Solution for Remote Software Deployment on Windows?

DownTownMT asks: "I work as a Windows administrator in a small company with roughly 180 WinXP/2000 and 30 Win98 machines. Our current method for installing Windows patches is WSUS which works great for the non-98 PC's. However, when installing software, such as Adobe, QuickTime and various other tools, our only method is to manually install it on each machine. What are you sysadmins using to deploy software across all of your machines?"

Dammit!

[B5_geek]

You sound like the same idiot who stole my job for $20k/y less then what I was getting paid.

Altiris Deployment Server or MS SMS

[willith]

Spent several years using the Altiris Deployment Server product to install software packages in a ~4,000 user site. It worked quite well; you install the Altiris Client on each computer you want managed (there's an automated remote install, or it can be done manually, or via logon script, or whatever works for you), and then you can perform a ton of actions on the client computers from the Deployment Server console--installing packages, removing packages, power on (via Wake-on-LAN) and power off events, hardware & software inventory & reporting, all kinds of stuff. The packages you install will generally be MSIs, created yourself with something like Wise Package Studio or from regular off-the-shelf software with a transform of your own making applied post-install.

Microsoft's SMS is also a fine option and competes with Altiris; while Altiris comes with a lot more pre-configured features out of the box, SMS is just as extensible and has the same leg-up over Altiris that most MS products have over competitors--seamless integration into the host OS and domain.

Win98?

[alshithead]

I think the solution you should be looking for is to get rid of the Win98 machines. I'm guessing you have some proprietary/legacy app or systems control running on them but you'll eventually need to get rid of them anyway. Maybe you should work that aspect first?

BackOrifice?

[Short+Circuit]

I believe BackOrifice was originally designed for this kind of thing, on Win95/98 machines, no less.

Just do drive by-installs with Internet Explorer

[Animats]

Just put a signed self-installing Active-X control on the company web site on some page that sounds interesting, and let it do drive-by installs.

Lots of choices, but SMS is the standard

[kiwimate]

A couple of cautions.

Any remote distribution product has a fairly high learning curve, and SMS is no exception. This is as much about the infrastructure as it is about the product being distributed. You will often find it necessary to hack apart MSIs, do some intriguing scripting, etc, because vendors are terrible at providing standardized ways of distributing their software in an automated scriptable manner. Adobe (as you mention them specifically), from what I've heard, is especially bad at this. That said, there are many, many people doing the same thing who are willing to share their experiences in mailing lists and on web sites.

Check the requirements and supported platforms for your product before you plunk down your company's cash. For SMS, that includes the service pack level as supportability can change. I'm looking specifically at your use of Windows 98, which I think is not supported in SMS 2003. But check and make sure.

By the way, skipping back to my first point...what duffbeer703 says about MS blaming issues on the 3rd party distribution tool is, in my experience, not as bad as it sounds. (Caveat: we have premier support so they tend to be a lot nicer to us.) But, in general, I've found MS to be pretty helpful on support, and that extends to "best efforts" even if they do point the finger at your other product. That said...remember your other third party product, even if you use SMS, is the products you're trying to distribute.

Good luck. SMS works really well for us, but we have a fairly solid grounding in it. As I mentioned, it's a steep learning curve no matter what product you choose, and you may find there are various system requirements that you might find onerous (do you run AD, for example?). Remember SMS is more than mere software distribution; it's also a huge inventory gatherer which adds to the complexity of running it.

SMS and Altris 400lb sledge hammer

[odin749]

There are many suggestions here to use SMS or Altris when he has stated that he only has 180 users and still 30 running Windows '98. This is not a company that is will to part with cash for enterprise solutions if they still have Windows '98 lying around. It is also not a company that is overly concerned with security.
I worked in a similar environment in the past and I found that with a properly setup Active Directory and some painfully written batch scripts I was able to get software to install perfectly on every machine in the office. All it takes is a few hours of writing the scripts and testing for each software that you want to install and then you never have to think about that software again. I had a master script that ran when a user logged on that mapped all their printers and file shares, set a random local admin password and then check to see that all software was the latest version.
At my current job which is closer to 50,000 computers we use a much more elligant solution in PCCOE however it is really over kill for what you need.
http://odin749.bloger.com/

Re:SMS and Altris 400lb sledge hammer

[dreamer-of-rules]

We have a couple Windows 98 machines for reading mainframe tapes we still get from our clients. The tape software runs in DOS, and simply can not be run in any newer Windows. There is updated tape software, but it's all GUI, less useful, and takes about 10 times longer to do the same thing.

I've spent enough hours trying to get around this.. so now we have these single-purpose systems with severely locked down accounts.

Point is, there may be a good reason they've still got Windows 98 systems in use..

(PCCOE was pretty cool.. I've written a couple site packages for it in a past life.)

