CHAPTER 13
Creating and Managing Packages and Programs

Applications and deployment types, introduced with System Center 2012 Configuration Manager, are discussed in Chapter 11, “Creating and Managing Applications,” and Chapter 12, “Creating and Using Deployment Types.” This chapter discusses the packages and programs feature that can also be used to deploy applications. Packages and programs have existed since 1994 with Systems Management Server (SMS), the earlier name for Configuration Manager (ConfigMgr). While the functionality of packages and programs has evolved over the years, their core concepts remain the same.

While Microsoft prefers that you use the application model, in several scenarios, using a package makes more sense or is the only option:

Scripts that do not install an application on a computer (such as a script to defragment a disk drive)

One-off scripts that do not need continual monitoring

Scripts that run on a recurring schedule and cannot use global evaluation

Applications that do not have very good detection methods or that require complex detection methods

Providing just the files to the operating system (OS) and not necessarily having to provide a program (mainly with task sequences during OS deployment [OSD])

This chapter, along with Chapters 11 and 12, focuses on software deployment. It discusses some key terms associated with software deployment using packages and programs, and it provides further detail on how to create and configure packages and programs. Chapter 14, “Distributing and Deploying Applications and Packages,” discusses how you can deliver a package to a device by creating collections, using distribution points (DPs), and creating deployments.

ConfigMgr software packages are not actually repackaged vendor software. While ConfigMgr uses the same source files used to install the software, it uses MSI files to automatically populate many of the questions that require answers to create packages and programs. You can also create software packages without package definition files, as you can deploy executables, batch files, VBScript, JavaScript, and command files, among others. If you can execute it, you can design a package to deploy it!

ConfigMgr uses packages to distribute software and to deploy changes (such as Registry changes) to client configurations.

A package may optionally include programs that provide specifics on how the software runs. A package also contains information about who can access it (security) and where it is distributed (DPs). Programs are commands specifying what should occur on a client when it receives the package. A program can do just about anything; it can install or uninstall software, distribute data, run antivirus software, or update a client configuration.

While programs are not required, a package must contain at least one program if it is to perform any action other than provide a pointer to source files. A definition file provides answers to the majority of the questions required to create a package. An MSI provided as a package definition file includes six default programs for use with software distribution, each allowing the package to run in different ways:

Per-System Attended: This installation causes a program to install and expects user interaction; it runs once for the system on which it is targeted to install.

Per-System Unattended: This installation causes a program to install that expects to run without user interaction; it runs once for the system on which it is targeted to install.

Per-System Uninstall: This installation performs an uninstallation of the program; it runs once for the system that it is targeted to uninstall.

Per-User Attended: This installation causes a program to install and expects user interaction; it runs once for the user for whom it is targeted to install.

Per-User Unattended: This installation causes a program to install without user interaction; it runs once for the user for whom it is targeted to install.

Per-User Uninstall: This installation performs an uninstallation of the program; it runs once for the user for whom it is targeted to uninstall.

Each program specifies the command line used to run the program in the method described. As an example, a per-system unattended installation includes a switch to run the program without user intervention.

Because this chapter focuses on ConfigMgr packages, the next sections walk through the steps to create a package and provide examples of the process.

Packages can come in many flavors:

Packages That Use a Definition File: You can create ConfigMgr packages either with a definition file or without. SMS 1.x definition files used an extension of .pdf (package definition file). With SMS 2.0, definition files had either a .pdf or .sms (Systems Management Server) extension. Although these two file types still exist and you can use them with ConfigMgr to create a package, they are relatively uncommon now. Originally, SMS used the .pdf extension; this was later changed to .sms, as the .pdf extension was also used for portable document format files. For information about creating .pdf and .sms definition files, see https://technet.microsoft.com/library/bb632631.aspx.

The package definition file most commonly used by Configuration Manager is a Windows Installer file. Windows Installer (.msi) files are discussed in the next section, “Creating a Package from a Definition File.”

Packages That You Can Create Without a Definition File: These packages are discussed later in this chapter, in the “Creating a Package Using the New Package Wizard” section.

