Apple itunes 11.1.4 and Software License agreement (and Process Monitor)

Posted by nickekallen on February 24, 2014 in Deployment 3 Comments

After discussing the an upgrade of iTunes throughout the organization and the implications of suppressing the forced Software License Agreement within iTunes on the initial launch I decided to go on a discovery with the iTunes application.

Previously all packagers have surpressed the Software License Agreement by providing the iTunesPrefs.xml file within the package and placed a copy within both %APPDATA% and %LOCALAPPDATA%. During an upgrade the fact that such a file would be replaced of course overwrites any user preferences. Potentially we could provide some additional scripting to crack open the files and replace any particular value that would tell iTunes that the Software License Agreement is accepted. The value (for 11.1.4) looks like this in %APPDATA%;


<key>license-agreements</key>

<dict> <key>EA1068</key> <true/>

</dict>

Thats a lot of work. And I am lazy.

Let’s review the start-up process of iTunes, without having accepted the Software License Agreement in Process Monitor

The actual license-agreement is obtained from a file called License.rtf, so we can easily search for this file within Process Monitor to see just about where iTunes is deciding to show the Software License Agreement.

If we review the activity above we can spot that pre-reading the License.rtf file (sv.lproj is for Swedish – so I am getting a Swedish license agreement) it checks a few registry keys and the file iTunesPrefs.xml. Obviously the checking of the iTunesPrefs.xml-file is to check wether or not this particular user had accepted the license agreement. However, the check for the registry key within HKEY_LOCAL_MACHINE was a bit unexpected. Actually it is looking for the registry value SLA – Software License Agreement. Unfortunately there is no documentation of this value anywhere. Obvious one is just to create a DWORD with a value of either 1 or 0. Neither changes the behavior of iTunes, however it can be confirmed that iTunes does read the value. Creating a string (REG_SZ) with a 1,0,Yes,No,Accepted, iTunes or any other value doesn’t change anything.

It seems to be a perfect fit though? The name SLA seems to fit the scenario, however what value can actually change the behavior of iTunes? Within %APPDATA%\Apple Computer\iTunes and the file iTunesPrefs.xml there actually is an answer to the question. It seems that setting the same value as located within iTunesPrefs.xml gets iTunes to suppress the presentation of SLA for all users on machine.

The value seems to change for every new version of iTunes– so with a new version of iTunes one would have to accept it once manually and extract the necessary value from the iTunesPrefs.xml-file

Final registry key from a Windows 7 x64;


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\iTunes]
"SLA"="EA1068"

Let’s wrap up a MST-file for easy deployment!

Desktop shortcut

Stops the desktop shortcut from beeing created

Goto the InstallExecuteSequence-table and set the following;

Language / Software Update / Suppress reboot / SLA

Forces the language to English, disable the Software Update and suppress any reboot – aswell as allow the installation to complete by accepting SLA

Goto the Property-table and set the following;

iTunes lockdown and SLA

Lockdowns any feature you want of iTunes and suppresses the SLA prompt. For a full explanation of the Parental Control feature within iTunes you can read the Apple-published article; How to manage iTunes Control features. The suggested value below will do some basic lockdown such as disabling checks for new versions

Goto the Registry-table;

Finally a nice clean installation for iTunes!

Redistribute Failed Packages in ConfigMgr

Posted by nickekallen on February 17, 2014 in Script 7 Comments

Since the topic of redistributing failed packages is quite often surfacing in larger environments and there are quite a few PowerShell scripts out there to achieve this.

David O´Brien has written a PowerShell script that redistributes all packages that has any state (but successfull) to all DPs. In a larger environment this would be very risky (consider the amount of bandwidth you could potentially consume).

David went about the task by looking up the current state of the SMS_PackageStatusDistPointsSummarizer which has 7 states of a package , and then looping through all packages for all DPs and initiate the operation RefreshNow for each package and DP.

Within SCCM 2012 R2 there seems to be 9 possible states of a package, where a state 7 and 8 seems to be undocumented. State 7 would indicate that the source-files were not reachable for the SCCM 2012 server, and State 8 would indicate that a package validation failed (for any reason).

