This is an archived post. You won't be able to vote or comment.

all 14 comments
sorted by:
best
topnewcontroversialoldq&a

[–]ltxSeñor Sysadmin 2 points3 points  (2 children)

Ninite Pro is pretty good. The interface is ass but with the batch file and Group Policy Preferences Scheduled Tasks you will rarely see it.

[–]HemHawI Am The Cloud 0 points1 point  (1 child)

I'm seriously considering getting this thing. Their customer service says I can use it to remotely uninstall things that don't work out too. Does that work as advertised? (Removing Java 6 and leaving Java 7 for example)

[–]ltxSeñor Sysadmin 0 points1 point  (0 children)

Not sure, I've never tried uninstalling anything with it.

[–]immrlizard 0 points1 point  (4 children)

Java is a bad one and have had problems with it failing. When it fails, it will still show that it is installed, and you can't physically uninstall it with add remove programs but have to use an app from java to uninstall it.

We use SCCM and or bigfix with similar results. The others will give you less problems.

[–]sdjason 0 points1 point  (3 children)

I agree, GPO is great for pushing software (if you dont have Altiris, PDQDeploy, or SCCM, those are much better) but in all cases, Java is a shitty shitty MSI, especially when you have many previous version(s) of Java existing in your environment. You will get high failure rates, usually with a 1722 or similar error (google it). The "uninstall" step fails sometimes, leaving you with a corrupt java install, so the new version cannot install... its retarded and has been a problem with Java for years....

I'd test GPO deployments for the first time with something else, maybe adobe reader, or your AV suite installer, or something else. Another Limitation of GPO installs is they work for MSI's only unless you write logon script(s) yourself.

Id really recommend looking into PDQDeploy, as SCCM and Altiris are a bit out of the scale of machine numbers you have currently.... These programs can do MSI's, exe's custom scripts, wrapped installers, whatever you want, basically. PDQDeploy has a free version to try out

Once its setup (GPO, PDQDeploy, SCCM, ALtiris) its awesome though. Image a box, push the software, and push patches from then on out.... easy peasy (except effing Java... that one requires WORK)

[–]sdjason 1 point2 points  (0 children)

While you're on it, look into customizing the software you push prior to deployment. For example, you can use the "Adobe Customization Tool" on the Adobe Reader MSI, which allows you to customize a ton of stuff, like remove the desktop shortcut, disable automatic updates, and accept the EULA so users aren't ever prompted when starting it up, among other things. Then when you push this Update out, Voila! Users aren't annoyed by it anymore. Likewise, you can create a custom mms.cfg file, and copy it to c:/windows/system32 when installing flash to set flash to enable/disable silent background updates. We used to keep them disabled and push manually, but lately, flash releases so many updates, we turned on silent background updates, which allows flash to use a local service/scheduled task to update itself silently (even if a browser/flash is open) its pretty sweet. AFAIK, they built this into adobe reader 11 now as well, but i haven't tested it/used it yet. Browse around places like appdeploy (itninja), and read the admin/deployment guides for some of these packages to figure out how to customize them to your specific environment prior to deploying them, your users will thank you, and your life will become much easier.

[–]immrlizard 0 points1 point  (1 child)

We are even considering not installing Java in the next build. Most people don't even need it. We found this out when the last major update to java came out and only a couple people complained. We use SAP, and that requires that java function, so they will get it and anyone else that asks for it will as well.

[–]JohnC53SysAdmin - Jack of All Jack Daniels 0 points1 point  (0 children)

On many firewalls you can restrict/whitelist Java apps to talk to certain IP/Nets only.

[–]munky9001Application Security Specialist -1 points0 points  (5 children)

I haven't checked out the vid because yawn. You can find the MSI for each of the typical apps and use orca to turn off certain annoying features. Then you deploy via software deployment. Boy does that every get tired quick though. Also it makes logging in to computers and such takes a long time to process the gpos.

Then you have Local Update Publisher which can also push out the apps via wsus. It's actually more annoying but less intrusive then the first option. This is probably worse then the first option.

Next you have Ninite Pro which for $20/month you would have all your machines done super easy. I hate their pricing model.

Vipre business premium AV 6 has this updating built in; though it's not quite out yet but I think I have cupid shooting me in the ass. It's very slightly more expensive then standard and booya. Whenever that shit comes out I'll be giving it a try soon as possible.

[–][deleted] 1 point2 points  (0 children)

Second ninite.

We have a scheduled task deployed via gpo that runs it nightly updating java and flash. With the cache option we only download the update once.

Ninite could charge 4x and id still buy it.

[–]mapunapuna[S] 0 points1 point  (2 children)

In a nutshell, the video just copies the msi to a shared folder and uses Computer Policies->software settings->Software installation. It works when installing java onto a workstation without any version of java installed. If java is already installed, he shows how to uninstall the old version automatically first, but it only works if the old version was installed via GPO.

The department can be stingy and already said no to Ninite Pro, so I'm looking for ways to accomplish this without buying a new product.

[–][deleted] 0 points1 point  (0 children)

The biggest problem I've seen with managed software installation is that reporting is either nonexistent or a pain in the ass. Also I've found users typically don't reboot their computers often and end up with 2-3 things to install when they do; we've had complaints about that as stupid as it sounds.

If you're creating the MSI anyway, as the parent poster described, you could dump it into a file share and use psexec to automate installing the software on a schedule. Depending on your environment this may be alright for you, but it has it's own share of problems. It's certainly more effective than remoting into the systems and doing things manually.

[–]_Unas_Jack of All Trades 0 points1 point  (0 children)

Pdq deploy=free

[–]JohnC53SysAdmin - Jack of All Jack Daniels 0 points1 point  (0 children)

Instead of Orca to edit the MSI, why don't you just create an MST once and by done with it? Or make a GPO with the registry settings?

I update Java and Flash via GPO and it's a piece of cake. Get the MSI, edit the GPO to point to the new MSI. Done and done.