Posted by Shawn Anderson on Wed, Jul 27, 2011
Java 6 update 26 has been released.
Let's get the newest version of Java updated in your company through an unattended installation.
(Need to see which versions of Java are installed before starting a deployment?)
Download the most recent version of Java. (We're demonstrating update 26). Download the "Offline" version.
Similar to earlier versions of Java updates, we're going to extract the install files from the jre-6u26-windows-i586-s.exe that we downloaded. We do this by double-clicking on the exe and "starting" an install. (We will cancel the install after we grab our extracted files).
You'll see a window pop up:
Don't proceed past this window. After we get the files we need we'll cancel this installation.
Open %LOCALAPPDATA%\..\locallow\Sun and you'll see your installation directory Java. Drill into Java and then into the version directory (in this case jre1.6.0_26).
Your window address should look like this:
Go ahead and drill into the directory and you'll see the files that you need for installing Java silently.
- Data1.cab (required)
- gtapi.dll
- jre1.6.0_26.msi (required, obviously)
- lzma.dll
- OpenOffice_banner.jpg
- sp1033.MST (for customization, if desired)
I've installed Java successfully without including the gtapi.dll, lzma.dll, or the OpenOffice banner (which is just an advertisement should you proceed with the GUI installation).
If you wish to make customziations you can modify the sp1033.MST (Microsoft Transform File). Here is a post on modifying the transform. However there are a number of msi parameters that you can call to make the same customizations without the need of modifying the transform. In this example we will not be including the transform at all.
Copy the Data1.cab and jre1.6.0_26.msi to a new directory either on your console system or on a fileshare. From your new location right-click on the jre1.6._26.msi and select "Deploy with PDQ". (Don't have PDQ Deploy installed? It's free. You can get it here.)
(Right-clicking on the .exe or .msi is a nifty trick when using PDQ Deploy. This will auto create your Java installer within PDQ Deploy. All we need to do now is give it a name and provide any extra parameters, if we choose.
Give your installer a name and any parameters that you would like to use. If you choose to use the sp1033.MSP you will need to call it now in the parameters section (TRANSFORMS=sp1033.MSP).
Two popular parameters used prior to update 10 still seem to be floating around (IEXPLORE=1 and MOZILLA=1). These are deprecated effective with update 10 as Java now registers itself with every browser on the client.
One parameter that should be thought out carefully before using is the STATIC=1 parameter. This will prevent this particular version from being updated by future patches. This may be necessary if you use 3rd party applications that require a specific version of Java where the vendor has shown reluctance in releasing updated versions to match Java releases. Just be careful, one of the nice features of recent Java updates is the ability to remove previous versions of Java. This results in a cleaner installation.
After naming your installer and providing any parameters, you're ready to create the installer and then deploy to some test target machines.
By default all MSI installations are set to be silent (your users won't see the installation occur). Click save and then Deploy Now.
This will open the deployment window where you can select targets and change the admin account that will perform the installation (if necessary).
Click "Deploy Now" and your unattended silent installation will begin. If any of your systems fail you will receive an explanation (insufficient rights, target not online, target not known, etc.).
The Java installation should take only a few minutes, depending upon the number of targets that you are pushing to.
Posted by Adam Ruth on Mon, Jul 25, 2011
Photo by Cea.
An article came across my inbox the other day about Hilarious and Surprising Predictions of the Future…From the 1960s which I enjoyed very much. It brought to mind a line from the Rifftrax of Alien which I paraphrased for the title of this post. (As a side note, if you're not familiar with Rifftrax, give it a look, you'll probably really enjoy it).
It's very common to find inverted anachronisms (for want of a better term) in fiction, especially science fiction. It's not really the author's fault, they aren't psychic (no one is) so they can't be blamed for making some bad predictions. A lot of the time it's not so much a prediction that failed, but the absense of a prediction where there should have been one. For example, some I've noticed recently.
Isaac Azimov - Foundation - 1951
Nuclear power plays a major role in the book as the saviour of mankind. The loss of nuclear power is the greatest sign of the decline of civilization. Small, personal nuclear reactors are in common use and no one is aware of the dangers of radiation. People even bathe themselves in radioactive glow as a fashion statement.
Larry Niven - Protector - 1973
Tapes. Everything is on tapes. Even the daily news comes on tape.
Larry Niven and Jerry Pournelle - The Mote In God's Eye - 1974
Over 1,000 years in the future and people still need to wait to get their photos developed. Interstellar travel is perfected, but digital photography is yet to be discovered. Digital anything, really.
