Package Model Software Deployment Best Practices

The following is a compilation of notes, suggestions, and recommendations derived from the SCCM 201: Application Deployment Class taught by Michael Underwood and Billy Beaudoin.

Terms

  • Collection – Grouping of computers; query to populate can be based on discoverable properties
  • Package – The program bits and setup scripts needed to install the application
  • Program – A script/exe that will be invoked by the Agent to install/configure the application
  • Advertisement – Offering the package to a computer
  • Mandatory Assignment – Software is deployed automatically to assigned computer.  NCSU-level mandatory applications are configured to install only when users are not logged on, primarily to mimic the Group Policy based application deployment behavior.
  • Self-Service Assignment – End-user may choose to install assigned software at their convenience.  The package is not cached locally until requested for installation.  Users can re-run self-service packages.

Software Package Pre-Staging

To deploy applications via SCCM, software packages must be uploaded by the packager to the BITS-Enabled Distribution Point servers.  To enable the upload process, SCCM must have the following access to the packagers pre-staging location:

  • Share Permissions: Everyone, Full Control
  • NTFS Permissions: Site Server (OIT100SCCM-SS) requires Full Control
  • Logon Rights: Site Server (OIT100SCCM-SS) needs to be a member of the local ‘Users’ group

Additionally, packagers must observe a 255 character file/folder path limitation in their pre-staging package directory structure.  For examples of pre-staged packages review the NCSU-Level Package pre-staging area:

\\wolftech.ad.ncsu.edu\files\ncsu\SW-Package-Prestaging

Naming Conventions

  • AD Group/Collection/Package/Advertisement: Make them all the same name
  • Exception: A single Package will serve both Mandatory and Self-Service Advertisements, therefore use the Mandatory naming convention (no trailing -SS) for Package names
  • <OU>-<EX/SW/FW>-<Vendor>-<Software Title>-<Ver>-<Arch>-(<SS>)
  • Use the ‘-SS’ suffix to designate a package as ‘Self-Service’
  • Ex: NCSU-EX-Microsoft-Office-2010-x86-SS
  • Program names –  simple human readable name
  • ‘Self-Service’ is the recommended Program name for self-service packages because the Package name precedes the Program name in the Advertised programs listing seen by the end user and therefore a descriptive program name would appear redundant.
  • Collection Query Name: <Vendor> <Software Title> <Ver> <Arch> (<SS>)
  • Package Pre-staging Folder Name: <Manufacturer><Software Title><Version>

General Steps to Create and Deploy Software via SCCM

  1. Create an AD Software distribution group (as is the practice w/GP deployments)
  2. Create an SCCM Collection that queries the AD group (above) for computers
  3. Create an SCCM Package – upload setup files and install scripts in this step
  4. Create Programs within the Package to install the application
  5. Create an SCCM Advertisement to link the Package to the target Collection
  6. Upload Package to Distribution Points
  7. Assign target computers to AD Software distribution group

Creating Collections for Software Distribution

  • SCCM -> Site Database -> Computer Management -> Collections
  • The Collection should be populated by querying the AD Group(s)
  • Query: System Resource.System Group Name is equal to “WOLFTECH\<EX AD Group Name> or <FW/SW AD Group Name>”
  • Include all possible group names (EX,FW/SW) in the query to accomodate package promotion
  • Limit Collection query to appropriate scope (NCSU for campus, OU otherwise)
  • Recommended ‘Collection Update Schedule’: Every 2 hours
  • Select ‘Dynamically add new resources’
  • Permissions on Collections are updated periodically (via cron script) to include ‘<OU>-Admins’ (assuming the Collection is named with an OU prefix)

Creating Packages for Software Distribution

  • SCCM -> Site Database -> Computer Management -> Software Distribution -> Packages
  • Not mandatory to fill in Version/Manufacturer/Language/Comment fields
  • Use FQP to network share when specifying package
  • Select ‘Enable binary differential replication’ (for large packages) to allow modification of individual (small) files without requiring SCCM to redistribute the entire package
  • MIF Files – advanced topic, read more if interested
  • Package settings (including the source directory) can be changed after initial setup

Creating Programs to Install Packages

  • SCCM -> Site Database -> Computer Management -> Software Distribution -> Packages
  • Open target Package (tree control) -> Programs -> New
  • Ignore ‘Program for Device’ – refers to Windows Mobile Device
  • Tip: After initial creation, changing a Program name will cause a re-installation, so get it right
  • Tip: When selecting installer, only .exe’s are shown.  Change to ‘All files’ to see other file types
  • The program/package should be run from the local cache on target computers
  • You may specify environment variables in the Command Line for the Program
  • The ‘After running -> ConfigMgr restarts computer’ option is not immediate, 5/10 minute delay
  • SCCM will pick up where it left off after a reboot if additional programs need to run
  • Category: Leave Blank (will be handled centrally at a future date)
  • ‘Estimated disk space’: Specify accurately as possible w/padding on the plus side
  • ‘Maximum allowed run time’: Specify accurately as possible w/padding on the plus side
  • SCCM will assume an error occurred if the installation does not finish in the allotted time
  • Additional requirements: Advanced topic, not covered
  • Program can run: Self-Service -> Whether or not a user is logged on, do not allow users to interact w/program
  • Program can run: Mandatory -> Only when no user is logged on
  • ‘Run another program first’ gives you the option to specify prerequisite Programs, and multiple prerequisites can be chained together using this option
  • Tip: ‘NCSU-EX-Microsoft-Prerequisite-1.0’ package has common Microsoft redistributables
  • Tip: ‘NCSU-Change Cache Size’ – script to allow you to manipulate cache size ahead of install, cache size will return to default after a reboot
  • Cache cleanup occurs 24 hours after a successful install (if warranted)
  • SCCM can import the Product code for MSIs, enabling robust repair/reinstall functionality
  • Product code cannot be Imported for both Mandatory and SS installers

Creating Advertisements for Software Distribution

  • SCCM -> Site Database -> Computer Mgmt -> Software Distribution -> Advertisements
  • Select the Package (w/same name) to advertise
  • Choose the Program that is last in the chain (assuming there are prerequisites listed)
  • Select the Collection (of the same name) for the Advertisement of the Package
  • Ignore the warning about creating an Advertisement prior to copying the package to the ‘Distribution Points’
  • Schedule: Allows for setting availability of package in the future, expiration
  • Schedule: Mandatory assignments -> Sunburst (Icon) -> ‘As soon as possible’
  • ‘Maintenance Window’ override is available
  • Program Rerun Behavior -> ‘Rerun if failed previous attempt’
  • Select ‘Download content from distribution point and run locally’
  • Confirm Collection/Package association: Collection -> Properties -> Advertisements

Uploading Package to Distribution Points

  • SCCM -> Site Database -> Computer Management -> Software Distribution -> Packages
  • Open specific Package (tree control) -> Distribution Points -> New Distribution Points
  • Select each server ending with ‘-DP’ suffix
  • Confirm distribution by Opening ‘Package Status’ tree control
  • Right Click on DP -> Show Messages for detailed log messages
  • Package file changed after distribution: Distribution Points -> Update Distribution Points
  • Package file added after distribution: Distribution Points -> Manage Distribution Points -> Update all distribution points with a new package source version
  • Delete a Package from Distribution Point: Distribution Points -> Delete the package from selected distribution points (also deletes advertisement)