Distinguishing and Versioning Similar Software in the KACE 1000
One of the nice features of the KACE 1000 is that it automatically inventories machines and creates a list of installed software. However, I've noticed several questions in the forums about how to handle multiple software installs that are detected identically by the KACE. They may have the same version but different bitness (Office comes to mind), they may be a patch or update, be the same software with a different configuration, or custom installs with no real deployment package.
Often you can differentiate them with a custom inventory rule which checks the registry. Most software stores details about itself such as the major and minor version number within one of two registry areas:
HKLM\Software\[Manufacturer|Product Name]
HKLM\Software\Wow6432Node\[Manufacturer|Product Name]
However, when you can find no easy way to differentiate them, or when you are deploying custom software, there may be no reliable differentiator from the vendor. The solution to this is actually quite simple: make them different yourself.
The simplest solution is to use a batch file for your deployment. Your first command in the batch file will be to run your normal deployment command for your software. Your second command will check whether the deployment was successful, and then run your own custom change to the software. I use registry entries.
Once the registry entry is in place you can query it with a custom inventory rule to see if it exists, or even to check the value and create your own versioning system.
Let's look at a quick example, a Cisco VPN profile as a managed install.
This Cisco VPN client comes as an MSI, but just having that installed doesn't tell you what profiles are available to the user. The Cisco profiles consist of individual .pcf files that contains information on a specific connection. I have created the following batch file to install one of our VPN profiles:
cd "%ProgramFiles(x86)%\Cisco Systems\VPN Client\Profiles"
move "%ProgramData%\dell\Kace\downloads\16012\VPNProfile1.pcf" "%ProgramFiles(x86)%\Cisco Systems\VPN Client\Profiles"
if exist "VPNProfile1.pcf" msiexec /q /i "%ProgramData%\dell\Kace\downloads\16012\my-vpn.msi"
The first command simply changes us to the profiles directory for the Cisco client. The second command moves a VPN profile that is a dependency in the KACE over to the proper directory. The third command then checks the profiles directory to make sure the file transferred successfully, and then runs a second msi. This msi does nothing more than add a registry key to HKLM\Software\MyCompany\VPN called VPNProfile1 with a value of 1.0.
It is important to note that I checked whether the file existed because while this deployment is simple, when you are changing versions, you may want to check whether the old version exists, remove it, make sure it is successfully removed before installing the new version, and make sure your installation worked by checking for the new version. I do this to change versions on configurations, or to transition items such as printers going to a new server. If things go wrong, your registry entries won't be written, and Managed Installs will know to try again.
If you are new to creating MSI packages, don't worry. Creating this MSI was very simple; I chose a Microsoft FixIt msi that I knew only changed registry keys, and edited it with a tool called ORCA to change the registry keys I wanted. I then run the MSI silently. You could certainly also do this with simple reg add commands in your batch file.
In the Software Inventory, I created a new software item called VPNProfile1. I then wrote a custom inventory rule in the software entry to check for the file and the registry key I created, and added a zip with my batch file, the pcf, and the msi as the software deployment package.
FileExists(C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\VPNProfile1.pcf) AND RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\MyCompany\VPN, VPNProfile1, 1.0)
This allows me to easily check what machines have version 1.0 of VPNProfile1.pcf installed. If I need to change the profile, I can create a smart label that looks for machines with this software installed and deploy a new Managed Install to that label. Once the profile is updated, I can edit the registry key to version 2.0, and detect both versions seperately in the Software Inventory. I'll know how many machines are on the old version, and how many are on the new version, even though the actual installed program has not changed.
Similar techniques with custom inventory rules can be applied to similar situations to differentiate configuration differences, programs with the same exact profile but different bitness, or programs that do not provide their minor version number.
Comments