A modular approch to Altiris Deployment Console Software Installs.

One thing that always annoyed me about Altiris was that when working with multiple servers there was no way to load balance or route traffic based upon the closest server, instead Altiris would try and push everything from the central site. The work-around is that you would have to create multiple jobs for the one piece of software which can get very tedious, is prone to human error and generally looks very messy in your deployment console! Thanks to the scheduling features in Altiris publishing smaller applications wasn't such a big deal even if your WAN link wasn't great, but when you have to deploy something as big as Office 2010 you begin to appreciate the scale of the problem. In this post I will show you my method of dynamically mapping to the closest server and take on a modular approach which you can use time-and-again in all your deployment jobs.

It all starts with a good drive mapping script


As I mentioned previously, informing the Altiris server to use the closest distribution point instead of one that is potentially hundreds of miles away can't be achieved using the standard "Add copy file job". Instead we turn to VBscript.


The script below will do the following tasks:

1. Inform the client to ping a list of Altiris servers
2. Clear the required drive letter on the client PC (W: in this example)
3. Map a drive letter to the closest Altiris distribution point based upon ping response time.
4. If the user is logged on it will use the users credentials to map the drive.
5. If no user is logged on it will use a system account.

' Drive mapping script by Andrew Allison 07/06/2011
' Pings all Altris servers in the array and maps a drive as w: to the one with lowest response time
' if user is logged on uses user credentials to map drive, if no uses domain account specified in uzername variable
'****************************************************************************************************

'array holding list of altiris distribution servers
Dim arr : arr = Array( "server1" , "server2" , "server3" , "server4" , "server5" )
Dim out
Call ServersByPingTime( arr , out , True )
Dim s
'WScript.Echo "In order fastest to slowest: "
For Each S in out
'WScript.Echo s
'document.write(s(0))
Next
'WScript.Echo(out(0))
lowestping =(out(0))
'wscript.echo lowestping
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputer = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")
For Each objComputer in colComputer
'Wscript.Echo objComputer.UserName
If IsNull(objComputer.UserName) Then 'If no one is logged on
        strLoggedOn = "No"
    Else
        strLoggedOn = "Yes"
    End If
'wscript.echo strLoggedOn
Next

Dim objNetwork
Dim strDriveLetter, strRemotePath
Dim u_name_pserver, p_word_pserver
Dim strProfile
Dim uzername
Dim p4ssword

