VULNERABILITY DIGEST FROM ACTION1

Patch Tuesday and third-party updates | This Wednesday | 12 PM EST / 6 PM CET

Action1 5 Documentation 5 Add Custom Packages to Software Repository

Add Custom Packages to Software Repository

 

Action1 Software Repository is a centralized software distribution library that stores hundreds of packages ready for installation. But what if the application you need is not in the Software Repository? Create custom installation packages with your apps to roll out deployments on multiple endpoints at once. You can add proprietary software solutions as well as apps from third-party vendors. Your custom apps will be available across all your organizations.

Checking Your App First

Before adding a new custom package to the Software Repository, Action1 suggests you run a test installation in a sandbox server. Install the app and check the following:

 

  • Confirm that the application can be installed for all users (per-machine installation) – navigate to the Program Files to check. Note that Action1 attempts to install custom packages for all users on a machine (per-machine), per-user installation is not supported. Don’t upload custom apps that only perform per-user installation.
  • Navigate to Programs and Features (or Apps & Features) to see how software name and version are displayed. Later on, you’ll configure the App Name Match property accordingly. For example, let’s view Node.js entry in the Programs and Features:
Programs and Features
  • Alternatively, use this application parameter detection script (run on the sandbox server) to select the application from the list of installed applications and retrieve its parameters (display name, version, vendor, and architecture).
  • Check silent install & unistall parameters supported by your EXE file; or additional properties supported by MSI file.

Do I have to specify MSI additional properties?

In most cases, you do not have to specify any additional properties. Howerver, some MSI packages provide optional customization parameters called “public properties”, such as ALLUSERS=1 or REBOOTPROMPT=”We need to reboot your system”. To set a public property to a literal string value, include the string between quotation marks.

For property reference, please refer to Microsoft documentation:

https://docs.microsoft.com/en-us/windows/win32/msi/property-reference

To specify MSI transforms (MST file), put both the MSI and the MST file into a ZIP archive and use the following special syntax: “my setup.msi” TRANSFORMS=”my transforms.mst” (where “my setup.msi” and “my transforms.mst” are the actual file names inside the ZIP file).

If the MSI file is packed inside a ZIP file, you also have to explicitly specify the name of the MSI file to run after the unpacking as the first attribute, such as: setup.msi ALLUSERS=1

How to check EXE silent parameters?

Unlike MSI files, EXE files don’t have a standard set of silent parameters. These parameters are vendor- and app-specific. To discover available silent install/uninstall switches:

  1. Check if the vendor included the usage statement with the installer. To do it, start the Run console, drag the EXE file there and append /? at the end. The pop-up window will list existing silent parameters if the usage statement was provided by the vendor.
  2. Check out the product documentation.
  3. Try using Universal Silent Switch Finder app.
  4. Try extracting EXE contents from archive. In many cases, you can locate the EXE or MSI file included in the executable and learn about its properties.

 

Adding a New Package

  1. In the Software Repository, select Add to Repository.
Software Repository

2. Provide general information about the product: its name, vendor, etc. Then save it.

Adding a new app

Adding a Version

Start by adding a version of the package. Click Add Version and configure its settings. Later on, you can add multiple versions of this app. Whenever a new version is released, add it to your package or mark it as a new installation or an update.

1. On the General tab, provide the exact version number, release date, the OSs it applies to, update type, and other version-specific parameters. You can also add EULA if required by a vendor.

In the Display Name Match field, provide a regular expression that matches the software name as it appears in the Apps and Features (or detected by the application parameter detection script). Action1 uses it to identify packages already installed on managed endpoints. Without proper identification, it will be impossible to detect missing updates or avoid duplicate installation attempts. Optionally, provide a broader expression for localized software packages.

The symbol ^ matches the beginning, $ matches the end. For example, type ^Slack$ for an exact match or ^Slack.* to locate all entries starting with Slack. Just typing Slack will return all entries containing Slack. Don’t forget to add \ before special symbols. For example, to ^Node\.js$. To learn more about regular expressions and verify entries, check out the Regex 101 website.

Adding a new version of the package
  1. On the Installation tab:
    • Provide installation packages  for download. You can submit installers for Windows 32- and 64-bit separately. You can upload a ZIP package with multiple files (EXE, MSI, or “dumb” files) — see Prepare Multi-File Custom Packages. You’ve got an option to upload files to a private Action1 Cloud for P2P distribution or select a file from a public UNC location. Uploading to Action1 Cloud is recommended since it enables you to push installation to remote endpoints that aren’t connected to a corporate LAN. On top of that, Action1 leverages a top-notch proprietary data distribution technology. Instead of downloading the same package multiple times, managed endpoints will download smaller chunks of data and share them among their peers. The Action1 P2P technology helps significantly reduce network utilization.
Uploading new EXE app package
  • Specify the installation type: Windows Installer (.msi) or Other (.exe or scripts). Software deployment methods affect the package properties you’ll have to configure. Note: specify Other for multi-file ZIP packages (EXE, MSI, “dumb” files).

