Integrate Choco with SCCM

-

Integrating Choco with SCCM


Choco is well known and recently I've written on how to integrate choco with puppet as the control mechanism.  Today, I've explored how to do this with SCCM configuration manager.  This article assumes you have a working SCCM environment.  My lab environment was set up using Oracle's personal use virtual box and evaluation software provided by Microsoft's eval center and a Fedora host system.  (Let me know if you would like to know more about my setup)

The reason I'm writing about this is to keep 3rd party software up to date leveraging choco packages as well as develop a standard deployment model for all software.

High level steps:


  1. Create choco installer application in sccm.
  2. Create notepad++ installer and uninstaller applications in sccm.
  3. Upgrade notepad++ with supersedence
  4. Deploy non standard package (Comming soon)

So to dig in, first we need to install choco on our SCCM clients.  In this test, I'm using SCCM applications, but you can also use packages.  But before I dig into creating the application we have to build the script first.  
  • On the SCCM server create new shared application folders.  In my case, I used "\\mylabsccm01\sms_dp$\powershell\choco\"  This must be accessible to the remote SCCM client with the application runs, it matters little how it gets there.  Next we will need to create the installer powershell script.
  • Next we need to copy the install command and save it as a .ps1 file into the folder created above.
    • The command is:  Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) as documented on https://chocolatey.org/install
  •  Now we are ready to create the application in SCCM, if you have note already open the SCCM Console with a user who has full admin rights.


    • Click software library, then expand "Application Management" and select Applications.
    • Click create application

    • Change the type to "Script Installer" then Choose Manually specify the application information, click next
    • Give the application a name "Chocolatey Install"
    • Fill in other information as desired, click next
    • On the specify Software Center entry fill in other information as desired, click next
    • On the deployment types click "Add"
    • Choose manually specify the deployment type information
    • Give the deployment a name "Chocolatey Install", click next
    • For content location select the folder you created above. Example:  \\mylabsccm01\sms_dp$\powershell\choco\
    • For the install program type (excluding quotes) in:  "powershell -ExecutionPolicy ByPass -File install.ps1"
    • Leave the rest of the items blank and click next.  (Optionally you can select to run as 32bit or 64bit clients the choco install script handles the bitness)
    • In the specify deployment type is detected screen click Add Clause...
    • Specify the path c:\programdata\chocolatey
    • Specify the file or folder name as choco.exe then, click OK.
    • Click next to accept the new detect rule
    • On the install behavior, change to user or device, based on your needs, I applied to device collections, so I picked "Install for system".  For logon requirement select Whether or not a user is logged on.  Then click next.
    • On the Specify installation requirements leave it blank and click next
    • On the Specify software dependencies for this deployment type, leave blank and click next.
    • On the summary, field click next
    • Close the deployment type wizard
    • You should see the "Chocolatey Install" type = script if so click next.
    • Click next past the Confirm the settings for this application
    • That will close out the application wizard, now we deploy the application to device collections.
      • Right-click the application you just created and select deploy
      • Click browse to the collection of your choice, for the lab I selected "All Desktop and Server Clients".  Also note the default collection type is user, change this to device collections to see them.  Then click next.
      • Add a distribution group or distribution point to distribute the script and click next.
      • Select the action of install, and the purpose as required, check remaining boxes as desired, and click next.
      • Check the Schedule the application to be available at option and pick a time in the past.  Leave the option select for the deadline of "As soon as possible"
      • Change the user experience as desired and click next, I checked all boxes.
      • Click next past alerts
      • Click next past summary
      • Close the deployment
    • Verify that Chocolatey is now installed on the devices by checking if the files exist in c:\programdata\chocolatey folder.  A reboot is required for the default path choco.exe to work.
Now that we have choco installed and our systems rebooted, we are ready to leverage the full power of choco in the environment.  I won't go through the full steps of creating an application again but the next step is to basically do the same thing again with another application with some minor tweaks.  
  • Like before we need to create some folders to prepare to create the application.  In this example I created the following folder:  "\\mylabsccm01\sms_dp$\powershell\notepad++"
  • Create two new files install.ps1 and uninstall.ps1 in that folder.
    • Install should contain the following syntax:

      Set-ExecutionPolicy Bypass -Scope Process -Force; iex "choco install notepadplusplus.install -y --version=7.7 --force" >> c:\windows\temp\choco.log
    • Uninstall should contain the following syntax:

      Set-ExecutionPolicy Bypass -Scope Process -Force; iex "choco uninstall notepadplusplus.install -a --yes --force" >> c:\windows\temp\choco.log
  • Now we are ready to create the application, however, there will be a few differences


    • There will be an uninstall and install command

    • There will be an application dependancy


Once you have created the choco based installer application the possibilities are endless!!  Something to note, on the installer script files I specified the version I wanted to install. This is so applications can be tested and vetted before deploying to production environments.  The great things about applications are we can now superspeed this application with a newer version once the testing is completed.

How to upgrade a deployed app

All applications that are choco based or otherwise, can be installed with the same methodology, a folder, with an install and uninstall script, with dependencies and supersedence.  To demonstrate the functionality:
  • Copy the previously created folder of notepad++ and call it notepad++7.8
  • Edit the install.ps1 file and change the version from 7.7 to 7.8
  • Create a new application the same way as before using the files above
  • Once the new application has been created, open the properties of the application and select the supersedence tab, and click add (adding the old notepad++ application) select the new deployment type to be the Notepad++ 7.8 deployment and check the box to uninstall the previous version and click OK, then click Apply
  • Deploy the new application to the same collection, and on the next application Deployment cycle will upgrade the application.



Location: 181 IN-62, Corydon, IN 47112, USA

Comments

Post a Comment

Popular posts from this blog

Windows 11 22H2 production setup!

-
Image
Windows 11 22H2 production setup! I recently started to deploy windows 11 and to my chagrin found many applications that didn't align to the business needs such as recommended apps, tiktok, instagram etc, as well as other apps like Microsoft Teams, and Onedrive.  So this is a short blog and shout out to the resources I found to help tame this beast Microsoft released. Customize the start menu for the default profile to remove suggested apps for all users Uninstall bloatware for all users Customized Start Menu Log in as an admin account and customize the start menu they way you would like. Windows 11 stores the customized configuration under the users profile folder: c:\users\%user%\appdata\local\packages\Microsoft.Windows.StartMenuExperienceHost_%randomized%\localstate\start2.bin Copy this start2.bin file to somewhere on the network.  Like the sysvol domain controller. I wrote the script below to account for the randomization as the folder path is unique per windows install, but co
Read more

Automate Server Patching with Puppet (Part 2)

-
Image
In the first blog post I made about this, I showed how to patch windows 3rd party software like, notpad++, windirstat and other software utilizing puppet and chocoloatey on windows.  However, the next part of the solution was to deploy windows patches as the name suggests.  This part of the equation was a bit more challenging, but well worth the effort. For help setting up puppet and chocolatey refer to the previous blog post .  When patching windows security patches, most of them are not on the chocolatey website ready to go, so I choose to build my own repository of patches using a internal NuGet server.  Getting NuGet up and running requires Visual Studio.  In my case I utilized the community edtion (Free).  During the install you have to pick which components you want to install.  See below: Once you get visual studio prepare, your ready to head over to the microsoft project site and build the package on your own IIS instance.  I wont go into much detail here, I didn'
Read more