11 April 2019

Home » » Ensuring Compliance When Deploying a Self-Updating Application

Ensuring Compliance When Deploying a Self-Updating Application

  Thursday, April 11, 2019    No comments
In my list of recent security projects, I needed to ensure certain applications are present on systems by using SCCM application deployment. One of those applications was Dell Command | Configure. The issue with this application is the Dell Command | Update will update the application which in turn would register it as not installed to SCCM, thereby kicking off the installation again. That, in turn, would downgrade the application. There are three built-in options in SCCM to choose from that indicate whether an application is installed or not. Those are application GUID, files, and registry. The GUID typically changes every time an app is upgraded and the files and registry can change too. Luckily, this application never changes its name in the programs and features. The version field is typically what changes unless it is a significant upgrade.

The fourth option for confirming if an app is installed is custom method detection where you use a PowerShell script. That is the option I have used to make sure the Dell Command | Configure is registered as installed, no matter the version it has updated to. The following script can be used for this purpose. As you can see, I assigned the application name exactly as it appears in the programs and features to the variable $Application. If a company does include the version in the application name, then you can wildcard the version portion. Say the example below was Dell Command | Configure 3.1, you could use Dell Command | Configure for $Application and it would still find the app. You might wonder why I am outputting the name of the application. All SCCM wants to see is a string output which it interprets as installed. If no output occurs, then SCCM interprets that as not installed. 


 $Application = 'Dell Command | Configure'  
 $InstalledApps = Get-ChildItem -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" -Recurse | ForEach-Object {$_.GetValue('DisplayName')}  
 If (@($InstalledApps) -like ('*' + $Application + '*')) {  
      Write-Host (@($InstalledApps) -like $Application)  
 }

Related Posts:

  • Initiate Hardware Inventory Here is the scripting code in both powershell and VBScript to initiate a hardware inventory in both SMS and SCCM. The backend calls are the same in both SMS and SCCM, so both scripts will work in either app. Powershell … Read More
  • Deploying GimpShop As you will see, GimpShop is open-source  but full of plugins. It is nearly impossible to do a silent install without something like AutoIT. You can't open the executable up in something like PeaZip because the onl… Read More
  • Porting NMEA Data to the iPhone and iPad The first thing that has to be done is to make sure you have a device that can transmit NMEA data across WiFi, such as the Verizon MiFi 4620L. Next, you need to make sure the GPS over WiFi is enabled and is set to port 10110… Read More
  • Custom Naming Distribution Points If you are using standard machines as distribution points in your remote offices, the naming might be an issue for you, as it was for us. There was nothing in the naming that distinguished them to allow us to know … Read More
  • How to stop those annoying Charter Communications Telemarketers As a Charter customer, it's very annoying to be constantly bombarded by telemarketing calls. Charter is relentless. No matter how much you ask them not to call you, they will continue and the reps are very aggressive. They a… Read More

0 comments:

Post a Comment