A Package That Does Not Even Need to Have Source Files as Part of the Package: This is often used when ConfigMgr runs a program already stored on the system.

ConfigMgr uses these different flavors of packages to create Configuration Manager packages. To illustrate how this is accomplished, the next sections step through an example that shows how to deploy a relatively simple package.

1. In the ConfigMgr console, navigate to Software Library -> Overview -> Application Management -> Packages and select Create -> Create Package from Definition from the ribbon bar to open the Create Package from Definition Wizard, shown in Figure 13.1.

2. Click Browse in the wizard and navigate to the .msi. Choose the x86 version for this example. Figure 13.2 shows the imported package definition metadata for 7-Zip version 16.02. Click Next to continue.

The next page offers three different ways to manage source files:

This Package Does Not Contain Any Source Files: This may be useful when ConfigMgr is running a program already stored on the system.

Always Obtain Files from a Source Directory: This is the most commonly used option.

Create a Compressed Version of the Source Files: This may be useful when you need to decrease storage requirements or do not expect the package to change.

3. Select the second option for this package—Always obtain files from a source directory. Click Next. If the option you selected specifies that source files are part of the package, the wizard verifies the location of the source files.

4. Specify the package source location by choosing Network path or Local folder. As a best practice, always try to use a network path. Applications (as discussed in Chapter 11) require a Universal Naming Convention (UNC) format of \<servername> <sharename><filename>. A UNC path is required if you convert a package to an application using the Package Conversion Manager (also discussed in Chapter 11). Specify the path to the package source installation folder. As the contents of the selected folder and all subfolders are sent to each targeted DP, try to keep source files organized to reduce any chance of extra files and folders being distributed with a package. Click Next to continue.

5. Review the Summary page of the wizard, which lists the options chosen to create the package, including the name of the package, how to handle source files, and the location of the source directory (folder). Click Next to create the package. The Progress page appears briefly and automatically changes to the Completion page.

6. Review the status of this page and then click Close. Using the information in the MSI file, the wizard creates a set of installation options for the program, including Per-system attended, Per-system unattended, Per-system uninstall, Per-user attended, Per-user unattended, and Per-user uninstall, as shown in Figure 13.3.

The Programs tab (refer to Figure 13.3), displays the programs for the selected package. Because you ran the Create Package from Definition Wizard against an MSI file, you can see the six programs automatically created for 7-Zip.

Enable the following options on the Data Source tab, as required:

Persist Content in the Client Cache: Persist content to ensure that the installation source remains in the local cache (%windir%ccmcache). Use this option for software that may need to be rerun regularly but not require content updates. Package source size affects the size of available cache.

Enable Binary Differential Replication: Use binary differential replication for packages containing large files, such as the installation .wim file for OSD. These algorithms require additional overhead for calculating which bits need to be transferred to DPs for each file in the package source.

These options should be used sparingly, as they increase overhead.

When the Copy the content in this package to a package share on distribution points option is selected, ConfigMgr copies the package contents to the SMSPKGD$ share (where D is the drive letter for the share). You can also specify a custom-named share to use for the package.

The default setting for this dialog is Use package properties for status MIF matching. MIF files, which have an extension of .mif, were used in older versions of SMS/ConfigMgr to verify whether software was correctly installed. (For information about MIF files, see https://technet.microsoft.com/library/bb633139.aspx.) Enable the Use these fields for status MIF matching radio button only if you can complete the MIF matching information, such as the MIF filename. Choosing the wrong MIF filename (and other text box configurations in the dialog) may cause ConfigMgr to consume the wrong MIF file and incorrectly report installation status to the site server. If you have software that requires a MIF file to correctly report status, consider moving to the application model, discussed in Chapter 11, so you can include additional detection rules to determine whether software is installed.

Validate: Select this option to instruct ConfigMgr to perform a hash check for the desired package on the selected DP. Review SMSDPMon.log on the DP for more information. This option can only be initiated to one DP at a time.

Redistribute: Use this option to confirm that all packages are on the targeted DPs when needed.

Remove: This option removes content from selected DPs and from all DPs in a selected DP group.

