Your favorite tools and utilities always available everywhere (almost)

If you are managing more than a handful of servers
and workstations in an Active Directory domain then you have probably come to
rely on a small set of utilities to help you with your daily tasks of managing
your servers and workstations. You probably carry those apps with you on a USB
stick (check out PortableApps.com) or have them sitting on some network drive for access when you need them,
and most of these tools are probably from different
developers and vendors.

 

I personally like a lot of the Windows Sysinternals tools such as
psexec, process monitor, Microsoft Network Monitor and of course the NTToolkit tools that we develop – but
everybody has his or her own preference as to what they need to get the job
done. And that’s exactly my point.

 

Wouldn’t it be great that every computer you manage –
workstation or server – always had
the tools you need automatically pre-installed? That way, they could be used in scheduled tasks, batch scripts etc. without you having to worry whether the tool is installed or not.

 

Well, it is possible – and you can do it without spending a
dime – thanks to
Active Directory and the folks at Caphyon in Romania
that provide a freeware edition of their Advanced Installer.

 

You probably see where I am getting at. Combine a MSI
created by Advanced Installer with your favorite tools and Active Directory’s
“Software Distribution” feature, and you get all your tools at your fingertips
– whenever you need them. In this post I’ll show you how to create a MSI with
your favorite tools and automatically publish that to some or all computers in
your AD domain. This approach also supports updates, so that you can publish
revised MSI packages with new tools and/or updates.

 

The nice thing about this solution is that the only
prerequisite is Active Directory, and even if you don’t have AD you still end
up with a MSI that you can easily install on any computer.

 

  1. Download
    & Install Advanced Installer Freeware. You can also go with one of
    their commercial products of course, but the freeware version is enough
    for our purposes here.

 

  1. Organize
    all of your tools into one location so that they can easily be added to
    the installer. This is not absolutely necessary but will make working on the installer a bit easier.

 

  1. Open Advanced Installer. It should open a dialog to create a new project. If not, go to File -> New.
  2. Select a project type of Simple and make sure “Use wizard to create the project” is checked.

    advanced_installer_create_project.png

  3. The New Simple Project Wizard comes up. Click next to continue, and give your project a descriptive name.
  4. Browse to the folder containing all your tools.
  5. The next box allows you to create shortcuts to specific programs. If you have any GUI programs in there then you may want to check them and then hit Next.

    advanced_installer_select_source_files.png

  6. Now you can hit Finish on the final screen to build the project. It will save it as a .aip file in the location of your choice.
  7. At this point we can just call it a day and compile the MSI file. I like having my command-line tools in the PATH environment variable however, so that I can access them conveniently from any folder. Keep reading for more info on this, otherwise just skip to step 12.
  8. Click on the “Environment” link in the left panel. Now right click anywhere in the blank space on the left side and choose “New Variable”.
  9. In the screen shot below you can see what settings to use to add it to the Path system variable.

    advanced_installer_environment_variables.png

  10. Now just click the “Build” button to create your MSI file.

Now that you have the MSI file, you can roll it out using Active Directory. If you need a refresher on how to do this, then please see the earlier blog post Applying Patches and Updates with Active Directory that shows how to distribute MSI-based patches with Active Directory – essentially the same concept.

Drawbacks & Considerations

Now, I have to admit that there are some drawbacks to using Active Directory to publish your MSI. Currently, group policy can only apply software installations in the foreground, which means that you will have to reboot a computer in order to have your new MSI installed. If you know a way around that – other than using a 3rd party software deployment suite – then please let me know.

Also keep in mind that any tool you install on your servers and/or workstations will, by default, be available to any user on that machine unless you adjust the permissions of the target folder manually. As such, I would refrain from including utilities in your MSI that make gaining unauthorized access easier, and also ensure that you always have the latest version of your tools in your MSI.

I hope this tip helps managing your servers and workstations a bit easier. Until next time,

Ingmar.