There is some minor changes in Java 8u171 for SWV.
Use the following cmd installscript:
How to virtualize Oracle Java 8u161 in SWV and AppV format
Backstory:
From around Oracle Java 8u121 and up to current date some
components in a virtualized Java would stop working if virtualized with AppV and SWV.
Example:
We have a couple of web app that is launched using JNLP, Applications stopped working from that update when fully virtualized.When started javaws.exe gets closed after around 10 seconds without any output, no errors, nothing.
Old workaround:
I found a way to “virtualize” some components like registry with an Hybrid package on SWV and AppV with some exe files scripted into base layer (local file system c:\). Even if this is working pretty good it’s not a proper virtual package and basefiles loaded into the browser could fail when you force removal by script.When possible we always want to make sure all files stay inside the virtual layer, that way we ensure compatibility and integrity of files and folders and we can forcefully close and remove virtual applications and be sure everything in the base Os is still untouched
Working solution:
This solution was based on information I found on several sites (links in the end of article), but you could just skip to the SWV/AppV part in the end if you want the easy solution since i found a lot of bugs in the normal install, thats why I like to use the msi installer, it's proven more stable than the exe installer:
---------------------------------------- Normal Java install -------------------------------------------------------
Create a folder called "config" and inside create 3 different files:
Create a folder called "config" and inside create 3 different files:
• deployment.config - The contents of this file:
deployment.system.config.mandatory=true
deployment.system.config=file:///C:/WINDOWS/Sun/Java/Deployment/deployment.properties
• deployment.properties - The contents of this file
# System Deployment Properties # Disable Sponsor offers like ASK Toolbar install.disable.sponsor.offers=true install.disable.sponsor.offers.locked # Mixed code (sandbox vs. trusted) security verification deployment.security.mixcode=HIDE_RUN # Security Level deployment.security.level=HIGH # Security Execution Environment\Enable granting elevated access to signed apps # aka. Allow user to grant permissions to signed content deployment.security.askgrantdialog.show=true # Enable Java content in the browser deployment.webjava.enabled=true # JNLP File/MIME Association deployment.javaws.associations=0 deployment.javaws.autodownload=NEVER deployment.javaws.autodownload.locked # Shortcut Creation deployment.javaws.shortcut=NEVER # Prompt: Your Java version is insecure. or Your Java version is out of date deployment.expiration.check.enabled=false deployment.expiration.check.enabled.locked # Exception sites file location deployment.user.security.exception.sites=C:\\WINDOWS\\Sun\\Java\\Deployment\\exception.sites # Java Console - Options for show, disable or hide the Java Console deployment.console.startup.mode=HIDE # This settings make Java all JNPL sites work with virtual Appv and SWV deployment.security.use.insecure.launcher=true
• exception.sites - You can add application URLS in this file to allow your users to Java enabled sites that would normally be blocked by security checks. Note that once you use this file, sites can no longer be added in the Java Control Panel, this gives you more control as you can manage this exclusively through the exception.sites file.
Create another folder, you can call it Jre1.80_xx (Use
whatever version of Java yor're deploying to keep some standard and also make it
easy to identify. Inside this folder,
place the config folder as well as the latest java exe available (at time of
writing it is jre-8u161-windows-i586.exe).
You are also going to create two more files inside this folder:
java.settings.cfg - The contents of this file can vary,
depending on your deployment needs, this are my settings:
INSTALL_SILENT=Enable
STATIC=Disable
AUTO_UPDATE=Disable
WEB_JAVA=Enable
WEB_JAVA_SECURITY_LEVEL=H
WEB_ANALYTICS=Disable
EULA=Disable
REBOOT=Disable
NOSTARTMENU=Enable
SPONSORS=Disable
REMOVEOUTOFDATEJRES=1
• install.bat - This is your install script pulling everything together. The part about wmic is only needed if you deploy to base with Oracle msi/exe and want to remove old versions first.
