Automate your Application Updates!

So what are these evergreen scripts? And why use them?

If you support an enterprise environment where there are hundreds or thousands of client PCs (or even servers/VMs) it would be really hard if not impossible to keep all the different applications up to date manually. That is logging on every PC and updating each application.

Of course there are tools like PDQ (which I set up and use at work) and Choclatey but what about the image you deploy to the workstations? How do you keep the applications up to date for that? Well these little PowerShell scripts are just perfect for that. Especially if you use MDT (Microsoft Deployment Tool) and WDS (Windows Deployment Server) to automate installation and configuration of Windows and applications on the client PCs.

I recently up an MDT/WDS server at work to automate our standard and developer image deployments. What I also wanted to achieve was to never run through install and capture process. Basically not to install Windows and all the applications on a test VM or workstation and then capture it for future deployments. Simply because that approach is (in my opinion) flawed and creates more work as new versions of Windows and applications become available.

So here’s what I did:

  • Customize an offline copy of the Windows image (add optional features, create folders, etc)
  • Add all the required programs to Application deployment part of MDT (7-Zip, Adobe, Notepad++, etc)
  • Create Application packs and tasks for developer and standard deployment
  • Create PowerShell scripts to run during deployment for various tasks like database restore and user mapping, installation of SQL server and Visual Studio (which I tried via MDT application deployment and could not get it to work), creation of a new local (admin) user with a password and disabling default administrator account, etc.
  • Configure MDT to apply updates (from WSUS) after OS and then application installations (to catch SQL and Office updates for example)

I also renamed all the installation packages to remove any version number (i.e. 7zip1806.exe to 7zip) so that when there is an update, I can simply automate the download and copy of the new installation package and won’t have to lift a finger!

With this configuration, I only have to extract, customize and save a new install.wim file (one for standard and one for developer image) every 18 months (Windows lifecycle) and will not need to do anything for the application part of deployment as evergreen scripts keep those up to date.

So how do you create or write the scripts? Well you don’t have to, thanks to Trond, they are available on XENAPPBLOG and Github repo free of charge.

Trond’s scripts actually take care of installation as well, however I have configured MDT to do that for me so I only need the latest installation package in the right place and to keep track of the current version so I don’t download the same file every night when the scripts are run via Scheduled Task.

There were a few apps that he did not have evergreen scripts for (or I could not find them), such as Visual Studio Code, 7-Zip, Git and NodeJS. But since he had done the hard part I only had to make a few minor changes to create the new scripts.

The modified scripts will:

  • Look for and find the latest installation package
  • Compare the latest and local version
  • Download only if the local package version is older

To achieve that it will create and update two log files:

  • VersionControl to track the last version downloaded, and
  • AppLog to provide a human readable log of what packages were downloaded or skipped

You can view and download the modified PowerShell scripts from my Github repo HERE. Feel free to copy, modify, improve and share. Make sure to change the $Directory variable to point to your MDT application deployment folder.