IT Management Suite

Tutorial for applying App-V 5.x packages with ITMS 

12-28-2017 06:04 AM

Backstory:

I work at the IT department of a Norwegian Health Region, we are currently migrating around 13000 clients from Windows 7 x64 to Windows 10 x64 CB for Business using an automated ITMS workflow. On Windows 7 we have deployed around 400 virtual packages made with Symantec Workspace Virtualization, some are deployed with Symantec Streaming.

But since SEV is EOL we are repackaging everything we can into APP-V 5.x format.

I could not find any information on others doing the same stuff so I had to create my own tool doing all of the scripting as an automated process to make App-V work with ITMS.

I want to share the fundamentals of my findings in this article giving back some of my knowledge to the community showing that "Altiris" is the best tool even for App-V deployment, it's based on my original tread :

  • What is the best method creating detection rules for APP-V on clients running ITMS?                                                   

I only know two different ways of creating detection rules with App-V scripting. You could use the external deploymentConfig.xml or the internal AppxManifest.xml. I recommend using the internal AppxManifest.xml file for most cases because then you only need to upload and deploy the App-V file, and it can contain both user and machinecode scripts.

  • When do I use the App-V external configuration files? 

I normally only use the external deploymentConfig.xml file for the "Office 2013" App-V package created with the "Office 2013 deployment tool", see the part further down the article for more in depth information about it! It's also the easiest way to change most internal package settings without having to repackage it all over again. Just remember that you should at least change the detection rule so the "new" package revision will be unique and installed again. Remember, you can't use both internal and external config files at the same time, if you use the external file the internal will be ignored.

  • ​ How to create detection rules and make them go directly into the App-V package:

Using the free command line application tweakappv from Advanced installer I have finally found a working command line interface for modifying files inside our created App-V packages without using manual editing in the annoying Sequencer. This is one of only a handful of 3rd party programs that lets you directly modify APP-V files without triggering the internal App-V CRC check.

This way we can automate the creation of detection rules into App-V packages using only scripts.  (I recommend using google and search for all information about this amazing free tool. It can do a lot of cool stuff with App-V files.)

  • The preferred method of doing this:

We need to get the internal AppxManifest.xml out of the App-V package (Best way is to create a script that treat reading from App-V like a zip file, it can be done with free 7zip command line version).

When you have the manifest xml file on your computer create a script/program that read from the AppxManifest.xml file.

Find "Identity Name",'Version="', 'appv:PackageId="' and 'appv:VersionId="'.

Using string split or an xml parser to get the values and store as variables.

Then write four cmd files and insert detection rules like this: 

 'reg add "hklm\software\wow6432node\companyname\Appv\' & $PackageName & '" /v AddPackage /t reg_sz /d ' & $Version & "/" & $PackageID & "/" & $VersionID & " /f") into our cmd files.

We just call them AddPackage.cmd, PublishPackage.cmd, UnpublishPackage.cmd and RemovePackage.cmd.

Settings is like this:

Package Scripts:

 On adding package:

 In machine context: YES

 - Script:%windir%\system32\cmd.exe

 - Parameters: /c AddPackage.cmd

 - Wait for App-V Client to Complete: YES

 - Do not use encoded executable paths: YES

 - Script timeout: 999 seconds

 On package publish:

 In machine context: YES

 - Script:%windir%\system32\cmd.exe

 - Parameters: /c PublishPackage.cmd

 - Wait for App-V Client to Complete: YES

 - Do not use encoded executable paths: YES

 - Script timeout: 999 seconds

 On Package unpublish:

 In machine context: YES

 - Script:%windir%\system32\cmd.exe

 - Parameters: /c UnpublishPackage.cmd

 - Wait for App-V Client to Complete: YES

 - Do not use encoded executable paths: YES

 - Script timeout: 999 seconds

 On removing package:

 In machine context: YES

 - Script:%windir%\system32\cmd.exe

 - Parameters: /c RemovePackage.cmd

 - Wait for App-V Client to Complete: YES

 - Do not use encoded executable paths: YES

 - Script timeout: 999 seconds

And voila.

