Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Managed Software Delivery - Dependency Tasks (and other)

Created: 31 Jan 2013 | 2 comments

Hi,

I'm having a couple of problems creating a Managed Software Delivery policy, related to aditional tasks besides the software installation itself. The story goes like this:

I've been asked to install Java 7 in my organization.  

Because we have a lot of different Java versions on our computers (pre Altiris era...) I wrote a vbs script  to uninstall any java that is present on the a machine and the corresponding "run script" task (JRE-Uninstall) . Then I created the package delivery task to install Java.

When I ran the tasks using a job on a single computer, it worked like a charm.

Then, when I scaled up and tried the job a bunch of computers at once, I realized that there was a significant number of computers that were'nt picking up the task (for several different reasons). After searching for a bit I was convinced that a Managed Software Delivery policy was the way to go.

I properly configured the software resource (including detection rules), created a policy just with the install, and sure enough, when I test it it works fine (i.e. when java is detected it marks the computer as compliant and when not it runs the installer, good times).

The problem arose (and sorry for the long introduction) when I try to add the JRE-Uninstall task to the policy. I tried adding it as a task before the java software and tried adding it as a Dependency Task. in either case the task is run wether or not the compliance rule checks out.

What am I missing ??

TLDR: Detection rule works fine, software installation works fine (only runs when necessary), but aditional tasks (uninstall script in this case) always runs, even if machine already compliant

Thanks

-Miguel

Comments 2 CommentsJump to latest comment

mclemson's picture

This happens a lot.  I thought I read recently of an upcoming fix or improvement to the logic here, but I can't find the link right now.  The workaround to use in the meanwhile is to add the uninstall script to a software resource called 'Java 7 Uninstall' which runs the .vbs or .bat script, but which also includes a detection rule checking for Java 6 or Java 7 or whatever you're looking for.  Put both software resources in the same policy.  If your command line is Uninstall for the uninstall script, it will run if the detection rule evaluates True.  If your command line is Install for the install resource, it will run if the detection rule evaluates False.

Does this help?  I'll keep looking for that upcoming improvement I thought was in the works.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

andykn101's picture

The strictly Altiris way of doign this would be to package your desired version of Java as a Software Release.

Then find each old version in the console that has been discovered in your environment - one place to do this is Manage > All Resources > Software Component. Then, for each one, right-click and "Assign type" to a Software Release and add the uninstall command for that version msiexec /x {guid} /qn and a detection rule based on {guid}.

Then edit the Software Release of your desired version to add all the old ones you've added the uninstall command to as Superseded under the Dependencies.

When you create the Policy to install your desired version select the "Automatically upgrade software that has been superseded by this software".

One drawback with this approach is that if you install JRE6u1 then 6u10 over the top it ends up being listed as a different Software Component to a fresh install of 6u10. But if you make sure all the different Java GUIDs in your organisation have their own Software Release and silent uninstall command you'll be OK.

Another tip is to run the Policy on a recurring schedule and exclude comouters with your desired version of Java from the Target of the policy. So if a user is logged in and is using IE so blocking the Java install it will run again the next day or whenever. Or just only run when no user is logged on.

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.