There isn’t a syntax for that. The installer needs to be accessible via HTTP / HTTPS, anonymously, and a network share doesn’t fit that.
You can use the ‘download now’ command to download without validating the size/sha1, but the clients.would be downloading directly, without using the relay caching.
Sounds good. Do you have an example of such command to get from share?
Yes there is a reference at https://developer.bigfix.com/action-script/reference/download/download-now.html
Thank you. But download is url based. Is there a way to do it by file in a network share? Same way the software deployment wizard does?
The SWD wizard doesn’t use network shares either. It uploads the installer file to the BigFix server, and downloads via https, as in https://bugfixserver.example.com:52311/Uploads/upload_sha1/file.bfa.
If you store the installer file on the BigFix server you can do the same. The root directory to the web interface is wwwrootbes.
thank you
i tried to use the download command but i get : download error : urlinfo : attempt to use missing scheme
any ideas? i’ve came across another thread talking about that, where you suggested to use localhost or 127.0.0.1 instead of the fqdn, but it didn’t work. any ideas?
@liorme remember that the BigFix agent running on the local endpoint uses root or Local System accounts. These accounts typically do not have any permissions nor privilege to access a network share on a foreign computer unless the network share allows anonymous access (generally a bad idea from a security point of view). You “can” leverage action script to map the network drive using an account and some credentials, but then you need to fuss with passing the credentials securely and you need to consider concurrent load that this might bring to your network share if your BigFix agents all decide to copy a file off of the network share all at the same time.
Relays and URL downloads avoid all of that mess.
The best approach is to upload your msi file to a URL accessible path and use the regular prefetch commands in your action script.
One of the neat things about the BigFix server is that it comes with a web server built in @ wwwrootbes. If you copy your MSI to
C:\Program Files (x86)\BigFix Enterprise\BES Server\wwwrootbes\Uploads\MyTest\zoom.msi
then you could use action script to download from that URL.
prefetch FakeZoom.msi sha1:b6553a307dc1752a5089159dfad18d567d00e538 size:15 https://127.0.0.1:52311/Uploads/MyTest/FakeZoom.msi sha256:3da21c6c90133d6c7960caec3ecc82f52539019cb04ce56a6aabe70c4dd7f222
If your file changes frequently and you want to deal with the sha1/sha256/size validations outside of the Fixlet/Action you can check out the dynamic downloads feature here:
https://developer.bigfix.com/action-script/guide/dynamic_download.html
I did a little more research here. Looks like you can download the zoom client from the vendor:
So this prefetch should work fine until the next upgrade (see dynamic downloads for method to deal with a download that might change in the future)
prefetch ZoomInstallerFull.msi sha1:95fbf03328a2243bd97d789345d59190a0051a71 size:30713856 https://zoom.us/client/latest/ZoomInstallerFull.msi sha256:8515a469f6cff7f2da7b765905bd13b3d256d9d569ddab6b0d13f3de552bdcc9
thank you very much 
Using prefetch is always better than any other method for security and caching reasons.
I’m looking to build some automation to automatically create the prefetches for Zoom and create fixlets/tasks for install / update.
If you want to automate the install / update of Zoom for Mac but without the benefits of relay caching (prefetch) and always install the latest version from the internet, then this is the “right” way to do that: https://scriptingosx.com/2020/05/introducing-installomator/
This tool will validate the Apple Developer signing certificate of the zoom download automatically before install.
The only thing that would need updated in the fixlet / task is the relevance to check for the newest version, otherwise the action would always deploy newest.
cool, thank you very much
This is great though I think it will only be of use for machine based installation from the looks of it. If an end user has initiated the install via another installer method, this seems to be user specific as its all recorded in the HKU key and installed in the users profile folder, eg
Q: versions of files (values "DisplayIcon" of keys whose ((value "DisplayName" of it as string as lowercase contains "zoom")) of ((keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (registry;native registry)) ; (keys "Software\Microsoft\Windows\CurrentVersion\Uninstall" of keys of key "HKEY_USERS" of registry)) as string)
A: 4.5.5452.1010
T: 39.673 ms
I: plural version
Q: values "InstallLocation" of keys whose ((value "DisplayName" of it as string as lowercase contains "zoom")) of ((keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (registry;native registry)) ; (keys "Software\Microsoft\Windows\CurrentVersion\Uninstall" of keys of key "HKEY_USERS" of registry)) as string
A: C:\Users\{Username}\AppData\Roaming\Zoom\bin
T: 19.408 ms
I: plural string
The new fixlet is not seen as relevant on my machine that has 4.5.5452
Q: (exists value "DisplayVersion" whose (it as string as version < "5.0.25694") of keys whose (value "DisplayName" of it as string = "Zoom") of keys "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of registry)
A: FalseWhile this is a welcome addition, there is a potential problem that will cause users to cus the admins when the update gets pushed…
If there is a meeting in progress, it will close the meeting without warning… Not a good idea if the host is the one who gets kicked off with either a live webinar to youtube or a boat load of participants.