Dan Brown - Angels and Demons - 2000
You probably think this is going to be about the LHC or anti-matter. But it's something that isn't really an anachronism, just something I found humorous. Early in the book someone is dismayed about being underground, out of cell phone contact and can't get a "dial tone" on their phone. I thought it was just something akin to a typo until later at the Vatican when a guard tests a cell phone by turning it on and waiting for a dial tone. I don't think that Dan Brown had used a cell phone by the time he wrote the book, or his editor for that matter.
I've been thinking about why it's hard to predict the future of technology, other than the obvious fact that time only moves in one direction. I think the reason is that most future technological territory is hidden behind only a couple very specific innovations. Unless you can see what those innovations are, you can't see the miles and miles of trails running through the technological wilderness.
Take digital photography, for example. How much has technology and society been changed by this one thing? Social networks couldn't really exist without cheap cameras that can put photos online instantly. Most digital photo processing wouldn't exist without enough digital photos to make it necessary. I would argue that Google Earth couldn't exist without it, or at least not without being unrecognizable.
And digital photos couldn't exist without digital storage. So many future predictions are off because of the lack this one technology. Look at that first video in the article above. The wife at the beginning is shopping by remotely controling a camera at the store. The concept of online shopping is there, but it's so off in execution because it wasn't thought possible to store the images. A small mistake leads to large consequences.
The problem with predicting the future, as I see it, is not because it's hard to predict what's going to be invented (even though it is). But because it's even harder to predict what's going to be invented because of what's going to be invented. Not only do you have to be dealt a royal flush once, but twice to get it right.
So it makes me wonder and be excited about what's coming down the pike. In 20 years the technological landscape is going to look so different that the computer I'm typing on now will look like one of those consoles from the 1960s. It's one of the reasons that I've become such a rational optimist. The future I envision right now will look downright retro, and I welcome it.
Posted by Adam Ruth on Mon, Jul 18, 2011
If you've been using the PDQ Inventory Beta and creating your own collections you've probably run into the filters for Date & Time data. These filters have some interenting features that you will want to be aware of in order to narrow right down on the data you want.
There are two ways to enter a date filter, either by typing in the value in the box:
or by using the ... button to open an edit window:
Fixed and Relative Dates
You may have noticed in that screen shot above the Fixed and Relative options. Fixed dates are pretty self explanatory, i.e. the filter is based on a single date & time. Relative dates are where these filters get really interesting.
Filtering based on relative dates creates a "sliding window" of time that computers are either inside or outside of. These are the only type of filter that can change collection membership without a rescanning of inventory. As the window of time moves, computers are moved around collections as needed.
Getting computers not rebooted in the last 30 days or computers where the last scan is more that a certain age is a snap.
Text Format
When entering a date / time filter as text (as in the first screenshot above) there are a number of different ways to enter the values to get just what you want.
Fixed
Fixed dates and times can be entered however your system will recognize them. Any of the following below work on my Australian formatted dates:
5/3/2011
March 5, 2011
5 Mar 2011
5/3/11 5:00 pm
Relative
Relative times can be entered in two different ways. First, written out:
30 days ago
1 hour from now
30 minutes ago
The time unit can be one of Day, Hour, Minute, or Second (either singular or plural) followed by either "ago" or "from now." You are limited to a single time unit, though, so "1 hour 30 minutes" must be written as "90 minutes".
For a bit more flexibility, you can use the more compact time span expression:
3.4:13 [3 days, 4 hours, 13 minutes]
1:25:30 [1 hour, 25 minutes, 30 seconds]
The system tries to be as flexible as possible, but it should be pretty easy to determine the format to enter. As always, the pop-up editor can be used if you're not certain.
So, now that you know how to use date/time filters, go forth and create the perfect collections!
Posted by Adam Ruth on Wed, Jul 13, 2011
As many of you are already aware, we released PDQ Deploy Pro 1.4 this week. A very big thanks to all of the beta testers who provided feedback and suggestions. We were able to kill a lot of bugs, implement a few enhancements and get some great ideas for future versions.
I won't go into all of the details of what's new in 1.4, that's all available from the original beta announcement. The new features have been well received so far, and we're excited about upcoming improvements.
Where to now?
There are a number of improvements in this new version that we want to get into the free version of PDQ Deploy ASAP, particularly improvements with the user interface. The free version is getting a bit long in the tooth and could use some refreshing. After a thorough examination of our development processes we determined that it would be in everyone's interest to merge the Free and Pro versions of PDQ Deploy into one product. This application will have two modes: "Free Mode" and "Pro Mode". Enabling "Pro Mode" is just a matter of entering a product key, and we will continue to have 30-day trial keys like we do now for anyone that wants to try the Pro features.
This will have a number of advantages. It will make it easier to move up to Pro from Free as the interface will be the same and there will be no need to re-install. It will also make it faster for us to move Pro features into Free, since they only need to be built and released once. Version 1.5 will be the first "merged" version, so keep an eye out for it and let us know what features you would like to see.