'specifies domain account to use to map the drive in the event no user is currently logged on
uzername="yourdomain\domainadminaccount" 
p4ssword="youraccountpasword"
strProfile = "true"
'specifies drive letter to use
strDriveLetter = "w:"
'specifies the servername and path to distribution share
strRemotePath = "\\"& lowestping &"\yourshare"
on error resume next
Set objNetwork = CreateObject("WScript.Network")
'if no user logged on then remove the drive letter in case it is currently mapped to somewhere else
If strLoggedOn = "No" then
objNetwork.RemoveNetworkDrive strDriveLetter
wscript.sleep 5000
'map the drive letter using domain account
objNetwork.MapNetworkDrive strDriveLetter, strRemotePath, strprofile, uzername, p4ssword
Else
'map the drive using the users current credentials
objNetwork.RemoveNetworkDrive strDriveLetter
wscript.sleep 5000
objNetwork.MapNetworkDrive strDriveLetter, strRemotePath
end if
' Begin pinging all servers and sort by fastest response time
Function Ping(strHost , ByRef bytesSent , ByRef bytesReceived , _
         ByRef bytesLost , ByRef minMs , ByRef maxMs , ByRef aveMs )
 Ping = False
 Dim objShell, objExec, strPingResults, bRet
 Set objShell = CreateObject("WScript.Shell")
 Set objExec = objShell.Exec("ping -n 1 " & strHost)
 Do
     WScript.Sleep 100
 Loop Until objExec.Status <> 0
 strPingResults = objExec.StdOut.ReadAll
 Dim regexpingstats : Set regexpingstats = new regexp
  regexpingstats.Pattern = "Packets:\s+Sent\s+=\s+([0-9]+).*Received" & _
                           "\s+=\s+([0-9]+).*Lost\s+=\s+([0-9]+)(?:.*\s)+" & _
                           "Minimum\s+=\s+([0-9]+)ms.*Maximum\s+=\s+" & _
                           "([0-9]+)ms.*Average\s+=\s+([0-9]+)ms"
 regexpingstats.Global = True
 regexpingstats.IgnoreCase = True
 regexpingstats.MultiLine = True
 If regexpingstats.Test(strPingResults) Then
  Dim m : Set m = regexpingstats.Execute(strPingResults)
  bytesSent = CInt(m.Item(0).subMatches.Item(0))
  bytesReceived = CInt(m.Item(0).subMatches.Item(1))
  bytesLost = CInt(m.Item(0).subMatches.Item(2))
  minMs = CInt(m.Item(0).subMatches.Item(3))
  maxMs = CInt(m.Item(0).subMatches.Item(4))
  aveMs = CInt(m.Item(0).subMatches.Item(5))
  Ping = Eval( bytesSent > bytesLost )
 End If
End Function
'Returns false if no server were found alive
'outSortedByMs - array sorted fastest response to slowest response time
Public Function ServersByPingTime( ByVal inSeverList , _
                ByRef outSortedByMs , bVerbose )
  On Error Resume Next
  ServersByPingTime = False
  outLivingSorted = Array
  Dim s, i , j , temp
  If bVerbose Then
  For Each s In inSeverList
   If bVerbose Then wscript.StdOut.Write("        Server: " & s )
   Dim bs, br, bl, mi , ma , av
   If Ping( s , bs, br, bl, mi , ma , av ) Then
    If bVerbose Then
     'WScript.Echo(" [Passed]")
     'WScript.Echo("    Bytes Sent: " & bs )
     'WScript.Echo("    Bytes Recv: " & br )
     'WScript.Echo("    Bytes Lost: " & bl )
     'WScript.Echo("        Min ms: " & mi )
     'WScript.Echo("        Max ms: " & ma )
     'WScript.Echo("    Average ms: " & av )
    End If
    i = UBound(outLivingSorted) + 1 
    ReDim Preserve outLivingSorted(i)
    outLivingSorted(i) = Array(s,av)
    ServersByPingTime = True ' Success there are servers alive...
   Else
    If bVerbose Then
    ' WScript.Echo(" [Failed]")
    ' WScript.Echo("")
    End if
   End If
  Next
  'Sort...
  For i = UBound(outLivingSorted) - 1 To 0 Step -1
    For j = 0 To i
      If outLivingSorted(j)(1) > outLivingSorted(j+1)(1) Then
         temp=outLivingSorted(j+1)
         outLivingSorted(j+1)=outLivingSorted(j)
         outLivingSorted(j)=temp
      End If
    Next
  Next
  'Temp array to store the new pinged and sorted by reponse time...
  Dim temparray
  ReDim temparray(UBound(outLivingSorted))
  For i = 0 To UBound(outLivingSorted)
    temparray(i) = outLivingSorted(i)(0)
  Next
  outSortedByMs = temparray
end if
End Function
wscript.quit


Copy the files down to the local PC

You probably are wondering why not just use the built in "Copy File to" function in Altiris? Well I've tested this with not really much success. If you specify a drive letter in this function for Altiris to use it will think that W: is in fact a local drive in the Altiris server. You can't specify UNC as this will defeat the purpose of the above script.


I find that my installers behave themselves much better when the are copied to the PC first before installing, using my method here creates a little layer of complexity, as you will require to synchronise the content on all Altiris servers, but overall it's worth it to ensure that no matter what site a machine is based in, you won't kill the WAN and the install won't take forever. Below is an example script, all it does is copy the files down, you will end up a new "copy file to" script for each app you own, ensure to save the name as something meaningful.



'Copy Folder contents to the specified folder
'Last update 10/08/10 by Andrew Allison
'**************************************************
On Error Resume Next
dim WshShell, oShell, sCmd, i, objFSO, objFolder, strDirectory1

Set WshShell = WScript.CreateObject("WScript.Shell")
Set objSysInfo = CreateObject("ADSystemInfo")
Set objNetwork = CreateObject("Wscript.Network")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")
Set oShell = CreateObject("Wscript.Shell")
Set WshEnv = WshShell.Environment("PROCESS")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Const OverWriteFiles = True
strComputer = "."

