How many times has this happened to you?
It is 4:30 on a Friday afternoon and you are considering the endless possibilities that the weekend has to offer. You skipped the birthday cake in the break room during the lunch hour; instead you spent the time waiting in line at the bank. Why? Because tonight is poker night!
The clock continues its agonizing crawl to the top of the hour as you muse on David's tells. You already have the case of Heineken in your trunk. It is probably going to be too warm to drink right away, but if you put the first bottle in the freezer right when you get to Peter's...
The phone rings at your desk pulling you back into the corporate world. The clock now reads 4:34.
"Hello," you say hoping that the confusion in your tone is misconstrued as frustration at being torn away from an important project.
"This is Sally. The C.E.O. needs someone from IT to come and fix something on his computer," the voice on the phone relays.
Sally, of course. "Someone from IT" has been you, since they let Roger go 3 months ago when the accounting department decided that a Sys Admin was the same position as help desk, and that the company would be better served by cutting out the "redundancy."
"Sure Sally. What seems to be the trouble," you say in the I am just glad it was Roger tone you have learned so well.
"He says that you installed some kind of Ask thing on his computer, and now his internet doesn't work correctly," Sally says.
Oh, no. "Ask thing." Did he download the Ask Toolbar?
"Let him know that I will be right up," you say, hoping that your voice isn't trembling.
Three floors later, the chills in your spine have grown to the point of being at risk of causing a seizure. If he installed the Ask Toolbar, and wants me to get rid of it I could miss the first buy in.
Stepping out of the elevator you see Sally packing up her bag. She flashes you that smug "not my problem" smile and tells you to head on in.
When you enter Mr. Krupke's office he is seething. "How many times have I told you not to install junk on to my computer without testing it first. I need to download my tickets to Pebble Beach. I have an 8:00am tee time tomorrow!"
"Sorry sir," is all you manage to mutter while trying bring up a browser. There it is, in all of its passive aggressive glory, the Ask Toolbar.
. How could he have downloaded this? Then you see the culprit, a new weather app on his desktop, broadcasting a Sunny 82 degrees in Pebble Beach. Do you dare tell your boss how it really got installed? How many registries must you o go through while the impatient heat emanating from his breath lands stale on the back of your neck? Are you feeling faint?
Not if you have PDQ Deploy and a subscription to the package library.
Watch Lex as he easily removes the Ask Toolbar without feeling the need to cry even once.
Photo by Viri G
Admin Arsenal is excited to announce the public release 3.0 (release 2) of PDQ Deploy.
Download the latest release.
What is new in Release 2
- Improvements to database connections to prevent time outs.
- Performance improvements in console start up.
- Fixed a bug which could cause the background service to stop after a target reboot.
- Fixed a bug preventing filters from finding certain nested objects.
As always, check out our videos
for more information on how to best utilize our PDQ line of products.
If you've downloaded the new PDQ Deploy 3, you might notice that it looks a lot different than our previous versions. This past summer we thought it was high time to pull an Extreme Makeover:Software Edition. We renovated every menu, window, toolbar, icon, button and status bar we had. You may love it, you may hate it, you may really hate the all caps menu (We agree with Microsoft's design decision standard: "we determined it to be a very effective way of providing structure and emphasis to the top menu area", and in our words, the menu gets lost in the mix without it).
A floppy disk? Huh..
After redesigning about 75 icons I got to the old save.ico and noticed the object that represented it, the floppy disk. I don't know about you, but the last time I used a floppy disk was probably right before I bought my first 8 mb key chain flash drive (that's like 5 floppy disks!!). So why after most of us not using them for a better part of a decade and certain hardware companies phasing them out 15 years ago, are floppy disks the symbolic representation of one of the most prevalent verbs knowing to computing? Many explanations exist, and a few designers have made attempts to supplant the image, yet it persists, and at the same time transcends it's original meaning in an awkwardly timeless symbolic embodiment. I'd be very entertained and amused to find that in a hundred years from now, the floppy disk stands for some yet-to-be-invented nebulous method of writing data to a futuristic storage medium. Much like the phrase "riding shotgun" has replaced actually carrying a shotgun as the armed-guard front-seat passenger -- to simply describing "sitting in the front seat", the floppy may continue to follow the same course. (Although, I must admit, I'd love to careen down the canyon from Park City on an insect rampage, sitting in the front of my friend Jim's BMW convertible wielding a shotgun, if such things weren't frowned upon by the local authorities. I can't say the same about wanting to save a word document to a floppy disk for the sake of nostalgia).