Quite often the need is more targeted and in particular we are required to only verify a single package or distribution point. As we would go through the console to check the state of a package and look under Content Status to see – it would be easiest to simply trigger a redistribute action for all DPs that are reported as failed. Previously Greg Ramsey released the great tool to start the action Validate All DPs, which can be initiated from any package under Content Status. Great tool! Lets take that one step further and create two additional menus within Configuration Manager console!

Redistribute a package to all DPs where it failed under Content Status


Param(
[Parameter(Mandatory=$true)]
[String]$SiteSrv,
[Parameter(Mandatory=$false)]
[String]$SiteNamespace,
[Parameter(Mandatory=$True)]
[String]$PackageID
)

$SiteCode = $SiteNamespace.Substring(14)

Write-Host "Checking" $PackageID -ForegroundColor red
Write-host "Will check for Installed Failed status (3) and Validation Failed (8)"
Write-Host ""

$sOpt = New-CimSessionOption –Protocol DCOM
$SiteServerCIM = New-CimSession -ComputerName $SiteSrv -SessionOption $sOpt

$DPs =  Get-CimInstance -CimSession $SiteServerCIM -Namespace $SiteNamespace -ClassName SMS_PackageStatusDistPointsSummarizer -Filter "PackageID = '$($PackageID)' AND (State = '3' OR State = '8')"
if ($DPs -ne $null)
{
$Count = $DPs |measure
Write-Host "There are $($Count.count) failed DPs at the moment."
Write-Host "Press any key to redistribute..."
Write-Host ""
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
foreach ($dp in $DPs) {
Write-Host "Redistributing $($DP.PackageID) to $($DP.ServerNALPath.Substring(12,7))...." -ForegroundColor Green
try {

Get-CimInstance -CimSession $SiteServerCIM -Namespace $SiteNamespace -ClassName SMS_DistributionPoint -Filter "PackageID='$($DP.PackageID)' and ServerNALPath like '%$($DP.ServerNALPath.Substring(12,7))%'" | Set-CimInstance -Property @{RefreshNow = $true}
}
catch {
Write-Host "Failed to redistribute to $($DP.ServerNALPath.Substring(12,7))" -ForegroundColor Red
}

}
Write-Host "Press any key to close window...."
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
}
else
{
Write-Host "There are no Failed DPs" -ForegroundColor Green
Write-Host "Press any key to close..."
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

}

Remove-CimSession -CimSession $SiteServerCIM

Create the following XML-file to enable the right-click menu under Content Status. The file should be placed in the following folder;

14214306-59f0-46cf-b453-a649f2a249e1


<ActionDescription Class="Executable" DisplayName="Redistribute to all failed DPs" MnemonicDisplayName="Redistribute to all failed DPs" Description = "Redistribute to all failed DPs" RibbonDisplayType="TextAndSmallImage">
<ShowOn>
<string>ContextMenu</string>
<string>DefaultHomeTab</string>
</ShowOn>
<Executable>
<FilePath>PowerShell.exe</FilePath>
<Parameters>-Executionpolicy bypass -nologo -WindowStyle normal -command "&amp; 'C:\PowerShellScripts\RedistFailed.ps1' '##SUB:__Server##' '##SUB:__Namespace##' '##SUB:PackageID##'" </Parameters>
</Executable>
</ActionDescription>

To enable a second menu under Distribution Point Configuration Status you can use the following script;


Param(
[Parameter(Mandatory=$true)]
[String]$SiteSrv,
[Parameter(Mandatory=$false)]
[String]$SiteNamespace,
[Parameter(Mandatory=$True)]
[String]$Server
)

$SiteCode = $SiteNamespace.Substring(14)

Write-Host "Checking" $Server -ForegroundColor red
Write-host "Will check for all failed packages (NOT State 0)"
Write-Host ""