@echo off
setlocal enableextensions
@cd /d "%~dp0"
setlocal enableextensions
@cd /d "%~dp0"
REM The below command will look for and uninstall any previous Java 7 or 8 from the target machine
wmic product where "name like 'Java 7%%' or name like 'Java 8%%'" call uninstall /nointeractive
REM The first command will copy the Java configuration file to the target machine
xcopy java.settings.cfg "C:\ProgramData\Oracle\Java\" /I /Q /R /Y > nul
REM The following line will install the java software to the target computer
Start /wait jre-8u161-windows-i586.exe INSTALLCFG=C:\ProgramData\Oracle\Java\java.settings.cfg /L C:\jre-8u161.log
REM The next line will copy the Java deployment property files to the target computer
xcopy Config\*.* "C:\Windows\Sun\Java\Deployment\" /I /Q /R /Y > nul
endlocal
You can use this .bat file instead for your SWV installation:
@echo off
setlocal enableextensions
@cd /d "%~dp0"
setlocal enableextensions
@cd /d "%~dp0"
REM The following line will install the java software to the target computer
Start /wait msiexec /i "%~dp0jre1.8.0_161.msi" NOSTARTMENU=1 JU=0 JAVAUPDATE=0 AUTOUPDATECHECK=0 WEB_JAVA=1 WEB_ANALYTICS=0 WEB_JAVA_SECURITY_LEVEL=H DISABLEADVTSHORTCUTS=1 ALLUSERS=1 /l*v c:\java180_161.log /qr
REM Delete javapath\contains symbolic links and must be copied to base layer for compile to work
del /q C:\ProgramData\Oracle\Java\javapath\*
REM Copy correct java path files to baselayer
xcopy "C:\Program Files (x86)\Java\jre1.8.0_161\bin\java.exe" "C:\ProgramData\Oracle\Java\javapath\"
xcopy "C:\Program Files (x86)\Java\jre1.8.0_161\bin\javaw*.exe" "C:\ProgramData\Oracle\Java\javapath\"
endlocal
SWV:
Personaly I just use the msi installer with the applied parameters "NOSTARTMENU=1 JU=0 JAVAUPDATE=0 AUTOUPDATECHECK=0 WEB_JAVA=1 WEB_ANALYTICS=0 WEB_JAVA_SECURITY_LEVEL=H DISABLEADVTSHORTCUTS=1 ALLUSERS=1 /l*v c:\java180_161.log /qr" since Oracle has a record for breaking the installer once in a while.I normally don't apply security settings pr. host with the "exceptions.sites" file so this can be removed from your deployment file.
Our users can then add the pages they want to run manually. Less secure but less of an hassle for us, you have to consider pros and cons, most users have to call our helpdesk anyway for that.
Easiest way is to just create the user deployment.properties file with this line inside:
deployment.security.use.insecure.launcher=true
Then copy the deployment.properties file to: [USER_TEMPLATE]\USERPROFILE\AppData\LocalLow\Sun\Java\Deployment, may have to
force read only settings to the file if you want to preserve it .
Also remember to add exlude, .jar + .jnpl + .sites to exluded files types in package.
AppV:
The same applies to AppV, you could just create deployment.properties
Then remove
localAppData from Exclusions prior to sequencing and edit the
deplyment.properties in AppData\LocalLow\Sun\Java\Deployment during sequencing
OR somehow edit the deplyment.properties in
AppData\LocalLow\Sun\Java\Deployment for the existing package in local, not
virtualized location (if localLow was in excludes)
With this line:
deployment.security.use.insecure.launcher=true
Also I recommend using JRE block from TMurgent if you want to isolate your AppV Java.
