Automated Install Script

Due to a huge increase in employee numbers I decided it was time to speed up the deployment process. I had worked with automatic install scripts before whilst at IBM’s Innovation Centre, in fact I rewrote most of them to match newer OS versions etc.

So with a little experience behind me I decided to write a script from scratch that installed the following:

  • .Net 4 (see older post)
  • Adobe Reader
  • Adobe Flash
  • Java Run Time
  • Office 2010 SP1
  • Windows Activation
  • Internal Help Desk application
  • Cisco VPN client (for customer access)

OK, so those who are experts in this will see a very simple, perhaps clunky script, but for what I need it’s perfect. Complete with comments and prompts the script is only 42 lines. and requires only 1 click to run and a further 3 for the Windows activation and Office installer.

A note on deploying Office 2010 – I created my own .mum file and inserted into the Updates folder in the installer location to create this I ran setup.exe /admin and made it as silent as possible to install, meaning you only have to click “Install Now”, it even activates Office for me. For help on this I actually used Microsoft documentation! (http://technet.microsoft.com/en-us/library/dd630736.aspx)

Here’s my entire script (with product keys and file locations modified for security purposes):

@ECHO OFF
rem ———-Installer Coded by Jonathan Ward 13/06/2012————–
rem ——————–Major Update 18/06/2012————————
rem **Updates 19/06/2012** :- Office SP1 & Java included
echo Welcome to Auto Installer
echo Activating Windows 7… EXPECT 2 POPUPS (click OK)
“%windir%\system32\slmgr.vbs” /ipk [key goes here]
“%windir%\system32\slmgr.vbs” /ato
echo …done
echo Installing .Net 4 Runtime…
“\\[file location]\netlogon\dotNetFx40_Full_x86_x64.exe” /quiet /norestart
echo …done
echo Installing Adobe Reader…
“[file location]\newpc\AdobeRdr1000.exe” /sAll /msi /norestart ALLUSERS=1 EULA_ACCEPT=YES
echo …done
echo Installing Adobe Flash…
“[file location]\newpc\flash_iexplore.exe” -install
“[file location]\newpc\flash_firefox.exe” -install
echo …done
echo Installing Java Runtime…
“[file location]\newpc\java.exe” /s
echo …done
echo Installing Cisco VPN…
mkdir %USERPROFILE%\Desktop\cisco
xcopy “[file location]\newpc\cisco” %USERPROFILE%\Desktop\cisco /Y /q
start /wait msiexec.exe /q /i “%USERPROFILE%\Desktop\cisco\vpnclient_setup.msi” /norestart
xcopy “[file location]\All PCF” “%ProgramFiles%\Cisco Systems\VPN Client\Profiles” /Y /q
rd /s /q %USERPROFILE%\Desktop\cisco
echo …done
echo Installing Microsoft Office 2010… (Click Install Now)
“[file location]\Office 2010\setup.exe” /config “\[file location]\Office 2010\ProPlus.WW\config.xml”
echo …done
echo Installing Microsoft Security Essentials…
“[file location]\newpc\mse.exe” /s /runwgacheck /o
echo …done
echo Installing Service Desk…
md “%ProgramFiles%\Beoley Mill Software Ltd\BMS ServiceDesk”
xcopy “[file location]\Updates\Dev\*.*” “%ProgramFiles%\[file location]” /Y /E /q
start cscript “[file location]\csnew.vbs”
echo …done
echo Installer complete!
pause

I hope that some of you find this useful in your own script developments.

DotNet4 One-off install script (network deployment)

We needed to deploy .Net4 to all desktops and laptops within the domain in order to be able to use the new version of our in-house developed service desk system, the most critical application in our business outside of Email.

So I found/ modified this script below and added it to group policy as a computer startup script, it worked a treat internally but those on VPN only needed to run the script manually, so I ended up sending it out to everyone anyway!

setlocal

REM *********************************************************************
REM Environment customization begins here. Modify variables below.
REM *********************************************************************

REM Enter the Product Name.
set ProductName= Microsoft .NET Framework 4 Extended

REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer=\\dc1\netlogon\

REM Set LogLocation to a central directory to collect log files.
set LogLocation=”C:\Windows\Logs”

REM *********************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM *********************************************************************

IF NOT “%ProgramFiles(x86)%”==”” (goto ARP64) else (goto ARP86)

REM Operating system is X64. Check for 32 bit Office in emulated Wow6432 uninstall key
:ARP64
reg query “HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%”
if NOT %errorlevel%==1 (goto End)

REM Check for 32 and 64 bit versions of Office 2010 in regular uninstall key.(Office 64bit would also appear here on a 64bit OS)
:ARP86
reg query “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%”
if %errorlevel%==1 (goto DeployOffice) else (goto End)

REM If 1 returned, the product was not found. Run setup here.
:DeployOffice
start /wait %DeployServer%\dotNetFx40_Full_x86_x64.exe /quiet /norestart
echo %date% %time% Setup ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt

REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End

Endlocal

Some Updates

A nice stable week in the office, spent some time over previous weeks developing install scripts for our in-house developed service desk application. Needless to say we had some minor deployment issues (mostly where people hadn’t taken the .Net4 update I sent out) – But overall most people we sorted by the end of the week, more important than ever this week due to time sheet submissions before the long Jubilee Bank Holiday here in the UK!

The new Fibre line, Firewall and VPN are working a treat so far, not too many connectivity problems, have been able to download at 50Mb/sec and still enable people to do their work properly! –

I’ve also been working on some database config things with a colleague, cant say I understand much of it yet but I am now proficient in installing and reinstalling SQL 2008 (and R2)!

Successful week on the build front, 3 physical servers, 2 virtual servers, 1 laptop – not bad for a relatively quiet week in the office.

New VPN Solution

We used to use Routing and Remote Access (RRAS) under Windows 2008 to provide an Active Directory friendly route into the network (we have a lot of remote workers) – And while this is not a fancy solution it did just work. Well, that was until our new WatchGuard Firewall got in the way!

The WatchGuard XTM series is fantastic value for money offering various routing and firewall options for any small-medium network. the XTM 505 is a fantastic piece of kit which during the testing phase has proven to be significantly better that our older x2500 model, which was showing its age.

I’m still yet to figure out exactly what the problem with RRAS and out firewall was, something to do with protocol routing with GRE and PPTP when using 1:1 NAT, however I found so many articles on this and still after following them all to the letter, nothing worked. I couldn’t get in (neither could anyone else) – So I trusted my instinct and this article: http://blog.bruteforcetech.com/archives/470 – Hats off to the guy who wrote it, magnificent overview of how to get it working. Only took 30 minutes to implement the article and then another 15 or so to fiddle around with placing rules on the firewall to allow protocols etc.

What I like about the solution is on my WatchGuard System Manager dashboard I can see who is connected (via RADIUS) and how many bytes they’ve used as well as the IP address they are connected on. This is the first full day of the new solution and I have 6 people from around the UK connected without any issues. FInally I have replaced RRAS with something less glitchy and perhaps easier to manage.

I reused my VPN server as the RADIUS server, but may be able to free it up by putting RADIUS on one of the domain controllers, which would hopefully speed the LDAP lookups up.