$sOpt = New-CimSessionOption –Protocol DCOM
$SiteServerCIM = New-CimSession -ComputerName $SiteSrv -SessionOption $sOpt
try {
$pkgs =  Get-CimInstance -CimSession $SiteServerCIM -Namespace $SiteNamespace -ClassName SMS_PackageStatusDistPointsSummarizer -Filter "ServerNALPath like '%$($Server)%' AND (State != '0')"

if ($pkgs -ne $null)
{
$Count = $pkgs |measure
Write-Host "There are $($Count.count) failed packages at the moment."
Write-Host "Press any key to redistribute..."
Write-Host ""
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
foreach ($pkg in $pkgs) {
Write-Host "Redistributing $($pkg.PackageID) to $($Server)...." -ForegroundColor Green
try {
Get-CimInstance -CimSession $SiteServerCIM -Namespace $SiteNamespace -ClassName SMS_DistributionPoint -Filter "PackageID='$($pkg.PackageID)' and ServerNALPath like '%$($Server)%'" | Set-CimInstance -Property @{RefreshNow = $true}
}
catch {
Write-Host "Failed to redistribute to $($pkg.ServerNALPath.Substring(12,7))" -ForegroundColor Red
}

}
Write-Host "Press any key to close window...."
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
}
else
{
Write-Host "There are no Failed pkgs" -ForegroundColor Green
Write-Host "Press any key to close..."
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

}

Remove-CimSession -CimSession $SiteServerCIM

}
Catch {
Write-Error "Failed to query $($Sitesrv)"
Remove-CimSession -CimSession $SiteServerCIM
}

To enable the right-click menu, create a new XML-file under the following folder;

d8718784-99d5-4449-bc28-a26631fafc07

Content;

<ActionDescription Class="Executable" DisplayName="Redistribute all failed Pkgs" MnemonicDisplayName="Redistribute all failed Pkgs" Description = "Redistribute all failed Pkgs" RibbonDisplayType="TextAndSmallImage">
<ShowOn>
<string>ContextMenu</string>
<string>DefaultHomeTab</string>
</ShowOn>
<Executable>
<FilePath>PowerShell.exe</FilePath>
<Parameters>-Executionpolicy bypass -nologo -WindowStyle normal -command "&amp; 'C:\PowerShellScripts\redistfailedpkgstodp.ps1' '##SUB:__Server##' '##SUB:__Namespace##' '##SUB:NAME##'" </Parameters>
</Executable>
</ActionDescription>

You can download the scripts from here, but you need to copy the XML-files into the folder of the Admin-Console yourself to make them visible.

Location;

c:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\Extensions\Actions

Adobe Reader Security – Trusted certificates

Posted by nickekallen on February 10, 2014 in Deployment 2 Comments

When Adobe Reader XI 11.0.0.6 was released there was suddenly a new pop-up once you open Adobe Reader for the first time, and had settings in the profile from an older Adobe Reader X installation.

The message reads;

Trusted certificates from your previous version of Adobe Reader were found. Would you like to import them?

Any certificates that are not imported in this step will not be available in this version of Adobe Reader.

Adobe calls this the Addressbook and apparently this specific feature is the Addressbook Import.

There is a setting within the Windows Registry reference (under Security –> Addressbook Import) that documents three options an administrator can make to avoid having this nagging users.

The setting is “iImportAddressBook” and has three options;

0: Do not copy the old address book. The user is NOT prompted and the address book should NOT be installed.
1 or null: Default: The user is asked whether the address book should either be installed or not.
2: Import the address book silently.

To suppress this message, and silently import the address book you can set it the suggested DWORD-value to 2. It would look something like this;

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Security\cDigSig]
 "iImportAddressBook"=dword:00000002

If you need this to be part of the deployment the suggestion is to add this value as part of the Registry. Recommended approach is to use Adobe Customization Wizard XI – if using the Adobe supported editor the registry key will be part of their custom MSI table EnterpriseRegistries.

App-V 5 Error codes

Posted by nickekallen on February 3, 2014 in App-V 1 Comment

As App-V 5 introduces lots of new error codes – here comes a summary of a few of them. After reviewing a few of the error codes there are some great sharing among people who are writing blog-articles!