The following quote from Timothy Mangan should say it all:
Why do I need this?:
When Java is installed, it adds a bunch of COM registrations pointing to the current version it is installing. Sun (now Oracle) changes the GUID in a predictable way and adds or updates all of the old GUIDs to also point to the new version. Thus any software trying to access the old version will get the new version. Which in theory is great, except that so much Java code ends up being version specific (or more to the point, when new Java versions come out that are not concerned enough with backward compatibility).Due to security concerns, if you deploy Java natively on operating systems you always want to be patching to the latest version. Virtualizing any old version of Java that you require for an app that needs a specific version using this technique, will allow the app running inside that virtual environment to only see this version of Java, no matter what version might be natively installed. And since that version of Java probably has well known security vulnerabilities, you only want the user to use that crusty version of Java when running the app that requires it, not for general web surfing. You can combine the dependent app in the java package directly, or package separately and use a connection group. You probably create a special shortcut in the package for your app, and you probably also remove the browsing bar from the UI of the web browser in this package so they can't go climbing in those dangerous places. They can do that from the non-virtualized browser.You also don't have to deploy Java natively. This solution works great anyway. And it might be time to be removing from systems except when absolutely needed anyway.
Links:
The Use of Global Excludes with Symantec Workspace Virtualization
Backstory:
If you ever come across a scenario with SWV/SWS where you want to make absolute 100% sure certain file types, registry keys or folders never get lost inside of your virtual layers during deactivate, reset or deletion of the virtual layers, there is three ways to make sure of that as far as I know if we count Data Layer.
Normally all file types associated with your program gets excluded when we repackage that program if they resides under the registry location: HKLM\SOFTWARE\CLASSES\.”file-type”Example of files that will be excluded from Sas Enterprise Guide package.
Normally all file types associated with your program gets excluded when we repackage that program if they resides under the registry location: HKLM\SOFTWARE\CLASSES\.”file-type”Example of files that will be excluded from Sas Enterprise Guide package.
But sometimes you can save files from inside a package in other formats and if you really want to make sure files always exist on the system after your packages get removed, then you have to make sure all file types from the save as dialog is also excluded.
The easiest way to do that is with a new "virtual" package with ”Global excludes”, called GE in the rest of the article.
What is “Global excludes”?
GE is an option that will work across all virtual packages even if you haven’t made exclusions inside other packages and if there is file types, registry keys or folders from that list they will be saved in base layer (local file system c:\) when you reset or delete the package they exist inside.
Important note:
This can actually be overridden with each package since Symantec has made it possible to override the global exclude list with a tick box on every package. May come in handy if there is a certain package where this scenario don’t apply. Personally I haven’t seen any use of it yet, but it’s good to know.
How do you make Global Excludes?:
First you need to make an empty package with just an detection rule so ITMS will know if it exist on the system so it can be properly imported and installed.
When that is okay go to the tab called exclude entry’s.
We had some problems with our Office 2013 and 2016 packages, if users tried to save files to drives other than the system drive c:\ it would just fail because the filter driver would not work there.
So we started excluding all possible drive letters and sub-folders except c:\, this should be fixed now but from historic reasons we still exclude all drives from d:\ to z:\ just to be sure.
We also want to make sure files associated with Office like mailbox *.ost file exist in base folder all the time. Or else they tend to fail if other programs make use of them with integrations, and we want to make sure they never get deleted by other than by users or our own cleaup scripts (just keep in mind that, if you reload a virtual package later with the same files the will NOT be overwritten if you don’t script something for that, base layer files always win over files in virtual layers).
Examples of some of the filetypes assosiated with Office.
How to load the package “Global excludes”?:
Then we have to go into the Symantec composer and make 4 scripts to load Global excludes.
Settings from the 1 script:
Content of Event Scripts are stored under the registry location: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FSLX\Parameters\FSL] in hex format so we can’t read it directly from the registry file (I’m not that smart at least =).
Besides that my computer registry text is in Norwegian you can see the exclude path and filetypes.
All you need to do now is to make your changes in the package, and then export that part from the registry. Rename the two regfiles ExcludeDel and GlobalExclude and put them inside the meta folder in the package.Then compile package, import it on the computer you want to test it on.
When that is done, get it into production with ITMS.
