(imported topic written by StacyLee)
This certainly should be possible and we just havent tried it. I am wondering who has gone through this and can give any tips ahead of time or experiences good/bad.
thanks
(imported comment written by ErnieF91)
I’m not sure what the previous person asked, but we do have a GPO in place to install the agent on PC’s. It works great for us.
Ernie
(imported comment written by StacyLee)
I was wondering who has deployed the BigFix client via Group Policy. If it was straight forward or were there any gotchas.
(imported comment written by brolly3391)
Hello Stacy Lee,
I have done this at several customer sites and it is my favorite method of client distribution.
The only bit of weirdness for one customer was that one of their remote networks was not able to talk directly to the BES server for the client’s first registration. Because a GPO distribution requires an MSI, we created an MST to drop the registry key to explicitly point those clients to their local relay, which was then able to relay that critical initial registration request up to the server. This would not be an issue with normal network topology.
The other item is that the distribution is not instant. You have to wait for a logon event or some other GPO refresh event to kick off each client install. Within a day, most clients were installed and functioning normally.
Cheers,
Brolly
(imported comment written by StacyLee)
I’d be interested in how you setup the MST. We group our computers based on a registry value that needs to be written to the system. How was the msi deployed with the masthead and MST?
(imported comment written by brolly3391)
Hello Stacy,
The masthead is integrated into the MSI when you perform the initial BES Installer setup. That file is in your
c:\BESInstallers\ClientMSI
folder on your BES server. If you get a new masthead, you can regenerate that MSI by running the BES Installer on a workstation somewhere and tell it to use your current masthead.
The MST I did using Installshield Admin Studio but it could be done in Orca (free from MS) or any other tool that can create an MST.
Since Orca is a free MS tool I will give instructions on how to do this in Orca:
Open the BESClientMSI.msi in Orca.
Transforms>New Transform
_ Feature table - Add Row:_
Feature=Custom
Feature_Parent=
Title=Custom Relay reg key
Description=Custom Relay reg key to configure client to talk to a specific relay for its initial communication to the BES Server.
Display=0
Level=1
Directory_=
Attributes=0
Components table - Add Row:
Component=CustomReg
ComponentID= {3D0CB02D-B282-42D6-8567-2ADD8A37179A}
Directory=INSTALLDIR
Attrib=2
Condition=
KeyPath=
FeatureComponents table - Add Row:
Feature=Custom
Component=CustomReg
Registry table - Add Row:
Registry=InitialRelayReg
Root=2
Key=SOFTWARE\BigFix\EnterpriseClient\Settings\Client__RelayServer1
Name=value
Value=http://yourrelay.domain.com:52311/bfmirror/downloads/
Component=CustomReg
Registry table - Add Row:
Registry=InitialRelayRegDate
Root=2
Key=SOFTWARE\BigFix\EnterpriseClient\Settings\Client__RelayServer1
Name= effective date
Value= Wed, 18 Apr 2007 21:39:16 +0000
Component=CustomReg
Transform>Generate Transform
Save it as BESCustomRelay.MST
Notes for adding rows: Most entries are case sensitive. It would be easiest to use my entries verbatim and only change the yourrelay.domain.com string to your own relay and generate a new ComponentID GUID. Feature and Component names are keyword lookups for the MSI so if you change them in one row, cascade your changes to the other rows. The ComponentID can be left blank initially; once the row is created you can right click to generate a new one. It is a best practice to never re-use a GUID. If the component changes in any way, give it a new GUID.
Next, test your transform on a machine with the network disabled so that the BES client cannot talk to the server. Test using this command line and note that TRANSFORMS is all caps:
msiexec.exe /I BESClientMSI.msi /qn TRANSFORMS= BESCustomRelay.MST
Verify that the registry keys are present after the install. Add a bogus host entry in
C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 yourBESserver.domain.com
so that the client cannot talk directly to the BES server. Then re-enable the network connection. Verify that the client does in fact use the relay to talk to the BES server. Restore your test machine from an earlier backup.
Once testing is complete you can simply set up your GPO to use the transform using a command line similar to the one you used in testing.
Orca: http://msdn2.microsoft.com/en-us/library/aa370557.aspx
One final note, this is all only for MSI rollouts of the BES client. If you are performing a normal setup.exe rollout you can use this KB for setting initial relay:
http://support.bigfix.com/cgi-bin/kbdirect.pl?id=244
Cheers,
Brolly
(imported comment written by jpeppers91)
Anyone experience the client trying to reinstall itself on machines where the client is all ready installed? Most noticeable during reboots on clients.
(imported comment written by BenKus)
I saw something once where someone had a GPO in AD to deploy the MSI version of the agent… but they also used the “Hide BigFix Client from Add/Remove Programs” Fixlet… and since AD couldn’t find the agent by name (I am not sure why it looked by name), it tried to reinstall on reboot…
But I only saw that happen one time and it is just a thought…
Ben
(imported comment written by jpeppers91)
The client is visible in Add Remove programs. It also reboots after the install.
(imported comment written by nberger91)
When deploying the BESClientMSI, can you run natively or do you have to run it via (script) command line to supress the prompts etc …
Im not seeing an option in Win2008 GPM Editor that allows me to specify the MSI with any install parameters, for example /quiet /norestart ?
Grateful for advice.