Monday, April 27, 2015

Deploy HEC-SSP 2.0 with ConfigMgr

The install of HEC-SSP 2.0 is a simple example of using active setup to take care of a first run prompt that appears for each user. The computer labs where we deploy this software are in part managed by Faronics Deep Freeze, which reverts the computer to its previous state each time it is rebooted. Therefore we do not want the student to have to click through all the first time run prompts every day they use a piece of software. HEC-SSP has a Terms and Conditions for Use prompt that pops up the first time a user runs the program. We are going to use active setup to accept the terms on behalf of the user.

Active Setup

Using a program like RegShot you can easily find the files and registry entries that are modified between two points in time. I found that the registry entry that handles the TCU popup is at [HKEY_CURRENT_USER\Software\JavaSoft\Prefs\hec2\ssp\client\/T/C/U\2.0 ]
"/Read/T/C/U"="1". So I exported this entry into a .reg file.
Here are the contents of the file, you will need to either export your own from Regedit or copy into a file called "hkcu_HEC-SSP.reg"
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\JavaSoft\Prefs\hec2\ssp\client\/T/C/U\2.0 ]

Install Script

Next create your install script, this one is in PowerShell. I also want to remove previous versions of this software as the installer does not replace them itself. So I will search for and remove all versions before installing.
# Uninstall existing installs
$Installs = get-wmiobject -namespace root\cimv2\sms -query "select * from SMS_InstalledSoftware where ProductName like 'HEC-SSP%'"

foreach ($Install in $Installs)
  $software = $Install.softwarecode
  $UninstallArgs = "/x $software /qn Reboot=ReallySuppress"
  start-process msiexec.exe -ArgumentList $UninstallArgs -wait
# Install Current Version
$InstallArgs = "/S /v/qn"
Start-Process .\HEC-SSP_2_Setup.exe -ArgumentList $InstallArgs -Wait

# ActiveSetup to remove first run TCU Prompt.
Copy-Item -Path hkcu_HEC-SSP.reg -Destination "${ENV:ProgramFiles(x86)}\HEC\HEC-SSP\2.0\hkcu_HEC-SSP.reg" -Force
New-Item -Path Registry::'HKLM\Software\Microsoft\Active Setup\Installed Components\HSU-HEC-SSP-2.0' -Force
New-ItemProperty -Path Registry::'HKLM\Software\Microsoft\Active Setup\Installed Components\HSU-HEC-SSP-2.0' -Name StubPath -PropertyType String -Value 'CMD /C REG IMPORT "%ProgramFiles(x86)%\HEC\HEC-SSP\2.0\hkcu_HEC-SSP.reg"' -Force
New-ItemProperty -Path Registry::'HKLM\Software\Microsoft\Active Setup\Installed Components\HSU-HEC-SSP-2.0' -Name Version -PropertyType String -Value '2,0,0,0' -Force

Build Application

Put the reg file, HEC-SSP installer and PowerShell script in your ConfigMgr source.
Create your application, the installation command line I use with PowerShell is
powershell.exe -ExecutionPolicy Unrestricted -File install_HEC-SSP.ps1

Detection Method

The HEC-SSP_2_Setup.exe extracts an msi into C:\Windows\Installer when it is run. You can gather the msi product code from it to use as the detection method.

1 comment:

  1. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai