Tuesday, September 23, 2008

Deploying Pointsec for PC with Microsoft System Center

One of the projects that I've been involved with at my organization is using Microsoft System Center to image our workstations. Up until now we've been using static Ghost images. After a few months our images are out of date and need to be updated, but those updates often do not happen. The main reason why is that we have several different roles that a machine might be in, and several different models of machine that could fill each roll. Several x Several = Too Many Ghost Images to Maintain.

One of the major road blocks that we've encountered is deploying Pointsec for PC as part of the Operating System Deployment process. The main reason this isn't working, I would assume, is because the Pointsec installer needs to have the ability to interact with the desktop in order to install. Even if you run the MSI in super secret silent mode (msiexec /i REBOOT=ReallySuppress /qn) you still have to have that ability for the MSI to run. So every time that we've put this into an Operating System Deployment Task Sequence, it has failed. Until today...

I should point out that I am doing this with Pointsec for PC 6.3.1 HFA4. I do not know if this will work with earlier versions, and in fact I can tell you that I've had nothing but failure in my attempts to do this with earlier version. We're also using Microsoft System Center 2007, not SMS. I do not know if this will work with SMS.

The first thing you have to do is create your silent installation profile. I'm not going to go into detail on how to do that here. You've got all kinds of documentation that comes with the software that will tell you how to do it. Maybe I'll put together something someday, but not in this post. Now take your silent installation profile and put it in the 1_Pointsec for PC folder with the MSI.

At this point, if you were to double-click the MSI, you would (sort of) silently install Pointsec. Now take all of these files and put them in a folder on your distribution point. It's time to open up Configuration Manager Console and create the package.

In Confiuration Manager Console, expand Computer Management, Software Distribution, and right-click on Packages. Select New Package from the menu. In the new package wizard, fill in the appropriate information and click Next. On the next page, provide the wizard with the path to your source files (in other words, the place you copied the files to on the distribution point). The click next and accept all the defaults for the rest of the wizard. You should now have a package for Pointsec. Expand the package and right-click on Programs. Select New Program from the menu.

In the new program wizard, give the program a name. I'm going to call my Task Sequence so that I know this is the one I'm using for Operating System Deployment. The command line that you want to use is the super silent installation line: msiexec.exe /i "pointsec for pc.msi" REBOOT=ReallySuppress /q. Also make sure that you're running this hidden. You can put in whatever you want for the Category. Click Next.

Pointsec requires about 100 MB of disk space, so that's what I usually put in, and I give it 30 minutes to run. It shouldn't really take that long, but I figure that 30 minutes gives it plenty of time to install but you wont sit there forever if there is a problem. I don't bother listing the operating systems that it can run on in the program. Click Next.

On the Environment screen, make sure that the program can run whether or not a user is logged on. Do not check the box that allows the user to interact with the program. Click Next

On the Advanced page, make sure you click the check box to suppress program notifications. Click Next and take the defaults for the rest of the wizard.

Now under programs you should see your Task Sequence program. I don't know for sure if you need to advertise the program to any collections, but I don't think I did. Let's go to our Task Sequence now.

I'm not going to describe the whole process for creating a task sequence for Operating System Deployment. Once you've got that part down, the Pointsec installation is pretty simple. Edit your task sequence and click Add -> General -> Install Software. Give this part a name (I called it install Pointsec). Click the button to install a single application. Browse to the Pointsec package you created. The wizard will fill in the Program for you, unless you have multiple programs that silently install (for example, I also have an upgrade program). Select your task sequence program. Click apply and you're done.

I've tested this on two machines running Windows Vista and two machines running XP. I also feel that I should point out that this process doesn't appear to be supported by Checkpoint. Looking through the release notes it looks like they only support installing when the program is given interact with the desktop ability. Your mileage may vary, but this is working for me.

No comments: