New MS Office Deployment Methods (BETA)

(imported topic written by BenKus)

Hi everybody,

As we all know, deploying patches for Microsoft Office is quite a pain due to the fact that the patches often require the original source files to work properly. Microsoft has moved to “fullfile” patches that are supposed to contain most of the files necessary for the patch, but even those will still sometimes require the original Office source, which is quite a pain for companies looking to do complete patch roll-outs.

BigFix has historically dealt with Office patches with the following options:

  • “Local Office source” – This option requires either the Office CD is in the CD tray or the Office source files have been copied locally.

  • “Network Office source” – This option sets a network location the patch can use to get the Office source files… This method is popular and works well in many cases, but it won’t work for remotely connected computers, it is a pain to manage, and it requires null session shares.

  • “Administrative install” – This option is for the (somewhat rare according to our experiences) company that deploys using the Office “administrative install” option.

Although these options will work pretty well, we want to make it easier on our customers… As a way to do this, we have created a new “Microsoft Office Source Configuration Wizard”. The idea of this new approach is to allow the following nice features:

  • ** Ability to easily deploy Office source files to computers locally (thus eliminating most future problems with Office patches).
  • Ability to detect which Office source files are needed for which computers (sometimes computers need multiple Office source files because they have different versions of Office components installed).
  • Easier ability to manage Office control methods (by using a simple Wizard interface and by showing which computers are using which methods).

We are trying out this functionality in a limited-release BETA (which is in the form of a Fixlet site)… If you are interested in trying out the new functionality, please email

betafeedback@bigfix.com

.

Ben

(imported comment written by jeremylam)

The “Microsoft Office Source Configuration Wizard” tool is now publicly available in the Patches for Windows (English) /

Enterprise Security site. This should hopefully make patching those older Office deployments less difficult.

For more information on each of the individual components of this tool (wizard, dashboard, analysis, and tasks) see the KB Article:

What are the new changes to Office patch deployment?

.

(imported comment written by dgibson91)

I really like the new dashboard and wizards. I was really hoping the new “Microsoft Office Source Configuration Wizard” was going to replace the action parameter prompt when deploying office patches, but it appears that it doesn’t actually do that. Correct me if I’m wrong, but if i set the source location with this wizard, then go and deploy a patch it will still prompt me to enter the network location of the shared Office CD. The action will then overwrite the source location that was previously set with the wizard.

What i was hoping for is : Set the office source location once on the pc, then deploy the fixlets and not have to specify a source location. This will simplify things for me since we have multiple domains with different source locations. It would be nice to set the source location once, then deploy office fixlets without worrying where the source location should be.

Daryl

(imported comment written by rwest23)

Hi Daryl,

Thanks for the feedback. We are working on a solution to this issue, which will most likely involve adding a second prompt-less action to all network installation Fixlets. We will keep you updated on our progress.

Thanks,

Randy

(imported comment written by BenKus)

Hey Randy,

What if you just left the prompt for network location blank? Would that achieve the appropriate results?

Ben

(imported comment written by rwest23)

Ben Kus

What if you just left the prompt for network location blank? Would that achieve the appropriate results?

No, that would just leave you with a blank source field, which would break the process. There’s no way to do it in the confines of the content as is, but I can provide a simple temporary workaround, if that’s what you’re getting at:

  1. Select a network install Fixlet in the console

  2. Right-click and select “Create Custom Copy…”

  3. In the “Edit Fixlet Message” dialog, select the “Actions” tab

  4. In the “Action Script” section, delete everything before the line that starts “download http://download.microsoft.com…”

  5. Propagate the custom Fixlet by pressing OK. It might be useful to give it a descriptive custom name as well.

Such an action will of course fail on computers that don’t already have the installation source properly set.

Hope that helps until we can roll out an official solution to all of our Office content.

(imported comment written by dgibson91)

Thanks for the update. A second action would be great. I would rather not create custom copies, it would be hard to keep up with what fixlets get updated and superseded.

(imported comment written by rwest23)

We have updated all of our Office content in all languages to include a second action reading “Click here to initiate the deployment process using the installation source set with the Microsoft Office Source Configuration Wizard. Note that unconfigured endpoints will report back as failed.” As noted, please make sure to configure everything using the wizard before running any of these actions. Any feedback would be appreciated!

Randy

(imported comment written by dgibson91)

I think i may have found a potential bug in the Microsoft Office Source Configuration Wizard.

We keep our Office installations on a “hidden” network share named deploy$. The relevance in the task created by the wizard uses regular expressions to compare the share with the registry. The $ is a special character in regular expressions. The relevance is using escapes of () which changes the backslashes to double backslashes, but it doesn’t convert the $ to a $. I had to remove the escapes of() portion and manually change it to “\\server\deploy$\Office2003\$”.

This may be a unique case since I am not sure many people will use $ in the office path location. Maybe there is an escapes of() that converts regular expression special characters? That would certainly fix the problem.

I haven’t actually tested the new fixlets, but I updated our baselines with the new action and it no longer prompts for a cd location. Thanks, this should make our office patching much easier.

Daryl

(imported comment written by rwest23)

Hi Daryl,

You’re right about that being a bug, so thank you for pointing it out. We don’t have an inspector that escapes regex special characters directly, but something like the following works just as well:

concatenation of (

if exists match (regex 
"[$*.^+?%7b%7d|()[]|\]") of it then 
"\" & it else it) of characters of escapes of <string>

We’ll look into implementing that shortly and get back to you once it’s tested and published.

Thanks,

Randy

(imported comment written by rwest23)

The previously outlined fix was published earlier this week. Please let us know if you encounter any more issues.

Thanks,

Randy

(imported comment written by dgibson91)

I recreated the tasks with the new wizard and it is working great. That combined with the new fixlet actions solves the problems we were having. Thanks,

Daryl

(imported comment written by ErinC91)

We deploy the Office installation files to the local machine first, then use a separate task to kick off the install when we’ve verified the source files are all deployed. The increased diskspace usage is hardly an issue these days.

This way when we patch Office, the source files are

always

available. Works a treat.