That’s all for now guys, hope this will help you.
Tutorial for applying App-V 5.x packages with ITMS (Altiris)
- Backstory:
I work at the IT department of a Norwegian Health Region, we are currently migrating around 13000 clients from Windows 7 x64 to Windows 10 x64 CB for Business using an automated ITMS workflow. On Windows 7 we have deployed around 400 virtual packages made with Symantec Workspace Virtualization, some are deployed with Symantec Streaming.But since SEV (Symantec Endpoint Virtualization) is EOL and extended support ends in july 2, 2018 we are repackaging everything we can into APP-V 5.x format.
I could not find any information on others doing the same stuff so I had to create my own little tool doing all of the scripting as an automated process to make App-V work with ITMS.
I want to share the fundamentals of my findings in this article giving back some of my own knowledge to the community showing that "Altiris" is the best tool even for App-V deployment, it's based on my original Symantec forum tread:
I only know two different ways of creating detection rules with App-V scripting. You could use the external deploymentConfig.xml or the internal AppxManifest.xml. I recommend using the internal AppxManifest.xml file for most cases because then you only need to upload and deploy the App-V file, and it can contain both user and machinecode scripts.
I normally only use the external deploymentConfig.xml file for the "Office 2013" App-V package created with the "Office 2013 deployment tool", see the part further down the article for more in depth information about it! It's also the easiest way to change most internal package settings without having to repackage it all over again. Just remember that you should at least change the detection rule so the "new" package revision will be unique and installed again. Remember, you can't use both internal and external config files at the same time, if you use the external file the internal will be ignored.
Using the free command line application tweakappv from Advanced installer I have finally found a working command line interface for modifying files inside our created App-V packages without using manual editing in the annoying Sequencer. This is one of only a handful of 3rd party programs that lets you directly modify APP-V files without triggering the internal App-V CRC check.
This way we can automate the creation of detection rules into App-V packages using only scripts. (I recommend using google and search for all information about this amazing free tool. It can do a lot of cool stuff with App-V files.)
We need to get the internal AppxManifest.xml out of the App-V package (Best way is to create a script that treat reading from App-V like a zip file, it can be done with free 7zip command line version).
When you have the manifest xml file on your computer create a script/program that read from the AppxManifest.xml file.
Find "Identity Name",'Version="', 'appv:PackageId="' and 'appv:VersionId="'.
Using string split or an xml parser to get the values and store as variables.
Then write four cmd files and insert detection rules like this:
Create the txt file addscripts.txt and insert the text from the box into that file: TweakAppV.exe /batchfileupdate "filename.AppV" AddScripts.txt'
If you want to create the enterprise licensed Office 2013 App-V package this has to be created with the "Office 2013 Deployment Tool" , the output package is made around the App-V 5.0 RTM SP1 version.
And if you want to create the Office 2016 App-V package (It only works with O365 licenses do to some Ms bulls*it) this has to be created with the "Office 2016 Deployment Tool" , the output package is made around the App-V 5.0 SP2 HF4 version. Ms has done some undocumented and very creative stuff in here so both packages can't and should not be edited as normal App-V packages, I even tried to convert both to a newer App-V version using AVE, but it only fails.
So the only way i know we can get both packages licensed is using the internal license module "integrator.exe", and keeping scripts intact when deployed.
And we also want detection rules so we have to publish detection rules with the external file deploymentConfig.xml.
The good news is that we can still insert scripts for detection rules with Tweakappv. Also keep in mind that you can only deploy one App-V Office package at the same time on a computer, so you better get one big with everything inside (Visio, Project) and then use program blocking, or repackage every version and deploy as seperate pacakges using several filters in ITMS (it's a pain i know).
Syntax is as following:
If you want to master APP-V you have to understand the consept of Run Virtual.