MSI & GPOs

[enharmonix]

You can configure and deploy Windows Installer packages in MSI format using Active Directory Group Policy Objects. We use them to enforce up-to-date SAV installations on all desktops in our domain, and plan to start rolling out more installs that way. Supposedly you can even use tools to bundle EXE serup programs in MSI files to deploy them through AD. Beats the heck out of administrative installs or VNC. Hope that helps. Cheers.

Why use deployment software at all?

[LaZZaR]

Given the size of your enviroment and the language you used, i'm willing to bet that your employer would not be willing to shell out $$$ for something like SMS. Plus since you are asking this question, you would also lack the expertise. SMS has a fairly steep learning curve. There are open source solutions available, but I have not used any of them, so YMMV.
Why not just use login scripts? Its crude by today's standards, but it gets the job done, and it will cost you nothing.

OCS Inventory?

[BobPaul]

OCS Inventory is an OSS tool we had deployed once upon a time. I see the most recent version support application deployment.

Otherwise, if your Vista/XP/2000 machines are on a domain, you can deploy software though domain policies, though I didn't find a really clean way of doing that in the short time I did IT.

Landesk

[eric2hill]

We were in the same boat a few years ago and went with Landesk. It has fully configurable patching of both Microsoft vulnerabilities, as well as dozens of other packages such as Firefox and Adobe. They take care of the core of our software patches and updates, and the rest are easily done with some custom packages. It runs about $60 per machine per year. You can't pay a minimum wage intern to manually patch machines for that little money. It also does full inventories including serial numbers for Windows, Linux, and Apple machines.

I've used SMS from Microsoft, and it works great for Microsoft stuff, OK for other deployments, but didn't deal with Apple or Linux at all.

I have a colleague that has worked with Altiris, and he liked it, but it was a bit more expensive per machine.

All in all, Landesk works very well for us and has saved us countless man-hours and effort to keep our network running.

ding ding ding

[toadlife]

That's what we've been doing for six years now since moving to a win2k domain. As of now we have around 40 software packages in our "softdeploy" share. Since we have multiple sites, we host the software shares on a DFS root, so we can use on policy for machines in all sites and they get their package from the local site automatically.

I convert non-msi installers into msi format with the freeware program wininstallle 2003 (which is no longer free, but I kept my copy). wininstall tends to create slightly broken packages, so I fix them by running the validation tool in Microsoft's orca utility.

If my boss would spring for a proper msi package creator like adminstudio, I wouldn't have to know so much about msi installers, but that's the way it goes.

WPKG

[RCSInfo]

How about http://wpkg.org/? It covers Win98 through XP, works with all manner of installers (MSI, EXE, etc..), can run off a Windows or Linux server, and is completely open source. I set it up for one client who had a linux server with XP clients and we have had pretty good luck with it.

Re:Depends

[icedivr]

What you're really looking for is Systems Center Essentials. It is a combination of WSUS, SMS and MOM rolled up into one. It's targeted towards companies that have "a computer guy" or two, but not the resources to implement full-blown versions of SMS & MOM. It's currently offered as a release candidate, so its official release is coming soon. http://www.microsoft.com/systemcenter/sce/

Use Dexon

[madmilo]

I work for a company called Dexon Software (www.dexon.us) We've got a infrastructure management tool for network administrators. It's sold by modules, so you could buy Dexon Software Delivery along with Dexon Agent licences for each one of your PCs, it works on Win95 and up. I'm just a developer, but I know our prices are really competitive.

Re:Altiris

[Meostro]

Seconded. At a large company I worked for, we used Altiris to do deployments, patches and upgrades. It really beat the previous method, which was to literally take the install CD around to wherever we were working. Altiris lets you do reporting on who has what (including software versions and patch levels), and their package interface is pretty kick-ass. I don't know if the flexibility is available on other packages, but with Altiris you can specify several steps in a deployment, like

• Copy files to client
• Based on OS+SP, copy some additional files
• Run a script that will do some mojo to combine the additional files
• Run an installer
• Based on the installer results, run another package
• Run another script that does reg patches to work around the problems that the package has
• Chain packages together, so you can dump all your hotfixes with one click.
• Better yet, since the job history shows up on the management screen, you can tell which systems have gotten which patches

There are also automatic package deployment processes, so a centralized office can instruct the remote Altiris servers to install patches on all of its clients at X time - that's great for the branches because they don't even have to worry about system-wide patches, they just happen.

In addition to the package deployment system, there are reporting and diagnostic tools too. There is even a "remote desktop" tool, so when an installation goes bad or returns some kind of error, you can remote into the box (and/or lock the user out while you do) and fix whatever is broken while the user is on the phone. A bunch of other tools came with the package too, RapidDeploy(snapshot and deploy app install diffs instead of waiting for the whole install process), profile management (remotely back up/migrate a user or system) and web-based ad-hoc reporting.

Since we were a large company we had a huge Altiris deployment(~80 remote servers for 1000s of clients), and we probably paid $$$$ for it. There are different packages in different sizes available (AFAIK), so you should be able to find a decent match for your company.

(wow, that really sounds like a sales pitch... i don't work for them, i just really liked the product)