The Security tab displays all users and user groups with rights to a package, as well as their operational rights. Click Cancel to close the dialog (or click OK if you have made changes you want to keep) and proceed to view/change the program properties.

To set the program properties, right-click the program named Per-system unattended (located under Software Library -> Overview -> Application Management -> Packages) and then select the 7-Zip package and open the Properties page, as shown in Figure 13.7. Properties for each program include the following tabs:

General

Requirements

Environment

Advanced

Windows Installer

OpsMgr Maintenance Mode

These tabs together define how the program will function. The following sections review the content of each, using the 7-Zip package as an example.

Change the program’s configuration on the General tab for the 7-Zip installation, as follows:

User description: Add a comment explaining what the program will do

Command line: msiexec.exe /q ALLUSERS="" /m MSIQFQEE /i "7z1602.msi" /l %temp%7z1602_install.log

Run: Hidden

After running: No action required

Category: Utility

The command line will run the installation silently and log to %windir%temp7z1602_install.log if run using the Local System account.

For the 7-Zip program, change the properties on the Requirements tab to set the estimated disk space to 5MB and the maximum allowed runtime (in minutes) to 15. Also, specify that this program can only run on the following platforms: All Windows 7 (32-bit), All Windows 8 (32-bit), All Windows 8.1 (32-bit), and All Windows 10 (32-bit). This allows the software to be installed on the described platforms, regardless of service pack.

Only When a User Is Logged On: Select this option when the program ConfigMgr is installing needs to have the user logged in to install.

Whether or Not a User Is Logged On: This is the most common option; it runs the program using the Local System account (run with administrative rights).

Only When No User Is Logged On: Selecting this option means the installation does not occur until the user logs out of the system.

The conditions under which a program can run directly tie into the Run mode options:

Run with User’s Rights: This option is available only if the option Only when a user is logged on is chosen for when to run the program.

Run with Administrative Rights: This default option is available in any of the three configurations that determine when a program can run. Choosing this option makes a check box available that allows users to interact with the program.

Allow Users to Interact with This Program: Use this option when the user needs to interact with the program. This is excellent for troubleshooting when packages are not installing correctly. When this option is selected, the user interface is visible to the logged-in user, and the user can interact with the program. As an example, choose this option if the program requires the user to make a selection or click a button. If a program runs without this option selected and the program requires user intervention, it waits for the user interaction (which never occurs) and eventually times out when the maximum allowed runtime occurs (defined on the Requirements tab of the program; if undefined, the program times out after 12 hours).

The Drive mode section includes the following configurations:

Runs with UNC Name: This default setting runs the program using the UNC name. A client runs from the UNC path only if the deployment is configured with the Run from Distribution Point option set. By default, content is downloaded from a DP to the client cache and run from there (normally %windir%ccmcache).

Requires Drive Letter: When this option is selected, the program requires a mapped drive to install but allows ConfigMgr to use any available drive letter.

Requires Specific Drive Letter (Example: Z): When this option is selected, the program requires a specific drive letter to be mapped for installation. (If you choose this option, an additional box is provided to specify the letter to map.) If the drive letter is not available on the client system, the program will not run.

Reconnect to Distribution Point at Logon: This last setting specifies that the client will reconnect to the ConfigMgr DP when logging in to the system. This option is available only if the program runs only when a user is logged on, with the user’s rights, and requires either a drive letter or a specific drive letter (such as the drive letter Z).

For 7-Zip, configure the Environment tab as shown in Figure 13.9.

Run Another Program First: These are program dependencies; selecting this option causes another program to run before this program runs. The check box is cleared by default. Consider a software package with several separate programs requiring installation before the package can be installed: This program has five levels of dependency, and the original program will not run unless program #2 has run, and program #2 will not run unless program #3 has run, and so on.

If you choose this option, you must also specify a package and a program. The option Allow this program to be installed from the Install Software task sequence without being advertised is relevant when discussing task sequences. These are a list of customizable tasks or steps performed sequentially. A task sequence can be deployed to a device collection (for example, advertising a program to a collection). Task sequences provide a more elegant solution than creating dependencies or complex scripts for many situations, including those where multiple dependencies exist for a single program. Task sequences are discussed in detail in Chapter 22, “Operating System Deployment.”