Short version:
Run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you: Want to install and run an application locally on client computers, but want to virtualize and run specific plug-ins that work with that local application. Are troubleshooting an App-V client package and want to open a local application within the App-V virtual environment. My method it's based on ideas from: http://virtualvibes.co.uk/using-powershell-to-self-deliver-runvirtual/
But instead of just delivering runvirtual files with scripts in the package, our method involved a powershellscript running on the client and managed from Altiris or other cms systeml
This script reads from an ini file.
- What is the best method creating detection rules for APP-V on clients running ITMS?
I only know two different ways of creating detection rules with App-V scripting. You could use the external deploymentConfig.xml or the internal AppxManifest.xml. I recommend using the internal AppxManifest.xml file for most cases because then you only need to upload and deploy the App-V file, and it can contain both user and machinecode scripts.
- When do I use the App-V external configuration files?
I normally only use the external deploymentConfig.xml file for the "Office 2013" App-V package created with the "Office 2013 deployment tool", see the part further down the article for more in depth information about it! It's also the easiest way to change most internal package settings without having to repackage it all over again. Just remember that you should at least change the detection rule so the "new" package revision will be unique and installed again. Remember, you can't use both internal and external config files at the same time, if you use the external file the internal will be ignored.
- How to create detection rules and update them directly into the App-V package:
Using the free command line application tweakappv from Advanced installer I have finally found a working command line interface for modifying files inside our created App-V packages without using manual editing in the annoying Sequencer. This is one of only a handful of 3rd party programs that lets you directly modify APP-V files without triggering the internal App-V CRC check.This way we can automate the creation of detection rules into App-V packages using only scripts. (I recommend using google and search for all information about this amazing free tool. It can do a lot of cool stuff with App-V files.)
- The preferred method of doing this:
We need to get the internal AppxManifest.xml out of the App-V package (Best way is to create a script that treat reading from App-V like a zip file, it can be done with free 7zip command line version).When you have the manifest xml file on your computer create a script/program that read from the AppxManifest.xml file.
Find "Identity Name",'Version="', 'appv:PackageId="' and 'appv:VersionId="'.
Using string split or an xml parser to get the values and store as variables.
Then write four cmd files and insert detection rules like this:
'reg add "hklm\software\wow6432node\companyname\Appv\' & $PackageName & '" /v AddPackage /t reg_sz /d ' & $Version & "/" & $PackageID & "/" & $VersionID & " /f") into our cmd files.
We just call them AddPackage.cmd, PublishPackage.cmd, UnpublishPackage.cmd and RemovePackage.cmd.
Settings is like this:
Package Scripts:
On adding package:
In machine context: YES
- Script:%windir%\system32\cmd.exe
- Parameters: /c AddPackage.cmd
- Wait for App-V Client to Complete: YES
- Do not use encoded executable paths: YES
- Script timeout: 999 seconds
On package publish:
In machine context: YES
- Script:%windir%\system32\cmd.exe
- Parameters: /c PublishPackage.cmd
- Wait for App-V Client to Complete: YES
- Do not use encoded executable paths: YES
- Script timeout: 999 seconds
On Package unpublish:
In machine context: YES
- Script:%windir%\system32\cmd.exe
- Parameters: /c UnpublishPackage.cmd
- Wait for App-V Client to Complete: YES
- Do not use encoded executable paths: YES
- Script timeout: 999 seconds
On removing package:
In machine context: YES
- Script:%windir%\system32\cmd.exe
- Parameters: /c RemovePackage.cmd
- Wait for App-V Client to Complete: YES
- Do not use encoded executable paths: YES
- Script timeout: 999 seconds
- Syntax for sending in detection rules scripts with Tweakappv:
Create the txt file addscripts.txt and insert the text from the box into that file: TweakAppV.exe /batchfileupdate "filename.AppV" AddScripts.txt';twc
add-Scriptfile AddPackage.cmd
add-Scriptfile RemovePackage.cmd
add-Scriptfile PublishPackage.cmd
add-Scriptfile UnPublishPackage.cmd
New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:AddPackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage" -elementname "appv:Arguments" -elementtext "/c AddPackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage/appv:Wait" -attributename "Timeout" -attributevalue "999"