See Ralph Jansens summary for App-V 5 error codes

App-V error codes

Application Launch failures

Error code: 0C80070057
Summary Solution: Upgrade to App-V 5.0 SP2
http://blogs.technet.com/b/virtualvibes/archive/2013/06/13/0c80070057-app-v-error-code.aspx

Error code: 0xFD01F25-0x7B
Solution Summary; Delete desktop.ini files within package
http://t3chn1ck.wordpress.com/2014/01/16/app-v-5-0-error-0xfd01f25-0x7b/

Error code: 0xc0000142
Solution Summary; Enable 8.3 Name creation on NTFS-volumes, or ensure that the client computer account has access to the source-files.
http://support.microsoft.com/kb/2777003/
http://cloudsurvivalguide.com/tag/0xc0000142/
http://blogs.technet.com/b/gladiatormsft/archive/2013/06/11/app-v-5-0-on-these-0xc0000142-errors-and-where-they-are-coming-from.aspx
http://blogs.msdn.com/b/sgern/archive/2013/11/14/10467791.aspx

Error code:Microsoft App-V Client” terminated with service-specific error: {Error in Application} The application failed to start properly (0x%lx).
Solution Summary; Uninstall App-V Client, Delete c:\programdata\appv and then reinstall App-V Client
http://social.technet.microsoft.com/Forums/en-US/80816b21-e0d1-41e0-bb74-c9eb1dc25a34/the-application-failed-to-start-properly-after-update-to-sp2?forum=mdopappv
http://social.technet.microsoft.com/Forums/en-US/c18b9678-3fbb-42c0-8427-c8401ee5a40d/appv-client-5-service-can-not-start-error-575?forum=mdopappv
http://blogs.msdn.com/b/sgern/archive/2013/03/21/10404146.aspx

Error code:0x83401D2A-80070490
Summary solution: Verify that you haven’t delete anything from the sequence that is required.
http://blogs.technet.com/b/virtualworld/archive/2013/05/24/app-v-5-0-error-virtual-fonts-subsystem-failure-on-first-launch.aspx

Error code: 0x8e90060a-003000F
Summary Solution: Conflicting settings between packages part of a Connection Group. Presumably resolved in App-V 5.0 SP2
http://ictworkspace.wordpress.com/2013/03/14/microsoft-app-v-5-connectiongroups-and-errors/

Error code:0x41e04304-00000028
Summary Solution: A package is part of to many Connection Groups with the same priority. Either prioritize the Connection Groups or remove it from one Connection Group.

Publishing failures

Error code:0x59701607 – 0xB
Solution summary: Delete user profile
http://social.technet.microsoft.com/Forums/en-US/f88bc1f6-569e-4c63-8343-bf676a1257f3/appv-5-part-or-all-packages-publish-failed?forum=mdopappv

Error code:0x4FC01304-0x80070003
Solution Summary; Execute the following Powershell commands;

Remove-AppvClientPackage *
Get-AppvPublishingServer | Sync-AppvPublishingServer

http://trentent.blogspot.de/2013/02/appv-5-issues.html

Error code:0x87D01280 Virtual application is in use
Summary Solution; As of App-V 5.0 SP2 a package in use is diverted to be removed at next reboot / logon. Stop the package to remove it immediately
http://www.applepie.se/app-v-5-0-sp2-and-pending-removal-update
http://blogs.technet.com/b/virtualvibes/archive/2013/12/03/pending-tasks-in-app-v-5-0-sp2.aspx

Error code:0x80190190
Summary Solution; Allow greater kerberos-tickets. Error code results in ACCESS DENIED.
Implement the following registry key;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"MaxFieldLength"=dword:0000fffe
"MaxRequestBytes"=dword:01000000

http://social.technet.microsoft.com/Forums/en-US/15035eed-e52c-4fa5-bd54-135c616f7b3e/appv-5-client-configuration-publishing-refresh-error-0x80190190?forum=mdopappv

Error code: 0x45500D27-0x80190191
Summary Solution: Ensure that AUTHENTICATED USERS is member of User group on Publishing Server.
http://blogs.technet.com/b/virtualworld/archive/2013/11/21/debugging-app-v-5-0-error-code-0x45500d27-0x80190191.aspx

Error code:0x80190194
Summary Solution; Error code means 404 response from web-host. Ensure that you have the right URL and port for the publishing server you configured.
http://social.technet.microsoft.com/Forums/en-US/c7e40a19-56c9-481a-bf87-fcb4c8bbd42d/problem-with-configuring-appv-client-50-with-publishing-server?forum=mdopappv
http://social.technet.microsoft.com/Forums/en-US/eb998be3-0915-4d7a-96af-7249c139276a/appv-50-sync-error-httprequest-sendrequest-failed?forum=mdopappv

