Installing IE8 through Bigfix

system · March 23, 2010, 5:22pm

(imported topic written by mike.armstrong91)

I am trying to install IE8 through Bigfix and need some help. There has to be a KB article installed, then a reboot after the KB, and then the install of IE8, which then needs another Reboot. Therefore, I want the relevance for the IE8 installer to be “KB932823-v3” is installed, and the computer is not pending restart. Which would mean, that KB832823 is installed, and the KB wasn’t just freshly installed, so it will go in and work. Which, of course, afterwards, have a post action to reboot the computer.

Here is the relevance for KB832823. This does work fine, I just want to give you guys all the information I can to help me out. (Simply, it makes sure its running Windows XP or better, and the KB hasn’t been installed.)

(name of it = “WinXP” OR name of it = “Win2003” OR (name of it = “WinVista” and product type of it = nt workstation product type) OR (name of it = “Win2008” or (name of it = “WinVista” and product type of it != nt workstation product type)) OR (name of it = “Win7”) AND (exists regapp “besclient.exe” whose (version of it >= “7.2.4.60”))) of operating system AND (not exists key “HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB932823-v3” of registry)

Here is the action script for the KB article. Basically, I download the KB article, install it, then make the computer report that it needs a reboot.

download http://shr-p-bigfix.innovapost.ca:52611/Uploads/2701e463b020446dea23b9170aa93948a7df374b/WindowsXP-KB932823-v3-x86-ENUexe.tmp

continue if {(size of it = 608095 AND sha1 of it = “2701e463b020446dea23b9170aa93948a7df374b”) of file “WindowsXP-KB932823-v3-x86-ENUexe.tmp” of folder “__Download”}

extract WindowsXP-KB932823-v3-x86-ENUexe.tmp

wait __Download\WindowsXP-KB932823-v3-x86-ENU.exe /passive /norestart

action may require restart “c8d08aa227c88b7ed915b839eff3e8c0d2f67e06”

Here is the relevance for Internet Explorer 8. So what I tried to do, was make sure it was running windows XP or newer, makes sure the KB article is installed, make sure that the computer is not pending restart, and that IExplorer’s version is less than 8.

(name of it = “WinXP” OR name of it = “Win2003” OR (name of it = “WinVista” and product type of it = nt workstation product type) OR (name of it = “Win2008” or (name of it = “WinVista” and product type of it != nt workstation product type)) OR (name of it = “Win7”) AND (exists regapp “besclient.exe” whose (version of it >= “7.2.4.60”))) of operating system AND (exists key “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB932823-v3” of registry) AND (NOT pending restart “f9fc5c21a91696538bee18bbcbcb85a1ed74f7bf”) AND (exists regapp “iexplore.exe” whose (version of it < "))

Then finally, the action script for Internet Explorer 8.

download http://shr-p-bigfix.innovapost.ca:52611/Uploads/f14618b7bd818f3038414903220bcf98cd533478/IE8-WindowsXP-x86-ENUexe.tmp

continue if {(size of it = 16840872 AND sha1 of it = “f14618b7bd818f3038414903220bcf98cd533478”) of file “IE8-WindowsXP-x86-ENUexe.tmp” of folder “__Download”}

extract IE8-WindowsXP-x86-ENUexe.tmp

wait __Download\IE8-WindowsXP-x86-ENU.exe /quiet /norestart

So, my dilemma! The pending restart does show in the Bigfix console, but IE8 does not wait for the reboot before attempting to apply. Any suggestions on what I’m doing wrong?

Thanks in advanced!

system · March 23, 2010, 7:50pm

(imported comment written by DennisA91)

Mike,

Can you clarify whether these are separate Fixlets in a Baseline?

system · March 23, 2010, 10:54pm

(imported comment written by mike.armstrong91)

These are a baseline, and when i run it, They both try to run, without allowing a reboot between. Same result if I run them as 2 separate fixlets, one after the other.

system · March 23, 2010, 11:10pm

(imported comment written by SystemAdmin)

You may want to look into the Internet Explorer Administration Kit. I am working on a custom package that sets some defaults the way I want them. It prompts the user for a reboot when it has completed and places the latest cumulative IE update package in HKLM runonce. When the machine reboots, it installs the update and then reboots again. I didn’t want to do it as a baseline because I absolutely have to be sure the cumulative update is installed otherwise our IE auto-configuration script will not work properly. I tried having the cumulative update apply without a reboot with very mixed an unpredictable results, so having the reboot in between seems to work best.

system · March 25, 2010, 11:10pm

(imported comment written by DennisA91)

Mike,

I think there may be a problem with this statement in your IE8 Relevance:

AND (NOT pending restart “f9fc5c21a91696538bee18bbcbcb85a1ed74f7bf”)

My understanding is that the sha1 value acts as a qualifier for the “NOT pending restart”, so that your Relevance construction evaluates to TRUE and allows the action to proceed (assuming all other Relevance is TRUE) unless a restart condition was created by BigFix using that particular sha1 tag. In your case that would seem to be a remote possibility at best.

If you change the statement to

AND (NOT pending restart)

the statement will evaluate to FALSE if ANY PRIOR EVENT (inside of BigFix or outside of BigFix) caused a restart to be flagged (including your KB Fixlet). If you run your KB Fixlet immediately prior to the IE8 Fixlet, (NOT pending restart) will evaluate to FALSE and your IE8 Fixlet will be held up until after a restart.