How do you handle/manage updates to applications?

[h4x0r]

We are deploying Flash, Java, Quicktime, etc, using the Applications model in CM2012. Our WSUS is not handled by CM, and is handled farther upstream in our AD forest...otherwise, I would use CM to help roll out the Adobe products with SCUP.

 

My question to you all: how do you handle management of added application updates? Just looking at Flash in particular, when adding a new application and setting supercedence, it seems like I'm going to end up with hundreds of entries just for Flash applications that update prior versions. Am I doing it wrong? Do you guys delete the old Application at some point? Or is this just a shortcoming of the Applications model? I can see splitting the Applications into their own folders, in order to help make it easier to manage...but what other current practices are people using?

 

I'm just looking for examples of how people manage their Apps, and how they handle updates to them...any info is appreciated! thanks!

[h4x0r]

Anyone?

[binarymime]

This was an issue that I strategized and debated for a long time and it still only exists in my head. This reply may get long...

 

First and foremost our School Division subscribes to the Enterprise CAL Suite. I say this only to illustrate to you why we use SCCM and why I needed to find an SCCM way of doing things.

 

I utilize a combination of Applications and SCUP, I will summarize the process below, if you want me to elaborate on any of the points just let me know.

 

FOR USER DRIVEN INSTALLATION AND UNINSTALLATION:

 

- All of our software is distributed via applications, i don't use supersedence of any kind, our applications are all distributed via custom batch files, one install batchfile, and one uninstall batchfile, the install batchfile is always configured to install the latest version, our uninstall batchfiles removes current and prior versions. This allows us to advertise applications to device collections and our staff are then able to install and uninstall advertised applications at will. My detection rules simply look for current and prior versions so that the uninstall routine if invoked manually will remove old versions. These rules are based on msi product code version when we can, otherwise its a file based detection based on exe file version.

 

- in essence this means that if a staff member uses software center to install an application it will always install the latest version, if they choose to uninstall, it will uninstall all current versions and prior versions.

 

- These same application installers are leveraged via a UDI task sequence that our fields techs use for deployment of images at any of our 43 rural schools and offices.

 

FOR UPDATES:

 

- I distribute a WSUS self signed cert for use by SCUP via a legacy package, we don't currently leverage our PKI as it is being rolled out for Wireless internet at the moment and we haven't had time to test and deploy leveraging it further, however I want to do this eventually.

 

- using iExpress I package all of the source files for the following apps into .exe files that i publish to WSUS via SCUP:

 

FirstClass

Flash

Reader

Shockwave

Chrome

Firefox

Java

 

- the complied .exe files run the uninstall script as the pre-exe and the install script as the post-exe. This ensures clean updates all around, for many of these updates i use taskill commands in the install and uninstall scripts to ensure the updates work correctly.

 

- For each of these updates I have created custom Installable and installed rules. The installable rules check for the apps existence and then check the version # via registry and file version rules where applicable, if the versions do not match the current release, then the update applies. The installed rule then just checks to ensure the latest version is installed.

 

- The updates are advertised and users can run them manually for up to a week at which time they automatically install if they have not been run previously.

 

SUMMARY:

 

- The above routine keeps my applications node clean, and allows me to publish and expire updates from the SCUP console. It has been working great so far.

[binarymime]

Also, i realise WSUS is handled upstream in your environment, however SCUP became the only solution in the end...im not sure what would be involved logistically in doing so, but we use WSUS integration with SCCM fully, for windows updates as well. It makes administration a lot easier

[h4x0r]

Thanks for the info, binarymime. While we've been using CM2012 for a while now, all of our packages were migrated back during the move from 2007 and I was never super motivated to move everything over...in part just due to not having appropriate time to test everything. However, with summer break (we're in education as well) in the wings, I would like to move as much as possible into the Application model.

 

If you could provide more info on your user driven install and uninstall, I would appreciate it. Right now, we are experimenting with a TS which does what you are talking about with your batch files...there are a couple WMIC uninstall command lines that are run in order to uninstall all prior versions of the software, as well as some taskkill commands, and then we install the latest version. I would be curious to see what your batch files look like, if you don't mind thanks for the input!

[binarymime]

I would be happy to.

 

What information in particular are you looking for?

 

Any particular batchfiles you would like to see. Quick count I have about 200+ for various products.

 

I also tried the TS idea you are describing and I have tried using WMIC commands in the past as well, however in my experience I find that WMI corrupts far to often and I don't rely on it unless I have to.

 

The beauty of SCUP based updating is that my installable and installed rules are always dependent on the existence and versions of files or registry keys, so you don't have to rely on intact WMI repository information

 

Since the installed versions of administrated software are only ever what we install we simply uninstall based on msi product code or reference the applications .exe uninstaller via a batchfile. This seems to work well.