Your “new” version of the package will have the needed detection rules. The rest of the code needed is not available for sharing, but it should be easy enough if you can script/program. 

  • Syntax for sending in detection rules scripts with Tweakappv:

 Create the txt file addscripts.txt and insert the text from the box into that file: TweakAppV.exe /batchfileupdate "filename.AppV" AddScripts.txt'

;twc
add-Scriptfile AddPackage.cmd
add-Scriptfile RemovePackage.cmd
add-Scriptfile PublishPackage.cmd
add-Scriptfile UnPublishPackage.cmd

New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:AddPackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage" -elementname "appv:Arguments" -elementtext "/c AddPackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage/appv:Wait" -attributename "Timeout" -attributevalue "999"


New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:RemovePackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage" -elementname "appv:Arguments" -elementtext "/c RemovePackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage/appv:Wait" -attributename "Timeout" -attributevalue "999"

New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:PublishPackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage" -elementname "appv:Arguments" -elementtext "/c PublishPackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage/appv:Wait" -attributename "Timeout" -attributevalue "999"

New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:UnpublishPackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage" -elementname "appv:Arguments" -elementtext "/c UnpublishPackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage/appv:Wait" -attributename "Timeout" -attributevalue "999"

 

  • How to create detection rules for Office 2013/2016 made with Office Deployment Tool:

If you want to create the enterprise licensed Office 2013 App-V package this has to be created with the "Office 2013 Deployment Tool" , the output package is made around the App-V 5.0 RTM SP1 version. 

And if you want to create the Office 2016 App-V package (It only works with O365 licenses do to some Ms bulls*it) this has to be created with the "Office 2016 Deployment Tool" , the output package is made around the App-V 5.0 SP2 HF4 version. Ms has done some undocumented and very creative stuff in here so both packages can't and should not be edited as normal App-V packages, I even tried to convert both to a newer App-V version using AVE, but it only fails. 

So the only way i know we can get both packages licensed is using the internal license module "integrator.exe", and keeping scripts intact when deployed.

And we also want detection rules so we have to publish detection rules with the external file deploymentConfig.xml.

The good news is that we can still insert scripts for detection rules with Tweakappv. Also keep in mind that you can only deploy one App-V Office package at the same time on a computer, so you better get one big with everything inside (Visio, Project) and then use program blocking, or repackage every version and deploy as seperate pacakges using several filters in ITMS (it's a pain i know). 

Syntax is as following:

<MachineScripts>
      <PublishPackage>
        <Path>Scriptrunner.exe</Path>
        <Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\PublishPackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>        
      </PublishPackage>
      <UnpublishPackage>
        <Path>Scriptrunner.exe</Path>
        <Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\UnpublishPackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>        
      </UnpublishPackage>      
      <AddPackage>
        <Path>Scriptrunner.exe</Path>
        <Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\AddPackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>       
      </AddPackage>
      <RemovePackage>
        <Path>Scriptrunner.exe</Path>
        <Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\RemovePackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>        
      </RemovePackage>
    </MachineScripts>

 

  • Run Virtual                                                                                                                                                                              

    If you want to master APP-V you have to understand the consept of Run Virtual.

Short version: 

Run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you: Want to install and run an application locally on client computers, but want to virtualize and run specific plug-ins that work with that local application. Are troubleshooting an App-V client package and want to open a local application within the App-V virtual environment. My method it's based on ideas from: http://virtualvibes.co.uk/using-powershell-to-self-deliver-runvirtual/ 

But instead of just delivering runvirtual files with scripts in the package, our method involved a powershellscript running on the client and managed from Altiris or other cms systeml

This script reads from an ini file.