Again, thank you to everyone who provided bug reports or feature ideas, it's all been a big help.
Posted by Shawn Anderson on Mon, Jul 11, 2011
I like using the IEAK for customizing deployments of Internet Explorer. After creating a customized deployment for IE9 I was somewhat flummoxed at why my installations were hanging.
Internet Explorer Needs An Update Before Installing
Only when I turned off silent installation and manually (i.e. double-click) installed IE9 using my IEAK build did I see the error:
It's frustrating that Windows doesn't throw an error to catch this missed pre-req. In one example of deploying my test install came back as successful after only 30 seconds. IE9 is pretty stream-lined (only 17MB) but it's not that fast of an installation. Of course I discovered it hadn't actually installed.
Other attempts simply saw the deployment hang. It does this because we set the depoloyments to be silent (don't want to disturb our users, afterall) but the dialog box still appears (but it's invisible) and it expects some user interaction before proceeding.
This patch is particularly picky about its reboot. You can suppress the reboot, but you will not be able to install IE9 until the workstation has been rebooted.
So, in your deployment plan for IE9, be certain to give yourself enough time to deploy KB2454826 to all your systems before pushing our IE9. This will give you plenty of time to reboot those systems without effecting users.
If you don't already use WSUS or another method for managing your Windows patches, you can deploy this patch using our free tool PDQ Deploy. (When it comes to Windows security patches, we recommend WSUS).
After installing PDQ Deploy, simply locate your downloaded patch (KB2454826) and right click on it. Select "Deploy with PDQ".
PDQ Deploy will auto-populate the installer window. Simply give it a name and save it. (By default we set this to not auto-reboot).
At this point you hit OK to save your installer. You can then deploy the installer to any number of Win7 systems that you manage. Ensure that your newly created installer is selected in the left pane and click the "Deploy Now" button. Add your target systems (manual entry, Active Directory, Import text file, AA console, etc.) and select Deploy Now. (Assuming you are logged in with the same administrative account. If not, you can specify an admin account and password in PDQ Deploy).
That's it. Your deployment should only take a moment. Remember that this patch won't take effect until the systems have been rebooted. You can use this same method with PDQ Deploy to install IE9. It's a free tool, so please give it a shot.
Check out our post on using the IEAK to customize your companies IE9 deployment.
Posted by Shawn Anderson on Fri, Jul 08, 2011
The New IEAK for IE9
Microsoft has changed the IEAK (Internet Explorer Administration Kit) a bit for Internet Explorer 9. Here is a walk through of customizing IE9 installation for your company.
- Get the IEAK for IE9
- Install the IE9 on a test system (manual installation)
- Install IEAK on the same system.
- Run the IEAK and make the desired changes.
- Deploy IE9
Steps 2 and 3 are very closely tied together. You need to already have IE9 installed on the computer running IEAK. In fact, if your organization requires proxy servers and other intranet options, get these configured first on your computer. You can then automatically use them in your custom build.
If yo
u attempt to run the IEAK without IE9 being installed you'll get this little love-note.
After installing IE9, start the IEAK and you'll get a series of questions.
Choose a method on how you plan on deploying IE9. You will probably need to select the third option, "Internal Distribution via a Corporate Intranet".
You'll notice the change here from earlier versions of the IEAK where you selected the areas you wanted to change. The first portion is to walk through the wizard. If you wanted to see all of your available categories in the left pane, you'll need to complete the wizard and then open the IEAK Profile Manager (installs with the IEAK).
For right now let's just focus on the wizard. It will make things easier for most of the IEAK customers.
You'll be asked to select which sections you wish to have the wizard walk you through. Remember, you can change these sections manually using the IEAK Profile Manager at a later time.
This next step simply verifies that your installed IE9 version is up to date. If it's not, you'll need to syncronize.
After you syncronize you'll be able to proceed.
The next step is an important one for many users, namely the ability to prevent the IE9 installation from automatically downloading IE9 patches during the installation. If you use WSUS or other applications for patching, you'll want to uncheck this option.
User Experience
Select how you wish to deploy IE9. Most of the time you will choose a "Completely Silent Installation" and "No restart" to suppress the required reboot after installation.
One of the more common customizations made in IEAK is the ability to brand your company or department name. Another common option is to add the help desk phone number to this section.
Browser User Interface
Other options include choosing a home page. You'll notice that Microsoft has a default entry. I usually (and by usually I mean always) whack that entry. If you have a corporate intranet site you can list it here. If your company is experiencing tough economic times, you can always put dice.com or monster.com as the default home page.
Important URL's
Search Providers
If your users prefer a search engine (or if you prefer one for them) then you can select which will be the default in this section. Click "import".
