Saturday, March 3, 2018

ConfigMgr Agent Self-Installer

We have a large percentage of remote workers and they work fine via ConfigMgr ibcm (not to be confused with icbm!). However with any system, soemtimes the agent needs to be re-installed or installed to begin with so to make life easier on both the end user and the techs working the ticket I created a self installer for the agent. Users get the perception its installing "something" and the tech can give them a download URL and instruct them to download and run it knowing it will take care of the issue.

For the user they see a familair experience as this installer is used for many products, both free and commercial.

Behind the scenes this extracts the agent files to the users %TEMP% and then runs the agent installer after extraction is completed.

First step is to put the agent install into a working directory. In my case I pulled it from GPO as a VBS does all sorts of checks and balances as well as manages other components such as 1E Nomad, WUA versions, or fix WMI. Similar to Jasons starutp script. If you dont have it wrapped you can just install CCMSETUP.EXE with your ibcm info as you would manually run.

To create this I am using HM NSI Edit and NullSoft installer. HM NSI has a nice wizard interface to generate the install text file and from habit I use Nullsoft installer to compile it into something useable. HM NSI Edit has a compiler but it doesnt support everything Nullsoft does directly. There are other tools that work with NSI but I've used these for years with great success.

Start HM Edit and choose File | New Script from Wizard to start its Wizard. On the app info dialog I leave the website blank but you can point to say a KB article URL or support desk.

On the Setup Options dialog you can point to an icon file for a company logo and point to the setup file. This is what you are going to generate. Additionally if you want to add support for multiple languages you can do that. I just use English. The Modern GUI is the best looking one and I would suggest LZMA for compression as it packs the tightest. we'll make a minor tweak to this later.

For the Application directory and license dialog I just use '$TEMP\SCCMAgentInstall' for the App default directory. As NSI is an installer that will put files into Program Files, registry, add/remove etc  however in this case we are only extracting it and having it run the agent install silently. Since its an internal app the license file is blank.

Now you get to tell it what to do. On the Application Files dialog you remove the two entires on the right.

Click the Directory icon

and point to the directory you cached the agent install previously. Validate the Destination directly is set to $INSTDIR so it gets put into the temp dir you set a few steps above. If you use this to acutally install software you can use different sections and actions. For this use case the defaults are fine.

It then populates all the files from your cache dir. Otherwise leave this dialog alone

On the Application Icons dialog you want to remove the checkboxes and shortcuts so this is all blank.

Now you get to set your switches around your install. If you have a wrapper like me then you just enter the exe and move on, but if you do not and are calling CCMSETUP.EXE directly you can put your switches here as shown below. Additionally there is option for a readme if you have some sort of support KB. Note it is text and needs to be in the files you imported.

For the uninstaller dialog just uncheck the box as there is no uninstaller in this case.

Finally on the finish dialog select to save the script and convert relative paths. Do not compile as we will make some changes within the script file first.

Open the saved script file in your favorite text editor.  First change is to not put this "install" into the registry. Just comment (or delete) out the PRODUCT_DIR_REGKEY line. Note NSI files use semi-colon as comment code.

 ;!define PRODUCT_DIR_REGKEY "Software\Microsoft\Windows\CurrentVersion\App Paths\CMSEtup.EXE"  

Modify the SetCompresor setting add /solid switch. This will cause it to treat the files as one big blob vs individual files so you get greater compression.

 SetCompressor /SOLID lzma  

Comment (or delete) the MUI_FINISHPAGE_RUN line. This puts a checkbox in the final diaog of the installer to run the program after closing, in this case CMSetup.exe. You silently run CMSetup.EXE (or CCMSETUP) later in the file so no need to give the user an option to uncheck it since we are forcefully running it.

 ; By uncommenting the next line you can run CMSCript after NSIS exits via Run checkbox. If so then you need to  
 ; comment the secion CMScript below  
 ;!define MUI_FINISHPAGE_RUN "$INSTDIR\CMScript.exe"  

This is simply referencing this section. This will run CMScript.EXE silently without any user choice. Since we are installing the ConfigMgr agent this is the behavior we want.

 Section "CMScript"  
  File "SCCMAgentInstall\CMScript.exe"  
  Exec "$INSTDIR\CMScript.exe"  

That should be all the changes you need to make however you can tweak as you test before making available to end users. To compile I use NSIS but HM will do it as well. Just open NSIS, click Compile NSI scripts then drag the script file to the new window it created and away it goes.

Once complete just close it out and go test your installer to make sure the behaviour is what you want and that the agent is actually installed. Note this compressed the install 77% so its pretty small and self contained in an EXE.

So what do you do when you update the agent install due to the backend being upgraded? You can go through the entire process above or just edit the your MSI file to update source files. I have not found an easy way to modify the text file so I actually go through the wizard and ignore all steps and stop on the Application Files dialog to import the updated files.

Then just copy the MainSection from the new file and replace in the original script file.

 Section "MainSection" SEC01  
  SetOutPath "$INSTDIR"  
  SetOverwrite try  

Be sure to update other sections of the file such as the version. Then compile again and test.

If you want to get real creative there is a huge community and documentation around Nullsoft Installer to get suggestions. In my case I just needed to create a simple way for remote users to install or re-install the latest agent under instruction from support staff. For example, I wanted to polish it a little and change the users install dialog to hide the details so I changed this setting from show to hide:

 ShowInstDetails hide