Following in the tradition of using one of the worlds' most outdated storage media containers, and thinking better of changing the object to represent "Save", I decided to design a floppy logo with a subtle twist: an old, weather worn, possibly sun damaged label as if to say "I may not be around in physical form any more, but I'll always be seered in your memory".
Admin Arsenal has released PDQ Deploy 3.0. We are happy that the infighting, blaiming, and eventual crying have led to the release of a great tool for Sys Admins that need to deploy EXEs and MSIs silently.
Some of the new features include:
- An updated look with faster performance
- New OS Conditions for Windows 8.1 & 2012 R2.
- More control at the package level.
Video: PDQ Deploy 3.0 What's New
Introducing the Office 2013 OCT
To customize or install Microsoft Office 2013 silently you will want to use the Office Customization Tool (OCT).
The OCT comes with the volume and MSDN versions of Office. A quick test to see if your media will support the OCT is to verify the existence of the admin folder, which should sit at the same level as your setup.exe. If there isn't an admin folder, you will not be able to launch the OCT.
NOTE: The retail versions of Office do not support the OCT.
Video: Office 2013 Step-by-step
Launching the OCT
To start the OCT simply run the setup.exe with the argument
Modifying Your Office Installation
The OCT will open. While there are a lot of options that you can tweak, we're going to focus on just a few common changes.
Install location and organization name
This section allows you brand your Office installation to your corporate identity. The name that you add in the "Organization name" will appear as the Organization in each new document that your users create. (They can change if they wish).
Licensing and user interface -- IMPORTANT
If you use KMS, no change is necessary for this first step. Otherwise enter your volume license key.
Here is the most important change that you can make. Telling the installation to proceed silently.
1. Check the "I accept the terms in the License Agreement" checkbox.
2. Change the display level from "Full - default" to "None".
3. Check the "Suppress modal" and "No cancel" checkboxes.
Remove previous installations
By default Office wants to remove previous versions of Office. This is usually not a problem. If however you wanted to keep certain versions, like Outlook 2010, for example, this is where you would make that change.
Modify Setup properities
OK - this one has bitten a few of our users. Office likes to initiate a reboot following an install. IN OUR EXPERIENCE it is best to do a reboot following an office install, however we prefer to control the reboot ourselves. Therefore we suggest putting a reboot property value in this section.
1. Click Add.
2. Enter the Name of the property: SETUP_REBOOT
3. Enter the value: Never
NOTE: Some users have stated that not doing a reboot after the installation has caused a BSOD. Not good. We strongly recommend doing a reboot.
Set feature installation states
This will be a familiar interface if you've ever performed manual office installations. Simply select which features you want (or don't want) installed.
Save your MSP. Be sure that the file you create is saved in the same directory as your setup.exe.
You are now ready to deploy.
Your install media and the MSP file can be run from a network share, or you can use the media with a deployment tool.
A commonly requested feature for PDQ Deploy was the ability to have a list of computers that would never, ever, ever (that's one never and two ever's) receive a deployment.
It's simple to do. Target Filters is a pro mode feature of Deploy. The image above shows three exclusions. Any computer named dc01. Any computer where the computer name begins with svr and any computers in the 192.168.1.0 subnet.
Exclusion Filters in PDQ Deploy
Normally when you select the targets for a deployment you would ensure that the protected computers weren't in an included OU or PDQ Inventory collection that was targeted for the deployment. This could be tedious and opened up the possibility for an unintended installation.