New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:RemovePackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage" -elementname "appv:Arguments" -elementtext "/c RemovePackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage/appv:Wait" -attributename "Timeout" -attributevalue "999"
New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:PublishPackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage" -elementname "appv:Arguments" -elementtext "/c PublishPackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage/appv:Wait" -attributename "Timeout" -attributevalue "999"
New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:UnpublishPackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage" -elementname "appv:Arguments" -elementtext "/c UnpublishPackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage/appv:Wait" -attributename "Timeout" -attributevalue "999"
- How to create detection rules for Office 2013/2016 made with Office Deployment Tool:
If you want to create the enterprise licensed Office 2013 App-V package this has to be created with the "Office 2013 Deployment Tool" , the output package is made around the App-V 5.0 RTM SP1 version. And if you want to create the Office 2016 App-V package (It only works with O365 licenses do to some Ms bulls*it) this has to be created with the "Office 2016 Deployment Tool" , the output package is made around the App-V 5.0 SP2 HF4 version. Ms has done some undocumented and very creative stuff in here so both packages can't and should not be edited as normal App-V packages, I even tried to convert both to a newer App-V version using AVE, but it only fails.
So the only way i know we can get both packages licensed is using the internal license module "integrator.exe", and keeping scripts intact when deployed.
And we also want detection rules so we have to publish detection rules with the external file deploymentConfig.xml.
The good news is that we can still insert scripts for detection rules with Tweakappv. Also keep in mind that you can only deploy one App-V Office package at the same time on a computer, so you better get one big with everything inside (Visio, Project) and then use program blocking, or repackage every version and deploy as seperate pacakges using several filters in ITMS (it's a pain i know).
Syntax is as following:
<MachineScripts>
<PublishPackage>
<Path>Scriptrunner.exe</Path>
<Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\PublishPackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>
</PublishPackage>
<UnpublishPackage>
<Path>Scriptrunner.exe</Path>
<Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\UnpublishPackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>
</UnpublishPackage>
<AddPackage>
<Path>Scriptrunner.exe</Path>
<Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\AddPackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>
</AddPackage>
<RemovePackage>
<Path>Scriptrunner.exe</Path>
<Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\RemovePackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>
</RemovePackage>
</MachineScripts>
- Run Virtual:
If you want to master APP-V you have to understand the consept of Run Virtual.Short version:
Run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you: Want to install and run an application locally on client computers, but want to virtualize and run specific plug-ins that work with that local application. Are troubleshooting an App-V client package and want to open a local application within the App-V virtual environment. My method it's based on ideas from: http://virtualvibes.co.uk/using-powershell-to-self-deliver-runvirtual/
But instead of just delivering runvirtual files with scripts in the package, our method involved a powershellscript running on the client and managed from Altiris or other cms systeml
This script reads from an ini file.
- Will put down the detection rule in registry the first time script runs
- Altiris:----------------------------------------------------------------------Install
powershell.exe -executionPolicy bypass -file .\RunVirtual_MK.ps1 -Inifile RunVirtual_MK.ini
Altiris detection rule:
HKEY_LOCAL_MACHINE\Software\Company\RunVirtual_MK"
Versjon=29.11.2017-01
- Altiris:
- The next thing it does is checking ini version. Is there a newer version of the ini file it will be used.
- The [Forbidden] files will be added as an variable so it will remove thoose entrys from the runvirtual keys. If the same exe file exist it for some reason in the ini file it will also be removed.
- Read the runvirtual keys from and add thoose keys to run virtual in registry
Example of our ini file:
Powershell ini reading is based on this code:
CG is basically an xml file. Use the free sw AppV_DefConGroups from tmurgent to create CG files.
Create one dummy App-V package with nothing else but a detection rule and call it something like "CG_packagename_Master". This package can't be optional since it's basically a primary key for the CG, and we have to enable the this package first or the CG won't work.