So here is are my offerings for what I use for mac and windows…
This is for version 5.05.26213.0602 (Latest as of today)
Windows.
Action Script.
waithidden taskkill /F /IM “Zoom.exe” /T
if {exists key “Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX” of current user keys (logged on users) of registry}
override wait
hidden=true
runas=currentuser
wait {value “UninstallString” of key “Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX” of current user keys (logged on users) of registry}
endif
prefetch ZoomInstallerFull.msi sha1:264abd0d573fed547bcba32c4ba66908d3326024 size:30780928 https://zoom.us/client/latest/ZoomInstallerFull.msi sha256:6d0333ba23c706cd49a1bc816fd636533f4af41d3583ee79c50aaa157371fe4e
wait “{pathname of system folder & “\msiexec.exe”}” /i “{(pathname of client folder of current site) & “__Download\ZoomInstallerFull.msi”}” /qn /norestart /log install.log ZSSOHOST=“YOURDOMAINFORZOOM” ZConfig=“nogoogle=1;nofacebook=1;DisableLoginWithEmail=1;login_domain=YOUR.COMOR. EDU;AutoHideToolbar=0”
What this does is to uninstall the user based install if it exists and installs the MSI version with command line switches to disable google, facebook and email logins, leave the SSO login, prefill the vanity domain name host (domain.zoom.us) , prefill the sso signin PID field with your .com or .edu , (ie vt.edu) and not autohide the toolbar.
You can leave all or some of the command line switches off , your choice.
Windows Relevance.
1: windows of operating system (self explanatory)
2: (exists value “DisplayVersion” whose (it as string as version < “5.0.26213”) of keys whose (value “DisplayName” of it as string = “Zoom”) of keys “HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall” of registry) OR exists file (“C:\Users” & (name of logged on user) & “\AppData\Roaming\Zoom\uninstall\installer.exe”)
3:not exists running application “cpthost.exe” AND not exists running application “aomhost*.exe”
That last one is the critical one. The cpthost and aomhost*.exe determine if there is a meeting in progress.
if zoom.exe is running, thats just the console…
So the upshot of this lot is that even if the console is running, as long as there is no meeting in progress, its safe(er) to upgrade at any time.
MAc Versions
Action Script
prefetch ZoomInstallerIT.pkg sha1:824a1abcbb36e486d4b8aebf33d88c78b0e2d096 size:35331380 https://zoom.us/client/latest/ZoomInstallerIT.pkg sha256:15612fac01df6e3ac560e217758826d9cdb3d2caa843b173bb3340a54fe76a2c
wait installer -pkg “__Download/ZoomInstallerIT.pkg” -target /
Relevance:
1:((system version >= “10.7” AND system version < “10.8”) OR (system version >= “10.8” AND system version < “10.9”) OR (system version >= “10.9” AND system version < “10.10”) OR (system version >= “10.10” AND system version < “10.11”) OR (system version >= “10.11” AND system version < “10.12”) OR (system version >= “10.12” AND system version < “10.13”) OR (system version >= “10.13” AND system version < “10.15”) OR (system version >= “10.15”)) AND TRUE
2: exists application whose (name of it as lowercase = “zoom.us.app” as lowercase)
3:version of regapp “zoom.us.app” < “5.0.5 (26223.0603)” as version
4: not exists process whose (name of it = “CptHost”)
2 and 3 could be combined to be more effective but again, 4 is the critical one,
So with both of these tasks, their action can be taken dynamically over a period of 1 week with a rep-apply if it become relevant again.
As always, I am open to suggestions and would love to include the same configurations in the plist form to apply to the mac version…
Hi,
I am new with bigfix. and I try to update zoom client to version 5.6.10 and I got this error:Error processing completed download: Requested sha1 264abd0d573fed547bcba32c4ba66908d3326024 does not match actual sha1 f939b9ad98491511ad2969f4f4c6e9e6a960f148
can you explain me what I need to change?
Hello! Which Fixlet are you using to attempt to update the Zoom Client? Have you seen the latest content available in the ‘Updates for Windows Applications’ site?
| Fixlet ID | Fixlet Site | Fixlet Name | Source Release Date |
|---|---|---|---|
| 5056321 | Updates for Windows Applications | Zoom (x64) 5.10.6.5889 Available | 2022-05-23 |
| 5056398 | Updates for Windows Applications | Zoom 5.10.6.5889 Available | 2022-05-23 |
I have error with updating zoom. How to fix it.
You need to give more details… what Fixlet, what error message…or open a Support Incident and the support team can help you collect that information.
