateInstallSvcTransform.js’.

 

<CreateInstallSvcTransform.js>

var msiOpenDatabaseModeReadOnly = 0;

var msiOpenDatabaseModeTransact = 1;

var msiOpenDatabaseModeDirect = 2;

var msiOpenDatabaseModeCreate = 3;

var gstrAction = "";

 

var gstrOriginalMSIFileName;

var gstrNSName;

var gstrTransformFileName;

 

if (WScript.Arguments.Count() > 0)

{

            if (WScript.Arguments(0) == "CreateTransformedMSI")

            {

                        gstrAction = "CreateTransformedMSI";        

                        if (WScript.Arguments.Count() == 3)

                        {

                                    gstrOriginalMSIFileName = WScript.Arguments(1);

                                    gstrNSName = WScript.Arguments(2);

                        }

            } 

            else if (WScript.Arguments(0) == "CreateTransform")

            {

                        gstrAction = "CreateTransform";

                        if (WScript.Arguments.Count() == 4)

                        {

                                    gstrOriginalMSIFileName = WScript.Arguments(1);

                                    gstrNSName = WScript.Arguments(2);

                                    gstrTransformFileName = WScript.Arguments(3);

                        }

            }

}

 

if (gstrAction == "")

{

            if (WScript.Arguments.Count() < 2)

            {

                        var strMsg = "Usage: CreateInstallSvcTransform [Install Svc Msi File] [NS name] [Transform file name]";           

           

                        WScript.Echo(strMsg);                      

                        WScript.Quit(1);

            }

 

            gstrOriginalMSIFileName = WScript.Arguments(0);

            gstrNSName = WScript.Arguments(1);

            gstrTransformFileName = WScript.Arguments(2);

 

            if (gstrOriginalMSIFileName == null || gstrOriginalMSIFileName.Length == 0)

            {

                        WScript.Echo("You must specify the install service MSI file.");

                        WScript.Quit(1);

            }

 

            if (gstrNSName == null || gstrNSName.Length == 0)

            {

                        WScript.Echo("You must specify the Notification Server name.");

                        WScript.Quit(1);

            }

 

            if (gstrTransformFileName == null || gstrTransformFileName.Length == 0)

            {

                        WScript.Echo("You must specify the name of the transform file.");

                        WScript.Quit(1);

            }

}

 

CreateTransform(gstrOriginalMSIFileName,gstrNSName,gstrTransformFileName,gstrAction);

 

function CreateTransform(strOriginalMSIFileName,strNSName,strTransformFileName,strAction)

{

            var objFS;       

            var strNewMSIFileName = "TransformedTemp.msi";

           

            try

            {

                        var objInstaller;

                        var objOriginalDB;

                        var objNewDB;

                        var objView;

                        objInstaller = new ActiveXObject("WindowsInstaller.Installer");

                        objFS = new ActiveXObject("Scripting.FileSystemObject");

                                               

                        if (strAction == "CreateTransformedMSI")

                        {                                                                                 

                                    objFS.CopyFile(strOriginalMSIFileName,strNewMSIFileName,true);        

                       

                                    objNewDB = objInstaller.OpenDatabase(strNewMSIFileName,msiOpenDatabaseModeDirect);

                                    SetProperty(objNewDB,"NS",strNSName);             

                                    objNewDB.Commit();

                                   

                                    return;

                        }

                        else if (strAction == "CreateTransform")

                        {

                                    var objShell = new ActiveXObject("WScript.Shell");

                                    objShell.Run("CreateInstallSvcTransform.js CreateTransformedMSI " + strOriginalMSIFileName + " " + strNSName,0,true);

                                   

                                    objNewDB = objInstaller.OpenDatabase(strNewMSIFileName,msiOpenDatabaseModeReadOnly);

                       

                                    objOriginalDB = objInstaller.OpenDatabase(strOriginalMSIFileName,msiOpenDatabaseModeReadOnly);

                       

                                    objNewDB.GenerateTransform(objOriginalDB,strTransformFileName);                                        

                                    objNewDB.CreateTransformSummaryInfo(objOriginalDB,strTransformFileName,0,0);                

                                   

                                    return;

                        }

                        else

                        {

                                    // we re-run the script in another process so that the windows installer release the MSIs so we can clean up properly

                                    var objShell = new ActiveXObject("WScript.Shell");

                                    var exitCode = objShell.Run("CreateInstallSvcTransform.js CreateTransformedMSI " + strOriginalMSIFileName + " " + strNSName,0,true);                        

                                    if (exitCode != 0)

                                    {

                                                throw "Failed to create transformed MSI file.";

                                    }                                 

                                    exitCode = objShell.Run("CreateInstallSvcTransform.js CreateTransform " + strOriginalMSIFileName + " " + strNSName + " " + strTransformFileName,0,true);                                                                       

                                    if (exitCode != 0)

                                    {

                                                throw "Failed to create transform file.";

                                    }                                 

                                   

                                    if (objFS.FileExists(strNewMSIFileName))

                                    {

                                                objFS.DeleteFile(strNewMSIFileName,true);

                                    }         

                        }                                                                                             

                        WScript.Quit(0);        

            }

            catch(e)

            {         

                        if (objFS.FileExists(strNewMSIFileName))

                        {

                                    objFS.DeleteFile(strNewMSIFileName,true);

                        }

                        if (objFS.FileExists(strTransformFileName))

                        {

                                    objFS.DeleteFile(strTransformFileName,true);

                        }

                       

                        WScript.Echo("Failed to create transform. " + e.description);

                        WScript.Quit(1);

            }

}

 

function SetProperty(objDB,strPropName,strPropValue)

{

            try

            {                                                                     

                        var bInsert = true;

                       

                        var objView = objDB.OpenView("SELECT `Value` FROM `Property` WHERE `Property`='" + strPropName + "'");

                        objView.Execute();

                        var objRecord = objView.Fetch();

                       

                        if (objRecord != null)

                        {

                                    bInsert =  false;

                        }

                        objView.Close();

                       

                        var strSql;

                       

                        if (bInsert)

                        {         

                                    strSql = "INSERT INTO `Property` (`Property`, `Value`) VALUES ('" + strPropName + "','" + strPropValue + "')";

                        }

                        else

                        {

                                    strSql = "UPDATE Property SET Property.Value ='" + strPropValue + "' WHERE Property.Property = '" + strPropName + "'";

                        }

                       

                        objView = objDB.OpenView(strSql);

                        objView.Execute();

                        objView.Close();        

                        objDB.Commit();                                                                   

            }

            catch(e)

            {

                        throw e;

            }

}

</CreateInstallSvcTransform.js>