If you select Run another program first, the Always run this program first option is also available (unchecked by default). If you check this option, the program it is dependent on will run regardless of whether it previously ran on the same system.

An alternative to using the Run another program first option is to create a task sequence and build in the logic to determine which commands should run. You can also leverage applications with defined dependencies, discussed in Chapter 12, for any prerequisite software.

When This Program Is Assigned to a Computer: This dropdown has two choices:

Run Once for the Computer: This is the default setting.

Run Once for Every User Who Logs In: This option causes the program to run for each user who logs in to the computer.

Suppress Program Notifications: Checking this option causes notification area icons, messages, and countdown notifications to not display for the program. This is useful for programs that may be running when someone is using the system, if there is no requirement to notify that the program is running. Override this setting with the client setting Show notifications for new deployments in the Computer Agent section of the console. Review Chapter 9, “Client Management,” for information about customizing client settings.

Disable This Program on Computers Where It Is Deployed: This determines how ConfigMgr will handle the program. The default is unchecked; if checked, advertisements containing this program are disabled. When checked, this option also removes the program from the list of available programs the user can run, and it will not run on the systems where it is assigned. This can be useful when there is a need to temporarily halt a deployment because the change applies to all advertisements of the program, and the program is disabled when policies are retrieved by the client.

Allow This Program to Be Installed from the Install Software Task Sequence Without Being Deployed: The final check box on the Advanced tab determines how the Install Software task sequence in OSD handles the program. The option is unchecked by default. Check this option for any programs used within an OSD task sequence that are not currently deployed to a collection.

For the 7-Zip program, accept the default configurations.

The available fields shown in Figure 13.11 are Windows Installer product code and Windows Installer file. You can define these by clicking Import and specifying the MSI file used for the program. Choosing the MSI file populates both fields.

For the 7-Zip program, click Import and select the Windows Installer file used for the installation (in this case, 7z1602.msi) and click Open. The product code and filename are automatically populated, as shown in Figure 13.11.

An added benefit to this feature is that when a device moves to a different location, ConfigMgr automatically modifies the source path on the local system if the system is in a different boundary group with content available for the software.

Disable Operations Manager Alerts While This Program Runs: Selecting this option places the computer in OpsMgr maintenance mode while the program is running. The duration of the maintenance mode is defined by the Maximum allowed run time (minutes) setting defined on the Requirements tab (refer to Figure 13.8). In previous versions of OpsMgr, the option did not actually perform the steps required to truly disable Operations Manager alerts while the program ran. This option pauses the OpsMgr health service but does not put everything into maintenance mode, which means heartbeat alerts are still generated. This check box is fully functional with System Center 2012 Operations Manager and higher, enabling full maintenance mode on a system.

Generate Operations Manager Alert if This Program Fails: Selecting this option creates an event in the application log containing the package name, program name, advertisement ID, advertisement comment, and failure code or MIF failure description. You can configure the application event to create an Operations Manager alert. The authors recommend using this feature for critical software deployments such as service packs.

Packaging the 7-Zip application with a package definition file demonstrates many of the configurations used when manually creating a package and program. While using a package definition file (an MSI, PDF, or MIF file) is recommended, what takes place when one is not available? Drawing on the information used to create the 7-Zip package, the next section discusses the process to create a package and program manually, using the Citrix Receiver installation as an example.

The sections also discuss how to create a package and program for software that can be deployed to UNIX or Linux systems with an installed ConfigMgr agent. Microsoft does not support deploying ConfigMgr applications to UNIX or Linux systems. Use packages and programs for UNIX and Linux systems to install new software deployments, install updates for software already available, patch a UNIX/Linux computer, or run scripts. ConfigMgr supports maintenance windows to control execution of programs on UNIX and Linux systems.

1. As when creating a package using a package definition file, navigate in the console to Software Library -> Overview -> Application Management -> Packages and select Create -> Create Package from the ribbon bar.