This dummy package has the any version flag checked, so it can be upgraded if needed without making the CG all over again.
Then we just put all the packages we want to load into the CG in the same directory structure and we just add them in the program, set any version and optional flags on so we can remove and add newer versions when we want and the loading sequence with the move up and down buttons.
Then remember to save the CG with an unique Priority.
I recommend using at least 10 numbers higher priority in case there needs to be safe that no other CG won't interfere with it later.
The reason we need to use unique numbers is because if a package is loaded into two connection groups, the App-V client needs to know witch VE(virtual environment) to load first, or else it will fail catastrophic. See this blog post about it: http://virtualvibes.co.uk/connection-group-conflic...
There is no good way around using CG if you need two App-V packages to work together dynamically.
You could repackage them all together in the same big package.
But the drawbacks are: Package size will be much bigger, will affect load speed, deployment speed and maybe performance when using programs inside the package. And if you want to just upgrade one program the complete package has to be upgraded.
Also remember that if you use App-V Office you have to set the exact same isolation flags on all the other packages in that CG....making it even more of a pain to manage...
Other software you should use for editing and working with App-V:
If you need to have several scripts pr event then you should have a look at scriptlauncer or scriptrunner (free with App-V, but not completly silent when running) Or you could create your own script parser like us, but that will require a lot of error handling.
A VERY usefull full editor is AVE. It will cost you some cash, but it's one of the best App-V editors out there capable of editing all versions of App-V.
This is allmost essential when you want to only change a file or two or do some easy changes without reverting a virtual machine with a sequencer, it can also display a grafical overview of the numbers of shortcuts, com objects, active x plugins and all other kind of files in the package.
Another editor capable of editing and build App-V packages is Advanced installer, the same company who created the free command line tool we use for detection rules.
Also check out http://www.tmurgent.com/TmBlog/ for the best in depth information and free App-V tools.
Use google and you will find a lot of great App-V blogposts, but be aware that a lot is outdated so check the date of postings.
Disclamer: You are on your own from now, there is no official support for this stuff in ITMS, and I will not take any responsibility for any problems you may have now or down the road, best of luck!
[ini]
iniVersion=29.11.2017-01
[Forbidden]
001=C:\Program Files (x86)\test\test1.exe
[Rv_oracle]
001=C:\Program Files (x86)\test\test.exePowershell ini reading is based on this code:
Function Get-IniContent {
<#
.Synopsis
Gets the content of an INI file
.Description
Gets the content of an INI file and returns it as a hashtable
.Notes
Author : Oliver Lipkau <oliver@lipkau.net>
Blog : http://oliver.lipkau.net/blog/
Source : https://github.com/lipkau/PsIni
http://gallery.technet.microsoft.com/scriptcenter/...
Version : 1.0 - 2010/03/12 - Initial release
1.1 - 2014/12/11 - Typo (Thx SLDR)
Typo (Thx Dave Stiff)
#Requires -Version 2.0
.Inputs
System.String
.Outputs
System.Collections.Hashtable
.Parameter FilePath
Specifies the path to the input file.
.Example
$FileContent = Get-IniContent "C:\myinifile.ini"
-----------
Description
Saves the content of the c:\myinifile.ini in a hashtable called $FileContent
.Example
$inifilepath | $FileContent = Get-IniContent
-----------
Description
Gets the content of the ini file passed through the pipe into a hashtable called $FileContent
.Example
C:\PS>$FileContent = Get-IniContent "c:\settings.ini"
C:\PS>$FileContent["Section"]["Key"]
-----------
Description
Returns the key "Key" of the section "Section" from the C:\settings.ini file
.Link
Out-IniFile
- Connection Groups (CG):
CG is basically an xml file. Use the free sw AppV_DefConGroups from tmurgent to create CG files.Create one dummy App-V package with nothing else but a detection rule and call it something like "CG_packagename_Master". This package can't be optional since it's basically a primary key for the CG, and we have to enable the this package first or the CG won't work.
