Creating msi-packages and installing any software by means of Windows group policies

Good day, Habr! I want to present an interesting, in my opinion, way to create msi-installers for any software and, as a result, to deploy it using GPO tools. I emphasize that the described method does not imply the creation of system "impressions", but uses native software installers, and only free products for commercial use are used to create msi.

Introduction, a couple of links and a disclaimer

Each normal software installer has the ability to automatically install with certain parameters or default parameters. The essence of my method is simple and consists in packing the native installer into the msi “container” and running it with the necessary command line parameters. There is a lot of information on the automatic installation of this or that application in the network, and I will not focus on this. Our goal, I repeat, is to install the software by means of group policies. By the way, some of you may argue that the installation can be done through ZAW, but unfortunately, this method is applicable only for installation with the current user rights and cannot be used for centralized, automatic installation of applications.

An interesting series of articles on software installation through GP . For beginners, I recommend reading everything so that you do not ask later what the difference between the type of installation “assigned” and “public” is.
')
Necessary software. Exe to MSI Converter freeware and the well-known orca The first is needed to create the msi from exe, and the second is so that the resulting msi-nick can be established through group policies.

The method does not claim complete uniqueness and in some places there may be excesses that could have been avoided, but this is due to the lack of desire and the need to delve too deeply into the parameters of the msi-package tables. The initial goal was to quickly find a free way to create msi and after several hours spent reading foreign forums and endless reloads of the virtual machine, the method was found. Also, the article is not a review of the program interface, and you will not see screenshots.

Creating and preparing a package

An installation example will be made for Mozilla Firefox, since this is a well-known product that does not have an msi-installer from developers.

1. Run exe to msi and specify in it the path to the exe-installer firefox. From the information previously found on the network, it becomes clear that in a quiet way you can install firewall with the -ms -ira options . We specify them in the second field exe to msi and click “Build MSI”.
2. It would seem that everything, msi-package is ready. Indeed, by running the result we get the firefox installed in the system and the article could put an end. Unfortunately, not everything is so simple. The current installation package is not suitable for deployment through a GPO and when you boot the computer, you will receive absolutely no explanatory errors in the logs “an unrecoverable error occurred ...” And the whole thing is that the exe to msi developers also want to eat and their free product generates msi "not by the rules."
3. Well, we take the orc and open our Esseinik in it.
4. First of all, we find the Property table in the left list and pay attention to two fields - ProductCode and UpgradeCode . These two fields must be unique for each product, and our exe to msi always generates the same. Well, it does not matter, click on the top View menu -> Summary Information , find the PackageCode field and click New GUID . The resulting result is copied to the clipboard and pasted into the ProductCode . Repeat for UpgradeCode and finally for PackageCode itself. Immediately in the Summary Information, edit the Title field on Mozilla Firefox, the rest is optional. This, in fact, does not affect anything.
5. Again, in the Property table for the ProductName on Mozilla Firefox (I also change ARPCONTACT and Manufacturer to the heap). You can also set the correct value for ProductVersion .
6. It seems that GUID and other “IDs” are changed, but as practice shows, this is not enough. Click in orca Tools -> Validate , remove the Show INFO Messages bird and click Go .
7. As you can see, a lot of errors came out for the presence / absence of some tables and values. I did not bother and just took the small msi first (7zip x64 9.20) and copied 4 missing tables from there (via Export-Import, of course): _Validation, AdminExecuteSequence, AdminUISequence and AdvtExecuteSequence . In fact, I am sure that you can create a “correct” msi-installer without unnecessary garbage, but do not forget, our goal is to just run the native setup application in a silent one.
8. After adding the tables, we go through Tools -> Validate again (by the way, the first time you can not do the check at all and import the tables right away). If you, too, took the 7sip msi as the basis, then the result will be six errores that need to be fixed. Click Close , delete the extra fields marked in red.
9. In the end, you can once again check the validation and make sure that there are only nothing disturbing varnings left. Save msi.
10. That's basically all, it remains to add msi in GP and assign the necessary properties.

Nuances

1. When installing by the method described above, you will have two copies of the software. The first one is the necessary application itself, and the second is the original msi-nickname, because we put it as it were. In principle, this does not affect anything, except for the display in “Add or Remove Programs”, and then only in Windows XP (if you didn’t change anything, except the one I specified). The downside may be the appearance of unnecessary programs in the automatic inventory of software, if you use it.
2. It will not be possible to automatically delete the application using the same deployment tools It will work out more precisely, but only the so-needed msi-container will be deleted. Well, you can tinker with the properties of msi when it is created, so that it captures the previously installed application, as well as quietly. I did not set such a task.
3. When installing software updates, you need to specify in the properties of the application GP, ​​so that it replaces the previous one, that is, you must first remove the old one. This ensures that you will not be fruitful of the very left-hand duplicate applications in “installing and uninstalling programs”.
4. To install an application that has a distribution package from several files, you will first have to pack it into exe, which, when launched, will unpack itself and give a command for a silent installation. I recommend creating sfx archives using the same 7-zip.
5. Nothing prevents to install software via startup scripts. Moreover, this method is more flexible, and I have been using it for a long time through my scripts. That's just the use of native means of GP is much faster, because the simple creation of msi from exe takes a couple of minutes.
6. Windows 7 for some reason does not write "Installing a managed application ...", but simply says "please wait." When you first deploy the entire heap of software at once, or when you install a heavy application, this can move the user to the call to the admin or pressing the button resets.

On this everything seems to be, I hope it was interesting, share your experience.