Error Code: 070000000B
Summary Solution: Install all the pre-requisites for the App-V Client. In particular http://support.microsoft.com/kb/2533623/
http://social.technet.microsoft.com/Forums/en-US/ed9af6d5-7f09-45af-891f-444f4af8de26/unable-to-publish-a-package-in-app-v-50-client?forum=mdopappv

Add package

Error code:0C80070002
Summary Solution; App-V Package installation root is diverted, and a temp-folder is required. Create the folder temp at the same level as the App-V package installation root
http://social.technet.microsoft.com/Forums/en-US/849af455-5a1f-477a-bb29-430153587b7b/addappvclientpackage-fails-with-error-0c80070002?forum=mdopappv

Oracle Java JRE 7 Update 51 MST

Posted by nickekallen on January 27, 2014 in Deployment 4 Comments

I created an MST-file for the Oracle JRE 7 Update 51 MSI and thought it would be a good idea to make it available for download.

Do note that in JRE 7 U45 there is a new exception-list which can be configured – another potential way to customize your package. See the exceptionlist documentation

How do you retrieve the Java 7 MSI-files?

See this FAQ answer for Oracle;

https://java.com/en/download/faq/msi.xml

Very detailed guide;

http://www.74k.org/extracting-java-msi-from-java-exe

How do you pre-configure settings for the deployment?

See this very detailed explanation from Oracle about deployment.properties;

http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/properties.html#overview

What does the MST file contain?

Registry-key to disable updates

[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]
"EnableJavaUpdate"=dword:00000000
"EnableAutoUpdateCheck"=dword:00000000

Properties set to set security level for web-browsers to medium

WEB_JAVA_SECURITY_LEVEL set to M

(options are V for Very High and H for High (default)

Custom action to remove start menu shortcuts

Will remove the following directory;

%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Java

Download the MST-file here

There is a very detailed post on Itninja about the possibilites for deployment if more tweaking is necessary.

Identify CustomActions using Process Monitor

Posted by nickekallen on January 20, 2014 in Deployment 0 Comment

SysInternals has for a long time provided us with the valuable tool Process Monitor, which everyday presents new use cases.

While troubleshooting an installation that seemed to be running a specific CustomAction once a self-heal was initiated and in error set a few registry keys to an odd-value.

The registry-keys could not be located within the Registry-table and there was a ridiculus amount of CustomActions.

Registry key that was wrongfully set looked like this (when it was not correct);

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Taylor\Workbench\Installed Products]
"Proficy Machine Edition (TM)"="v5.50 Build 3655"
"View"="v5.50 Build 3655"
"Logic Developer - PLC "="v5.50 Build 3655"

Unfortunately, none of the CustomActions had very descriptive names as to which one would touch this key and there were a lot of them. A lot. Infact they started at 5750 and stopped at 6720 in the InstallExecuteSequence table.

How do you identify a CustomAction which sets a registry key ? Using timestamps in Process Monitor of course!

A fare warning before you start the steps; A lot of memory will be required due to the capture of Process Monitor

1. Fire up Process Monitor and let it monitor. No filter needs to be applied immediately.

2. Initiate the installation using verbose-logging. A sample command-line could look like this;

msiexec /i install.msi /qb TRANSFORMS=install.mst /l*v install.log

3. Once the installation is completed, stop the monitoring within Process Monitor.

4. Search for the registry key (or file if that is your case). As we are looking for when the registry key is updated, certain operations aren’t applicable. For example, RegOpenKey isn’t something that corresponds to the operation we are looking for. Therefore you can exclude this and avoid a lot of traversing through unnecessary finds.

As you can see, searching can take a bit of time;

The 3 million rows are quite heavy;

5. Once the applicable registry key is found and the RegSetValue is located the timestamp is located.

(click the image to see all of it)

6. Review the log-file generated during the installation and find the corresponding timestamp (12:04:11,972791 is the time in the screenshot).

The accuracy of Process Monitor has given us a very precise timestamp (972791 are the last digits) and we can easily see that during the time-slot of 12:04:11 there are 7 different CustomActions occuring, however only two occur within the reach of 12:04:11:97~.