If you don't see Google (and you want to add it) then select "Add" and enter the following info:
There have been some reports in other IE groups that the search providers section is a little spotty, so be sure to check that your preferred selection made it through. Usually the issues are revolving around the favicon for Google (the little icon that identifies or defines a webbrowser in the search field.)
Avoid Clutter
I like to whack any default "favorite" links provided by Microsoft. I think it helps declutter. If you wanted to do the same, it's under the "Browsing Options" section.
Additional Settings
You can make any other changes in the Additional Settings section. Remember, you can always start up the IEAK Profile Manager to modify these settings after you have created your profile.
When the wizard completes go ahead and finish it up. You'll have two directories created; FLAT and INS. If you wish to modify your settings you'll need to open the IEAK Profile Manager and point it to the .ins file in the INS directory.
For deployments you can just use the stand alone installations in FLAT (you have a choice of .msi or .exe).
If you have tips on IEAK customizations that work for your organization please let us know.
NOTE: Remember that there are prerequisites to pushing IE9 to your Win7 and Vista systems. Here is our blog post about the IE9 requirement. This pre-req is particuarly frustrating because if you attempt to push IE9 to a system that doesn't meet the requirements it will either return successful after about 30 seconds, or it will hang indefinately.
Posted by Shane Corellian on Thu, Jul 07, 2011
Photo by MJTR Photostream
- Replace your complaining time with actually improving your Sys Admin skills. You'll thank me later.
- Outsourcing is like beer: You get what you pay for*
- *Except for that time you bought a $13 beer PBR
- I am an admin who has never seen one episode of Dr. Who
- I am the same admin who knows that any tech question can be sufficiently answered by quoting Monty Python
- Sometimes I secretly wish I was the Del key on your laptop
- If your last tweet detailed what you had for lunch then I don't want to know you
- If your last tweet detailed what you had for lunch while you were deploying Windows 7 Service Pack 1 to 125 computers then I definitely want to know you.
- I don't want to hear about your dream**
- ** Especially if I appeared in or around it
- I usually spend a few moments in silence after hearing someone tell me about a technical problem that they are experiencing. The silence comes across as "hey, this guy is thinking about a solution" but in reality I'm searching for an appropriate Mencken quote.
- My step-father would actually read Mary Worth. No, I'm not kidding.
- Spending 7 straight hours troubleshooting WMI security issues will breeze by with a little technical assistance from Ouzo. (Solution quality may vary)
Posted by Adam Ruth on Mon, Jul 04, 2011
If you've used both AA Console and the beta for the new PDQ Inventory you may have noticed a couple of differences in collection filters. The biggest difference is how filter fields are structured.
In AA Console each field is searched individually, which makes the filter engine simple but does lead to some consequences in that you may not get the computers you're looking for. So, for example, let's say you have a single computer in the database and it has 2 applications in inventory, thus:
| Adobe Reader |
10.1 |
| Minesweeper |
9.1 |
If you want a collection showing computers with Adobe Reader versions other than 10 you might create the following filter:
This seem like like an obvious way to get what you're looking for, but once you realize that it's matching the applications individually, you see a problem.
| Adobe Reader |
10.1 |
Matches filter 1 |
| Minesweeper |
9.1 |
Matches filter 2 |
You would expect your computer to not match the filter because it has version 10.1 of Adobe Reader, but it does because it has another application that doesn't have 10.1. We got around this in AA Console by adding a new field called Application Name and Version which concatenates the name and version in a single value to allow for them to be matched together. But this doesn't help with all of the other fields that you might want to work with.
PDQ Inventory resolves this problem by grouping fields underneath their respective types of inventory data. Now, to implement the logic above you would just create a single application filter:
The new architecture of the PDQ Inventory filters allows this to be done easily and logically. You can even add more Application filters to the same collection to combine the varous filters.
This issue has been one of the more confusing in AA Console and we're glad to finally be able to clear it up with our new software. If you haven't had a chance to try out PDQ Inventory, please give the beta a try. The software is free to use just like PDQ Deploy and we hope you find some good use for it.
Posted by Shawn Anderson on Fri, Jul 01, 2011
In preparation for installing Internet Explorer 9 to your company computers, I wanted to compile some helpful links to get you started.
In the coming week I will be demonstrating the customization and deployment of IE 9, but I didn't want to wait on getting these links to you.
-
-
-
-
IE9 Blocker Toolkit - Not ready for IE9? Prevent your users from getting it automatically via wupdate.
-
-
You'll glean the proper switches to use for the deployment, but the most common switches that you'll use to deploy IE9 silently without forcing each installation to download updates, use the following:
/quiet /norestart /update-no
The information above will be broken down into multiple posts so that we can devote the appropriate amount of time to each section.