To ensure that certain computers are never deployed to, use Target Filters. This is a pro mode feature in deploy.
File > Preferences > Target Filters
You simply list the hostname in the Exclude tab. (There is also an Include tab, but this will rarely if ever be used).
You can list by hostname, wildcards, and subnets.
Video Example: Using Target Filters
Remember, computers that resolve in the filter list will be excluded from any deployment. If they are listed as a target computer in a deployment they will fail.
Here are two ways to silently install Java to all the Windows computers in your company.
The first way shows the steps to create a Java deployment. The second way is for those who do not want to spend the time on each step. It involves using our pre-made Java deployment package.
Create your own Java installation
If you are using the free mode of PDQ Deploy, or if you are using pro mode but do not have a subscription to the package library, you can still create a Java installation. Just follow these steps.
1. Download the Java update from java.com.
2. The file you download will be an EXE. To get silent installations with some additional features you will need to pull the MSI from within the EXE.
To accomplish this, run the EXE on a test computer. (Just double click the EXE and move to the next step).
When the installation wizard starts, DO NOT proceed. By starting the installation wizard you have caused the Java MSI to be extracted to a special directory on you workstation.
To find this directory open your run command and type in %LOCALAPPDATA% and hit enter. This will open a window to your appdata\local directory. Go back one level and go into LocalLow. Inside this directory you'll see a subdirectory called Sun. Drill down into the Sun\Java directory until you see the jre1.7.0_25 directory. This directory contains the Java .msi and .cab files needed for the Java installation.
3. Copy the jre1.7.0_25 directory to another directory on your computer. After the copy you can cancel out of the Java install wizard that you started a minute ago.
4. Assuming you have PDQ Deploy installed (if not, you can get it here), right-click on the newly extracted Java .msi and click Deploy with PDQ Deploy.
5. Click "Run" on the open file dialog. This will open PDQ Deploy.
6. Click Step 1. In this window do the following:
Check the Include Entire Directory checkbox (under the Additional Files field).
Enter the following in the Parameters field:
JU=0 JAVAUPDATE=0 RebootYesNo=No
Your window should look somewhat similar to this.
You are now ready to deploy.
Skip all the steps - just deploy Java
If you have PDQ Deploy pro mode with an active subscription to the Package Library you can simply go to the Package Library (from within PDQ Deploy) and find the Java packages that are ready for downloading.
Lex demonstrates using the Package Library to push out Java 7 Update 25.
Killing browsers and auto-updates
ONE VERY BIG note. If you receive an error 1603 when deploying to some computers, that's a sign that the computers may have had some Java applets running. This is usually the case when they have browsers that are running.
This is a big reason that we provide pre-made Java installations for our Package Library subscribers. We add some steps like killing browsers, removing the Java scheduler, removing from Run, and disabling auto update.
If you hit errors on your deployment you may want to try adding addtional steps (pro mode required) to kill browser sessions. If you are using free mode, you would want to create a new package that calls a batch script that runs the taskkill command (free mode is limited to a single install step in each package).
Java installation errors (1603, 1618)
If you get errors (1603, 1618) then you will want to consider removing older Java entries. This is done by removing the keys in the registry. It's an involved process that sys admins love to hate.
NOTE: If you are a subscriber to the Package Library we have done this for you already in the Java ALTERNATE package (Basic subscription req'd). The ALTERNATE package goes through the registry and deletes previous entries from earlier updates to Java 7. Our users report a very high success rate when using the ALTERNATE pacakge on machines that failed to install recent Java updates. (Please use the normal Java package first. The ALTERNATE should only be used on those systems that fail).
PDQ Deploy Pro Mode & the Package Library
To use our pre-made Java packages (plus a lot of other common 3rd party apps) requires PDQ Deploy Pro Mode along with a Package Library subscription. PDQ Deploy Pro Mode is licensed per administrator, and is $249. Package Library subscriptions start at $99 (basic) and $348 (advanced).