As the FindfxViewVersion1 is actually executed after the timestamp, we can safely assume that it is the FindFrameWorXVersion that is setting the registry key in question.

7. Looking at the InstallExecuteSequence table the CustomAction is set to run at sequence # 6260, however no conditions are set for it.

The CustomAction will in error execute during any repair (and self-heal) and reset the registry keys due to the lack of conditions.

The following modification was done using InstEd to add a condition;

You could play around with different conditions that might suite your case and Symantec has provided a great overview of some commonly used scenarios!

ArcReader 10.2 sequenced

Posted by nickekallen on January 13, 2014 in App-V 3 Comments

ArcReader is a great viewing tool used through many organizations. I wouldn’t necessary force it to be virtualized primarily for one reason;

It is delivered by ESRI (the company making the software) as an MSI. It does contain quite a few CustomActions, however on a personal level I would consider this a low risk endeavour to deploy using traditional deployment methods.

Prerequisites

Obtain the install files from ESRI. You would need to register, however downloading can be directly from their website.

System requirements are documented in a PDF and there shouldn’t be anything out of the extraordinary if deploying onto a Windows 7 machine. The target environment this post will focus on is Windows 7 x64, and therefore it will be sequenced on Windows 7 x64.

Once downloaded extract all the files (default location is your documents folder);

PVAD will be set to c:\program files (x86)\arcgis\arcreader10.2

Sequence

You can choose to install the application with the default options, there isn’t anything in particular that requires altering due to the sequencing process. Recommended is to disable the customer experience improvement program participation.

Post sequencing

It seems that the icon for the ArcReader was detected to be a generic one, there a manual update was required.

For some reason, the first icon was selected.

European App-V User Group 2014

Posted by nickekallen on January 6, 2014 in European App-V User Group 0 Comment

Schedule is not yet finalized, however it looks like LoginConsultants will bring the European App-V User Group once again at the Microsoft office in Amsterdam

See the previous videos which we posted!

Make sure you sign-up so they can plan for food and sessions, the final registration will show up later!

Create Application

Posted by nickekallen on December 30, 2013 in ConfigMgr 0 Comment

During a project I created a specific tool to ease the insert of applications within SCCM 2012. It was only tested for SCCM 2012 SP1 CU3 and on Windows 7 x64, with Windows Management Framework 3.0.

Video that demonstrates the tool; Create Application

David O`Brien wrote some great code that sorts out the poor quality of the SCCM 2012 PowerShell support. It is used as part of the script process.

Luca Sturlese made a logging function for PowerShell available which I used to create the log-file.

The idea is that you copy the source-files to your source-folder for all your apps, right-click the MSI and then the script creates an application within SCCM 2012 based on the MSI information. A log-file is generated incase some troubleshooting is necessary, but for status you can simply review the notification bubble.

I haven’t tested this on SCCM 2012 R2. I code horribly. I know the installer breaks on a x86 platform. It most likely works on Windows 8+, but I haven’t tested that. The script is depending on multiple WMI-calls, which in high latency environments will cause issues.

You are welcome to try this, send me improvements – or even take this for a spin and just make it better. I was tired of bitcoin casino doing this manually, and copy and pasted something from the internet which solved my problem. Take this for what it is. Nothing more, nothing less.

Some tips for installing the MSI;

Use the following properties;
SITESERVER
FQDN to site-server
BASEFOLDER
Basefolder where all packages will be created. A new sub-folder with username will be created
USEFOLDERS
Base Application Name on MSI-info (false) or folder-name
(true – requires; APPNAME\DEPLOYMENT folder structure)

LOGONREQUIREMENTTYPE
True or False
ALLOWCLIENTSTOUSEFALLBACKSOURCELOCATIONFORCONTENT
True or False
ESTIMATEDINSTALLATIONTIME
Numbers only
FALLBACKTOUNPROTECTEDDP
True or False
MAXIMUMALLOWEDRUNTIMEMINUTES
Numbers only
ONSLOWNETWORKMODE
Download or DoNothing
INSTALLATIONLOG
Path and prefix to where log-files will be located.
ProductName and ProductVersion will be appended
UNINSTALLLOG
Path and prefix to where log-files will be located.
ProductName and ProductVersion will be appended

Logging happens to:
%TEMP%\a_createapp.log

Download the file here

Adobe Acrobat XI and AppV 5

Posted by nickekallen on December 23, 2013 in App-V 17 Comments

Adobe Acrobat (along with any other Adobe software) has always been something people want to virtualize due to different reasons. In larger organizations the primary driver for this has been the poor handling of locking of files by applications that Acrobat integrates with. In essence, the installation fails if common applications are running – such as Outlook or Word.

