We are working upgrade Fire Truck dispatch client software. Here is the situation:
· Client machine is Toughbook with LET on the road and Wifi in Fire station
· Client is in locked down desktop and account is not in local administrators group
· Upgrade schedule is depends on the each truck. They can do the upgrade if they are not in the call
· Upgrade package will including uninstall old version and install new version. The package size is around 500M
Solution:
Because the connective and install schedule, we decided to use SCCM with two application package. The first application will copy all the files to the Toughbook and second application will run the uninstall/install software.
Problem, there is always problems :(
Here is some concept of SCCM application deployment we found:
User Experience page of the Create Deployment Type Wizard,
|
Install for user:
|
Application will be installed by using logged on user account for the software installation
|
|
Install for System:
|
Application will be installed by using system account
|
Deployment Settings page of the Deploy Software Wizard
|
Available
|
If the application is deployed to a device, the user will see it in the Software Center and can install it on demand.
|
|
Required
|
The application is deployed automatically according to the configured schedule. However, a user can track the application deployment status if it is not hidden, and can install the application before the deadline by using the Software Center.
|
Limitation of Software Canter:
|
The Software Center shows everytime "No items found
|
Another user was logged in. It seems that the Software Center will only display packages for the first/default logged on user.
Make sure the previous user logs off completely (not just disconnected) and there are no users logged on to the machine before another user logs on.
https://social.technet.microsoft.com/Forums/en-US/86ef46a6-b0f4-424e-b71d-7906b6255d3e/sccm-2012-client-software-center-no-items-found?forum=configmanagergeneral
|
Application: copy job
· For the first application, we pre-deploy the application 3 days in advance and set the application as Install for System and as Required
· Because the robocopy cannot return the code 0, it always shows "Error" event the copy job is success. Add exist code 0 to the batch file. Below is the batch file:
robocopy .\ c:\tfs\Files\MPS91_to_93_Upgrade\ /e
set ERRORLEVEL=0
Exit /b 0
Application: install Job
· For the first application, we pre-deploy the application 3 days in advance and set the application as Install for System and as Available. so user will decide when to do the installation
· We found that when run the application by system account, it requires a reboot after uninstall old application. It is always failed at first try and success after reboot and re-try. It does not happen when runs under local administrator user account. However, user is not local administrator and they do not know the password :(
· We are thinking use Runas, but Runas cannot put the password into the command line :(
· So we write a c# windows app, but an account into local admin group and call the patch file run the installation. Below is the c# program:
RUNASDMZrun.exe
static void Main(string[] args)
{
if (args.Length < 1)
{
Console.WriteLine("Please input running program");
return;
}
string command = args[0];
Console.WriteLine(command);
string username = "SCCMInstall";
var pcLocal = new PrincipalContext(ContextType.Machine);
var group = GroupPrincipal.FindByIdentity(pcLocal, "Administrators");
var pcDomain = new PrincipalContext(ContextType.Domain, "XXXXX");
try
{
group.Members.Add(pcDomain, IdentityType.SamAccountName, username);
group.Save();
}
catch {
}
var psi = new ProcessStartInfo();
SecureString ss = new SecureString() ;
//construct the password string
string password="uJ%$iOY%$sdE6lt";
var charArrayList = password.ToCharArray();
for (int i = 0; i < charArrayList.Length; i++)
{
ss.AppendChar(charArrayList[i]);
}
psi.Domain = "XXXXX";
psi.UserName = username;
psi.Password = ss;
psi.FileName = command;
psi.UseShellExecute = false;
var process = Process.Start(psi);
process.WaitForExit();
try
{
group.Members.Remove(pcDomain, IdentityType.SamAccountName, username);
group.Save();
}
catch {
}
}
Here is the batch file in the SCCM application
cd c:\tfs\Files\MPS91_to_93_Upgrade\
RUNASDMZrun.exe "91upgratetol93.bat"
set ERRORLEVEL=0
Exit /b 0
· I know, it is not security since we put the password in the Exe. The domain account SCCMInstall, is temporary account, account will be disable and change the password after the deployment.
