Creating an SCCM Application

Not all OU Admins can create Applications

By default, we do not include application creation in the default permissions set. Why?

This is a shared environment and there are things an application creator can do to negatively impact the entire university.

Once added to the Wolftech-SCCM-Console-Packaging-Creators group, you will:

  • Clean up after yourself. If an app is no longer being used, clean up the application in SCCM and the folders on the \\wolftech.ad.ncsu.edu\files\sccm share
  • Don’t put 20 copies of the same app on the share. If you need different answer files, put them all in the folder and use command line flags to specify which to use.
  • You have permissions to create Package Model applications (though they are not covered here) — if you find you need to use them, DO NOT set the “Update distribution points on a schedule” checkbox.

Preparation

  1. Get some software request
  2. Create a Silent Installer and Uninstaller
  3. Determine name of new software package following naming conventions:
    <NCSU|COE|COEDEAN>-<SW/FW>-<Vendor>-<Title>-<Version>
    Example: COE-SW-Gurobi-Gurobi Optimizer-6.5.2
  4. Run the application creation script from github.ncsu.edu (including any pertinent licensing info) to create the initial:
    1. AD Groups
    2. SCCM Collections
    3. SCCM Application
    4. Default Deployment Type
    5. Mandatory and Self Service Deployments
  5. Add application content to the following SCCM network share location:
    \\wolftech.ad.ncsu.edu\files\sccm

    1. Adhere to this folder-naming format: <Vendor>-<Title>-<Version>
    2. If the application will have multiple, chained deployment types, put the source installers in multiple subfolders so they can be accessed and cached independently of one another.
    3. If the uninstaller requires different content, put it in a separate folder
  6. Grab an icon – use \\wolftech.ad.ncsu.edu\files\sccm\Icon Store\BeCyIconGrabber.exe to get an icon from the installer or the installed .exe. This will be used in the SCCM application in Software Center.

Edit the SCCM Application Deployment Type

  1. Open the SCCM console. (Configuration Manager Console within SCCM).
  2. Select Software Library from the lower left pane.
  3. Click the expansion arrow to the left of the Application Management folder located in the upper left pane; this expands the view so that subfolders appear.
  4. Click on the Applications subfolder located directly beneath Application Management.
  5. Select the search text field located on the middle right pane, type the name of the new software package, and click the Search button located right of the text field.
  6. Click the Deployment Types tab at the bottom of the right pane.
  7. Right-click on the Default deployment type created by the script and choose Properties
  8. Update the Content tab to include:
    1. Installation Source location: \\wolftech.ad.ncsu.edu\files\sccm\<Vendor>-<Title>-<Version>\<install folder>
    2. Choose whether the Uninstall content settings are:
      1. Same as install content – If the uninstall uses the original installer
      2. No install content – In case you are just running msiexec.exe /X <Product Code> /qn /norestart
      3. Different from install content – If you need an uninstall.iss or xml file for force uninstall
  9. Update the Programs tab to include:
    1. Installation program – Should be the install script you made from Create a Silent Installer and Uninstaller
    2. Uninstall program – Should be the uninstall script you made from Create a Silent Installer and Uninstaller
    3. If it is a single MSI, put the Product Code in the the Product Code box
  10. Update the Detection Method tab:
    1. It is best practice to make sure there are at least 2 detection rules that verify that:
      1. the software is installed on the box
      2. the version of the application is grater than or equal to the version you are packaging (to include if patches get applied)
    2. The detection rules can be complex if an application includes chained installers
    3. These rules are how SCCM determines if the application is on the box and whether or not to try and install it (or uninstall it if superceded).
  11. Verify that the User Experience tab has:
    1. Installation behavior: Install for system
    2. Logon Requirements: Whether or not the user is logged on
    3. Installation program visibility: Hidden
  12. If the application has separate x86 and x64 installers (or will only work on one and not the other), add a Requirement at the Requirements tab for the type of OS.
  13. If the application has dependencies that exist within SCCM that you identified in Create a Silent Installer and Uninstaller then you would specify those in the Dependencies tab.  If there are dependencies that do not exist in SCCM, but are required, you will create those additional deployment types within this application and specify the dependency here.
  14. Hit OK
  15. Right-click on the Application created by the script and choose Distribute Content
    1. In the Wizard, you will need to add the NCSU Distribution Points distribution point group.
  16. If you later modify the content, you will need to Right-click on the Default deployment type created by the script and choose Update Content.

Edit the Application

  1. Right Click on the application in the upper pane and choose Properties.
  2. Ensure that the Application Catalog tab has the most information possible.  This is where you add the icon you grabbed in the Preparation step earlier.
  3. Use the Supercedence tab if your notes from application testing indicate the application must supercede another application
    1. Right-click the application from the right pane and select Properties.
    2. The Properties window opens, with the General Information tab open.
    3. Select the Supercedence tab and click Add.
    4. The Specify Supercedence Relationship window opens.
    5. Click Browse to search for the application it supercedes.
    6. Select that application and click OK to close the Choose Application window.
    7. The application you selected now appears in the Specify Supercedence Relationship window.
    8. Make sure that application is selected (in the Old Deployment Type column).
    9. New Deployment Type: Click the pulldown arrow to change it from Do Not Replace to the name of the SCCM Application deployment type you created.
    10. Uninstall: Check the Uninstall box.
      CAUTION: Some applications will install the new version and uninstall the old version automatically. Conversely, some applications will keep both versions and run them together. That said, your notes from application testing are critically important here.
    11. Click OK to save your work and close the Specify Supercedence Relationship window.
  4. Click OK again to close the Properties window.

Determine if you Need a GPO

Depending on the notes you created while Creating a Silent Installer, you may or may not need to create a Group Policy Object (GPO) in certain circumstances.

  1. Create the GPO following appropriate naming conventions
  2. Remove Authenticated Users from the Security Filtering and add the two AD groups created by the script you created
  3. If needed, add a WMI filter to specify a version of an OS or bit level.
  4. Set “All user settings disabled” for the GPO.
  5. Delegate permissions to the appropriate OU Admins group (or wait for the script to set the permissions)
  6. Edit the GPO to add the settings required for this specific application, such as:
    1. Specifying licensing information in the Windows registry via Group Policy Preferences
    2. Adding or removing icons from the Desktop or Start Menu
    3. Changing filesystem, registry, or service permissions so the application will run as a non-Admin account
    4. Running a login script to configure the application per-person

Testing and Promotion

  1. You should ensure you are fully testing the application:
    1. install on all of the platforms and machine types that you support
    2. install on the newest version of the client OS, even if you haven’t moved to it yet
    3. install on a test machine with an older version of the application on it to test supercedence
    4. create a collection, put you test box in it, and deploy an uninstall of the application to test you uninstall procedure — your next version of the app will need a working uninstall for supercedence
  2. Once you are certain you application is perfect, move the AD groups into the <OU>\Software Packages\<OU> Software OU.
  3. Next, determine you are packaging it just within your department or if you want to share your creation with the rest of NCSU.  If so, send a call to activedirectory_packaging@help.ncsu.edu and the application will be evaluated for promotion.
    1. The actual promotion will be done using this script from github.ncsu.edu
    2. After it is promoted you will no longer have permissions to make changes

Additional Notes:

  • This procedure sets the Self Service deployment for the application to NOT auto upgrade if a previous version of the application is installed.  This allows end users who have already opted for an older version of the application to control when the new version is installed.  This may not be appropriate for applications that have security implications and really should be auto upgraded.  In that case, the deployment will need to be deleted and re-created AFTER supercedence is setup.