'Creates the Support Directory on the C drive
 strDirectory1 = "c:\support"
 Set objFSO = CreateObject("Scripting.FileSystemObject")
 Set objFolder = objFSO.CreateFolder(strDirectory1)
' Disables the Open File security warning.
WshEnv("SEE_MASK_NOZONECHECKS") = 1
 objFSO.CopyFolder "W:\yourfolder" , "C:\support\yourfolder\" , OverWriteFiles

i = oShell.Run(sCmd,1,true)
' Enables the Open File security warning again.
WshEnv.Remove("SEE_MASK_NOZONECHECKS")
wscript.Quit
 

Send the Install command

The installation command will obviously be different depending the program and installation package type. MSI files are generally much easier to work with than most others. There is not really any benefit of having this part in as VBscript, although it is entirely possible. I have to admit that usually I just use the "Run Script" command in Altiris and then type in the install string and full path to the "c:\support" directory.

Clean up the drive letter

After the install has been completed you will always want to ensure you remove the drive letter. You don't really want your users snooping around on your distribution points.

Option Explicit
on error resume next
Dim objShell, objNetwork, DriveLetter1
DriveLetter1 = "w:"
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
objNetwork.RemoveNetworkDrive DriveLetter1
Wscript.Quit


The whole process looks a little like this for each deployment job. This example  is Autodesk DWG Trueview, the "run script" sections below represent many prerequisite software installations. Luckily you can simply run one after another.

After all these years IE7 is still giving me a headache

At the moment the company I work for is in a transitional phase between switching from our old Windows XP environment managed by Altiris Deployment Console to a new environment which will utilise Windows 7 Enterprise x64 and SCCM 2007 R3. I've been the tasked with being the technical lead on the implementation of SCCM and also have been working away on creating the Windows7 build and SCCM OSD task sequence. At the moment the build is almost finished, but there are still several issues being found by our IS pilot team. Due to the issues and the scale of the task required to ensure compatibility with older systems we are taking our time trying to get it right. The other major piece of work we have is a full Active Directory and group policy restructure, all of these things take time and require in-depth knowledge of how each department in the business will use the new software you will provide.


Just now I'm left working with two different AD/GPO structures and two user operating systems to support and it's proving to be a headache. Luckily, one of the smartest things we did was to put a freeze on change control to the old environment, but this means that we are stuck with older software such as IE7, with no way to upgrade without breaking compatibility with older browser based add-ons and custom intranet solutions powered by Workflow on Lotus Domino. All of these issues take time to fix and our full Windows7 rollout can only be started once Workflow has been replaced by SharePoint.


Some people who don't work for large organisations will say "Pleh! Just do the upgrade" but my business environment does not allow us to make changes on a whim. It's amazing how complicated changing something as simple as a browser plugin can be when you have 2000 users breathing down your neck if it doesn't behave exactly as it used to!

Today the issue I had was with IE add-ons. A call came in via the service desk and they were unable to resolve. The call originally was logged as "Flash player doesn't work". The service desk had tried to install the latest version by using an Altiris job I had prepared earlier, it seemed to install fine but when the user went onto YouTube it asked them to install the latest version of Flashplayer.  It didn't take me long to check the add-ons menu and find that all add-ons are marked as disabled and marked as being "managed by your administrator". Strange, I don't remember setting that in a group policy, so I reset all IE settings to default, same issue. I went to the run prompt and started iexplore.exe in case it was running with in no-addon mode and it wasn't. I then checked the machine and user OU to see what policies had applied to the system and then checked the relevant group policy, no sign of add-ons being managed by policy. I logged off as the user and on as my domain admin account and found add-ons still disabled and greyed out. This was starting to become a head scratcher, I decided to follow a process of elimination and remove IE add-ons that may have become corrupted, after I ran out of add-ons to remove I still had the same issue - no luck! Next idea, a uninstall and reinstall of IE7, to make matters worse I am in Glasgow, Scotland and the system in in Sydney, Australia - the remote control speed is abysmal and I know that a reboot will be required to complete the IE re-configuration; this is a major problem since this was a laptop with a power on password enabled at bios level and no user available at the other end to type it in.


At this point I delayed the reinstall/repair idea and went to the registry and mess around for 15 minutes. A quick trip to TechNet and I'm no better off, I find a key on TechNet all pointing to:

HKLM \SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions 

NoExtensionManagement DWORD set to 1 and not 0.

But these settings are not present on my system. After reading a few blogs I still can't find anything so it's back to regedit. Eventually I found this key :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXT

Restricttolist DWORD was set to 1 when it should have been set to 0.

Just in an instant Its working fine and I'm left wondering how the heck this could have been set to 1 in the first place, why this isn't documented anywhere? I will be really glad to see the back of IE7.

Andrew