With their latest suite of deployment tools there is actually a document of “process conflicts” which is list to long for anyone to care about.

The solution to workaround the limitation has never been nice, and App-V has in some cases allowed for a less disrupting delivery. As App-V 5 brings in a new set of features that resolves quite a few of the limitations (such as browser helper objects) that previously existed, perhaps we can leverage this to deploy Acrobat without the impacting the user experience?

Within the Microsoft Sequencing Guide for App-V 5 there is still a limitation of the drivers not beeing possible to make a part of the virtual package. We understand why, and assume that bringing support for this would require some changes or new inventive ways of “doing funky stuff” under the hood.

Just to clarify; The below suggestion is not supported by anyone. Acrobat virtualized is not, and has not been communicated that it will be at any time, supported by Adobe. Microsoft clearly states that drivers are not supported, and the below method is not advised by them to resolve issues relating to drivers.

What can we do in the mean time?

Well, here is a recipe and some great stuff for you to bring back to Adobe.

Prerequisites

Media

You will need App-V 5.0 SP2 sequencer setup on your packaging machine. The target environment this specific scenario has been tested for is Windows 7 x64, so that will be the packaging machine aswell. Office version this is tested with is Office 2007 and 2010 – both running as 32-bit applications.

The source media has been a Creative Cloud generated build, with default settings. The Build only contains Adobe Acrobat, and no other components.

I don’t see a reason that it will not work for traditionally created deployments using Adobe Customization Wizard, but I haven’t tested that.

Exclusions

There are four exclusions required to be created;


REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows NT

Required to avoid issues when printing documents from Acrobat


REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem

REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Office\15.0

Required to avoid issues when sending emails via Acrobat


C:\Programdata\Adobe\SLStore

Required to avoid issues due to licensing

PVAD

Primary Virtual Application Directory is set to the default installation path of Acrobat;


C:\Program files (x86\Adobe\Acrobat 11.0

Sequencing

Installation

From a command-prompt, run all the commands to finish the installation. It should look something like this;


exceptions\ExceptionDeployer.exe –workflow=install –mode=pre

build\setup.exe

exceptions\ExceptionDeployer.exe –workflow=install –mode=post

Suggestion;

Goto the following registry key;

HKLM\Software\Adobe\Acrobat Distiller\11.0\PrinterName

Alter the name to a printer to every client has, perhaps this one;
”Microsoft XPS Document Writer”

Configuration

Start Adobe Acrobat once, but perform no additional configuration

Post-editing

Directly skip to the Edit-mode of the sequencer (unless you need to set a Feature Block 1). Verify that the exclusions were effective and that nothing in the above locations have been captured.

Also goto the Advanced-tab and check the boxes. Required to avoid issues when sending emails via Acrobat

Save your package.

Now you have a virtual application, however the printer-driver is still not there. Perhaps you reviewed the italic suggestion under the installation-part? Well… this is where it gets fun. Most likely you can get the application working with the suggestion, however – the Adobe Distiller (aka Adobe PDF Printer) is actually available as a separate installer. Unfortunately – getting your hands on it is just pure luck in some cases.

This is the splash-screen of the version the customer had;

It’s a perfectly crafted MSI, that can easily be deployed to any system. By pure luck, a different piece of software had licensed this and brought it out as a separate installer. It seems that the user-base was overlaping each other and therefore this was already on the clients.

So, App-V people – perhaps you can bug Adobe about make this deployment method available for enterprise customers so Acrobat can be virtualized, without impacting functionality?

I reached out to Adobe and got the generic response back with a link to their support statement. I assume you will. But they will never change this unless customers demand it.