2. On the Package page, specify a variety of fields to reflect your personal preferences for the package. These fields are visible in the ConfigMgr console as well as the Software Center and Application Catalog. Enable the check box This package contains source files and click Browse to select the source files location. From this dialog, you can select a network (UNC) path or a local folder. Select a network path whenever possible so the source files are accessible at all times. The first page of the wizard should look similar to Figure 13.13. When you are finished with this page, click Next.

3. On the Program Type page, select one of three options:

Standard Program: Specify a standard program used to deploy software to a computer system.

Program for Device: Use this option for creating a package to deploy to supported mobile devices running Windows CE.

Do Not Create a Program: Use this option with a package to access the source files on a DP. This type of package (with no program) is often used with OSD for running scripts, utilities, and such.

In this case, select Standard Program and click Next.

4. On the Standard Program page, enter the required information (the name and command line) and modify any other required settings, as shown in Figure 13.14. Click Next to continue.

5. On the Requirements page, select whether another program must run first, any platform restrictions, estimated disk space, and maximum allowed runtime, as shown in Figure 13.15. For this example, select All Windows 10 (32-bit) for the specified platforms and click Next.

6. Review the Summary page, and if the information looks correct, click Next, confirm that the wizard completed successfully, and click Close.

Refer to the section “Creating a Package from a Definition File,” earlier in this chapter, for information on how to view and modify properties of the package and program. To create a new program for an existing package, right-click the desired program and select Create Program from the context menu.

The majority of packages required by most organizations have existing package definition files because most major packages now install from MSI files. For packages that do not have package definition files but have setup files, the Citrix Receiver client example illustrates that you can manually create packages by performing some additional steps. You can often install simple applications with a batch file or a script. For more complex applications, work with the vendor to find a supported and documented process to perform an unattended deployment of the application.

Complete the following steps to define a package and a program for the Dropbox client version 8.4.19:

1. In the ConfigMgr console, navigate to Software Library -> Application Management -> Packages. Select Create Package on the ribbon bar to open the Create Package and Program Wizard.

2. On the Package page of the wizard, supply at a minimum a name for the package (see Figure 13.16). In this case, supply the following information:

Name: Dropbox Client 8.4

Manufacturer: Dropbox

Language: EN-US

Version: 8.4.19

3. Select This package contains source files and click Browse to open the Set Source Folder dialog box. Confirm that the radio button for the Network Path (UNC name) is selected and provide the UNC path to the folder where the .rpm file is located (in this case, \armadaDSLApplicationsDropboxv8.4.19Deployx86). Click OK to close the Set Source Folder dialog box and click Next to continue.

4. On the Program Type page, select to create a standard program (for a client computer), select to create a program for a device, or select not to create a program. In this case, confirm that Standard Program is selected and click Next.

5. On the Standard Program page, provide the information for this specific program (at a minimum, the name and command line). In addition, provide the following information, as shown in Figure 13.17:

Name: Install Dropbox

Command Line: rpm -ivh nautilus-dropbox-2015.10.28-1.fedora.i386.rpm

Startup Folder: <none>

Run: Normal

Program Can Run: Whether or not a user is logged on

Run Mode: Run with administrative rights

Allow Users to View and Interact with the Program Installation: <not selected>

Drive Mode: Runs with UNC name

Click Next to continue.

6. On the Requirements page, specify whether you want to run another program first, which is not necessary in this case. You can also specify platform requirements. Select This program can run only on specified platforms and select the x86 versions of RHEL 4, RHEL 5, and RHEL 6 in the list. Also specify the estimated disk space, which is 20MB, and the maximum allowed runtime, which is 15 minutes in this scenario, as shown in Figure 13.18. When finished, click Next.

7. On the Summary page of the wizard, verify the information you entered. If everything looks correct, click Next to continue.

8. On the Completion page, verify that the package and program were created successfully. When successful, click Close to close the wizard.

With the package and program created, you can distribute the files to DPs and deploy the program to a custom collection containing the hosts to which you want to install the Dropbox client.

On the Linux client, you can use the scxcm.log file to troubleshoot package deployment issues. If installation was successful, Dropbox appears under a submenu of Applications.