Windows Installer: .msi

– Configure Additional MSI properties to customize the installation of your package. Add an MSI name in properties as a first parameter (e.g., “my setup.msi” param1=value1), embrace file names that contain spaces in quotes. To enforce a transform file (*.MST), specify setup.msi TRANSFORMS=transforms.mstFor example, force restart operation with a preceding warning (REBOOTPROMPT=”The computer will restart in 10 minutes”).

Note that Action1 attempts to deploy custom packages per-machine; per-user installation isn’t supported. If your app is a dual-purpose package that supports both per-user and per-machine installation context with per-machine being non-default behavior, make sure to enter ALLUSERS=1. Provide string values in quotes. Refer to the application publisher documentation for details on available public properties. 

If you uploded MSI in a ZIP, select Other installation type intead of Windows Installer.

– Define Success exit codes for your installation. In most cases, the code 0 or 1 stands for a successful operation but you should check with the app publisher first. Specifying correct success exit codes is essential, Action1 uses them to identify if the installation succeeded or failed.

– Set Reboot exit codes. For example, 3010. Based on this code, Action1 defines whether the restart operation is needed.

New App Version Installation Settings

Other: .exe or script (.cmd, .bat or .ps1)

– Provide Silent install switches to suppress any interactive prompts and allow the Action1 agent to run setup in a fully unattended mode, without any user input. For example, add commands /q, /norestart. You can check the silent switches supported by your EXE by running /? or /help or a similar command.

If you uploaded a ZIP with EXE, specify the script name that runs the EXE as a silent install switch parameter, embrace in quotes if the file name contains spaces (e.g., “start script.ps1” /q).

If you uploaded a ZIP with MSI, provide a script name that runs the MSI as a silent install switch parameter, embrace names containing spaces in quotes. 

If you uploaded a “dumb” file package with a script, specify a script name as a silent install switch parameter (e.g., copy.ps1). Use quotes if the script name contains spaces.

– Provide Silent uninstall switches to allow unattended uninstallation. You can check the silent switches supported by your EXE by running /? or /help or a similar command.

– Define Success exit codes for your installation. In most cases, the code 0 or 1 stands for a successful operation but you should check with the app publisher first. Specifying correct success exit codes is essential, Action1 uses them to identify if the installation succeeded or failed.

– Define Reboot exit codes. For example, 3010. Based on this code, Action1 defines whether the restart operation is needed.

New App Version Installation Settings for EXE

3. On the Additional Actions tab, specify automations to be executed along with the package installation/uninstallation. For example, push related software updates or uninstall conflicting software. Select the Add Action button and specify the action from the list. For each action, configure settings and define when to execute it: before or after installation/uninstallation. Action1 free software deployment solution enables you to add as many actions as you need and set the order in which they will be executed.

  • Reboot: select to restart an endpoint. You’ll be able to specify an offset and display a restart notice.
  • Run Script: select to run a script. You’ll be able to insert environmental variables and configure success exit codes.
  • Deploy Software: select to install more apps from the Action1 Software Repository.
  • Deploy Update: select to install missing patches and critical updates.
  • Uninstall Software: select to uninstall software.

The Priority parameter defines the order in which the actions from the same step are executed. The lower the value, the sooner it will be executed. For example, if you specify two “Before Install” actions with priorities 1 and 2, the priority 1 action will be executed before the priority 2 action.

Additional actions

Finally, your app package is ready to be distributed. Navigate to Endpoints and select Deploy Software or pick your custom package in the Software Repository and select Deploy to Endpoints.

Customize Software Package Installation Settings

NOTE: Customization is currently supported for built-in software packages only.

This functionality allows you to customize software package installation settings without cloning the package. This can be helpful, for example, when you need to distribute a software package with a license key to a certain department or configure site token properties that should be unique for your MSP clients.
Supported package types are MSI, EXE, CMD, BAT, PS1, ZIP.

To customize the built-in package installation, take these steps:

  1. From the Software Repository, select the package you need.
  2. In the Software Package Settings dialog, expand Overrides for package installation settings and click Add.
New App Version Installation Settings
  1. Click Add.
  2. Then you can customize parameters for software installation.
    • Configure silent installation switches – command line parameters that instruct the installer to operate without user interaction and suppress UI prompts. Example switches: /quiet, /silent, /s, /q.
      For more information about silent installation switches, refer to the documentation from your software vendor.
    • Configure other installation parameters you need – for example, to automatically accept the end-user license while running MSI, enter EULA_ACCEPT=YES
  3. Verify the parameters using the Command line preview below the input field.
  4. Configure the customized package Behaviour – that is, how the custom settings should affect the standard installation parameters. Possible options:
    • Append (default) – custom settings should be appended and used together with the standard installation parameters.
    • Substitute – custom settings should override the standard installation parameters.

IMPORTANT! For MSI files (Windows installer packages), silent installation switches (/quiet, /qn, /norestart) are mandatory. Make sure they are specified correctly, otherwise the installation will hang.

  1. Select which package versions will be targeted; default is All versions.
  1. Select whether the custom switches should be applied throughout Enterprise (default) or Organization scope.

You can add as many custom installation settings as required.

To view the installation settings configured for the built-in package, select the package from Software Repository and then click the version you need.