This dummy package has the any version flag checked, so it can be upgraded if needed without making the CG all over again.
Then we just put all the packages we want to load into the CG in the same directory structure and we just add them in the program, set any version and optional flags on so we can remove and add newer versions when we want and the loading sequence with the move up and down buttons.
Then remember to save the CG with an unique Priority.
I recommend using at least 10 numbers higher priority in case there needs to be safe that no other CG won't interfere with it later.
The reason we need to use unique numbers is because if a package is loaded into two connection groups, the App-V client needs to know witch VE(virtual environment) to load first, or else it will fail catastrophic. See this blog post about it: http://virtualvibes.co.uk/connection-group-conflic...
The next thing we need now is a detection rule in Altiris.
Found out the easiest way to create a detectionrule is to check for files.
The default location of a loaded CG is under:
C:\ProgramData\Microsoft\AppV\Client\Catalog\PackageGroups\{GroupId}\{VersionId}\
When you load a CG it will create two files called:
PackageGroupDescriptor.xml
PackageGroupDescriptorTemplate.xml
When you enable the CG it will create the file:
So this makes it possible to see if it is imported and not enabled, or removed completely if no files exist here.UserPackageGroupDescriptor.xml
There is no good way around using CG if you need two App-V packages to work together dynamically.
You could repackage them all together in the same big package.
But the drawbacks are: Package size will be much bigger, will affect load speed, deployment speed and maybe performance when using programs inside the package. And if you want to just upgrade one program the complete package has to be upgraded.
Also remember that if you use App-V Office you have to set the exact same isolation flags on all the other packages in that CG....making it even more of a pain to manage...
- Other usefull programs:
Other software you should use for editing and working with App-V:If you need to have several scripts pr event then you should have a look at scriptlauncer or scriptrunner (free with App-V, but not completly silent when running) Or you could create your own script parser like us, but that will require a lot of error handling.
A VERY usefull full editor is AVE. It will cost you some cash, but it's one of the best App-V editors out there capable of editing all versions of App-V.
This is allmost essential when you want to only change a file or two or do some easy changes without reverting a virtual machine with a sequencer, it can also display a grafical overview of the numbers of shortcuts, com objects, active x plugins and all other kind of files in the package.
Another editor capable of editing and build App-V packages is Advanced installer, the same company who created the free command line tool we use for detection rules.
Also check out http://www.tmurgent.com/TmBlog/ for the best in depth information and free App-V tools.
- Command line syntax:
When you deploy App-V packages trough ITMS using powershell scripting, you are actually running it through cmd.exe and not the direct powershell shell.
The syntax is a little bit different because of that. I will share the commands you will need to do your App-V bidding.
The syntax is a little bit different because of that. I will share the commands you will need to do your App-V bidding.
Install commandline (COMPLETE,ADD&PUBLISH&MOUNT):
powershell.exe "Add-AppvClientPackage -Path 'package.appv' | Publish-AppvClientPackage –Global | Mount-AppvClientPackage"
AddPackage commandline (ADD&MOUNT):
powershell.exe "Add-AppvClientPackage -Path 'package.appv' | Mount-AppvClientPackage"
PublishPackage commandline (PUBLISH&MOUNT):
powershell.exe "Publish-AppvClientPackage -Name 'package' –Global | Mount-AppvClientPackage"
Uninstall commandline (COMPLETE,UNPUBLISH&REMOVE):
powershell.exe "Unpublish-AppvClientPackage -Name 'package' -Global | Remove-AppVClientPackage"
UnpublishPackage commandline (UNPUBLISH):
powershell.exe "Unpublish-AppvClientPackage -Name 'package' -Global"
Disclamer: You are on your own from now, there is no official support for this stuff in ITMS, and I will not take any responsibility for any problems you may have now or down the road, best of luck!
Subscribe to:
Posts (Atom)