What's new in PDQ Deploy 2.3
PDQ Deploy 2.3 was released on June 22. You can download the newest version here. If you are a pro mode user please verify that you have an active subscription or active maintenance.
- Reboot during a package installation
- Run installation as the logged on user
- New condition for testing whether a user is logged in
- New package level timeout option which will override the global
- Enable or disable specific steps in an installation (no more deleting steps only to re-add them later!)
- Advanced package library subscription now includes past versions of packages
There are more additions, but I wanted to focus on just the big ones. We crammed a lot of new features into this update.
Lex created a video which walks through some of the more visible additions to PDQ Deploy 2.3.
To see all of the new additions, simply go to the update notes in the help file (I know, I know, what's the help file). Help > Contents > Update Notes.
Every now and then you will run into a situation where Java (JRE) won't successfully deploy to a computer. This generally will happen when you attempt to apply a Java update. There can be several reasons for Java failing to install.
When you go to the Package Library in PDQ Deploy you may notice that we have an extra Java package available. A recent addition is the ALTERNATE package.
We prefer that you deploy the regular (non-alternate) Java package. However if you experience problems (such as the ol' 1603 error) when you update targets then you may need to grab the Alternate. What is the difference?
By default Java will, during an installation, attempt to uninstall previous Java versions of the same family. (i.e. Java 7 Update 17 will attempt to uninstall Java 7 Update 15 but it won't touch Java 6 since versions 6 and 7 are in different families). If Java is unable to fully uninstall a previous update then the installation will either hang or it will fail with a 1603 error.
In these cases the most common culprit is that the uninstall is not complete and there are a few remnants of the previous update that are preventing any new installations of Java.
This is where the Alternate package comes in. Deploying this package will attempt remove these remnants (registry keys) which are preventing the upgrade. After these keys are deleted the upgrade is attempted again.
The reason we recommend using the Alternate package only when it is needed is because the additonal steps we take will remove only the registry keys which are preventing the upgrade. Other items from the previous install (files and other registry components) may still exist on the target. It's just kind of a housekeeping thing. We really want Java to perform the uninstall / upgrade because we trust that it is cleaning up after itself.
We've all heard about the Adobe Zero Day vulnerability in Acrobat and Reader. Adobe has released this document describing which changes are needed to force protected view in Adobe Reader. While we wait for Adobe to release the patch we decided to follow their instructions on mitigating this vulnerability.
We've incorporated these steps into a single PDQ Deploy package. This package is available in our Package Library. In PDQ Deploy, select Package Library from the left pane. In the search field type "protected" and you'll see the entry. (If you don't see the entry, be certain that you are running PDQ Deploy 2.1 or greater and then hit F5 in your library to refresh.)
Download the free mode version of PDQ Deploy here.
The Ugly Details
If you look at section 2.2.3 of the Adobe document (mentioned above) you will find what we are looking for. One registry value to rule them all. You can enable this via a GPO but I will discuss using PDQ Deploy to push this change out to your affected computers immediately. Also, for purposes of this article I am only addressing Adobe Reader 11. The vulnerability affects Adobe Acrobat 10 and Reader 9, 10 and 11. I chose Reader 11 because it is the most recent release and also due to time contraints.
After you install PDQ Deploy, go to your Package Library node. Select the package called "Force Protected View for Adobe Reader 11". Now most of the packages you see do require a subscription. I took it upon myself to make this one available without a subscription (at least for the time being).
This package is very simple. It only calls a small batch file. When you deploy this package to target computers it will run this batch file which will, quite simply, check to see if Adobe Reader 11 has been installed and then add/modify the necessary registry value as described in the Adobe file mentioned above.
Select the downloaded package (it's under the Package folder in PDQ Deploy) and hit the Deploy... button. Select your target computers. You can manually enter the names of the computers or you can import the targets from PDQ Inventory, Active Directory, Spiceworks, etc.
If a target computer does NOT have Adobe Reader 11 then the package will fail with Error Code 2.
If you want a quick refresher on how you can deploy via PDQ Deploy, check out our youtube videos.