  1. Will put down the detection rule in registry the first time script runs
    1. Altiris:
      ----------------------------------------------------------------------
      Install
      powershell.exe -executionPolicy bypass -file .\RunVirtual_MK.ps1 -Inifile RunVirtual_MK.ini
       
      Altiris detection rule:
      HKEY_LOCAL_MACHINE\Software\Company\RunVirtual_MK"
      Versjon=29.11.2017-01
  2. The next thing it does is checking ini version. Is there a newer version of the ini file it will be used.
  3. The [Forbidden] files will be added as an variable so it will remove thoose entrys from the runvirtual keys. If the same exe file exist it for some reason in the ini file it will also be removed. 
  4. Read the runvirtual keys from  and add thoose keys to run virtual in registry

Example of our ini file:

[ini]
iniVersion=29.11.2017-01


[Forbidden]
001=C:\Program Files (x86)\test\test1.exe

[Rv_oracle]
001=C:\Program Files (x86)\test\test.exe

Our next version of this script will be perfected and running as a Windows task schedule, a schedule can run as a normal AD user, making it possible to copy our ini file from a dfs share. If the dfs is not available it will use the local copy.

Powershell ini reading is based on this code:

Function Get-IniContent {  
    <#  
    .Synopsis  
        Gets the content of an INI file  
          
    .Description  
        Gets the content of an INI file and returns it as a hashtable  
          
    .Notes  
        Author        : Oliver Lipkau <oliver@lipkau.net>  
        Blog        : http://oliver.lipkau.net/blog/  
        Source        : https://github.com/lipkau/PsIni 
                      http://gallery.technet.microsoft.com/scriptcenter/... 
        Version        : 1.0 - 2010/03/12 - Initial release  
                      1.1 - 2014/12/11 - Typo (Thx SLDR) 
                                         Typo (Thx Dave Stiff) 
          
        #Requires -Version 2.0  
          
    .Inputs  
        System.String  
          
    .Outputs  
        System.Collections.Hashtable  
          
    .Parameter FilePath  
        Specifies the path to the input file.  
          
    .Example  
        $FileContent = Get-IniContent "C:\myinifile.ini"  
        -----------  
        Description  
        Saves the content of the c:\myinifile.ini in a hashtable called $FileContent  
      
    .Example  
        $inifilepath | $FileContent = Get-IniContent  
        -----------  
        Description  
        Gets the content of the ini file passed through the pipe into a hashtable called $FileContent  
      
    .Example  
        C:\PS>$FileContent = Get-IniContent "c:\settings.ini"  
        C:\PS>$FileContent["Section"]["Key"]  
        -----------  
        Description  
        Returns the key "Key" of the section "Section" from the C:\settings.ini file  
          
    .Link  
        Out-IniFile 

 

                                                                                                                                                       

  • Connection Groups (CG):                                                                                                                                                                                                                                                                                                                            

CG is basically an xml file. Use the free sw AppV_DefConGroups from tmurgent to create CG files.

Create one dummy App-V package with nothing else but a detection rule and call it something like "CG_packagename_Master". This package can't be optional since it's basically a primary key for the CG, and we have to enable the this package first or the CG won't work.

This dummy package has the any version flag checked, so it can be upgraded if needed without making the CG all over again.

Then we just put all the packages we want to load into the CG in the same directory structure and we just add them in the program, set any version and optional flags on so we can remove and add newer versions when we want and the loading sequence with the move up and down buttons.

Then remember to save the CG with an unique Priority.

I recommend using at least 10 numbers higher priority in case there needs to be safe that no other CG won't interfere with it later.

The reason we need to use unique numbers is because if a package is loaded into two connection groups, the App-V client needs to know witch VE(virtual environment) to load first, or else it will fail catastrophic. See this blog post about it: ​http://virtualvibes.co.uk/connection-group-conflic...

The next thing we need now is a detection rule in Altiris.

Found out the easiest way to create a detectionrule is to check for files.

The default location of a loaded CG is under:

C:\ProgramData\Microsoft\AppV\Client\Catalog\PackageGroups\{GroupId}\{VersionId}\

When you load a CG it will create two files called:

PackageGroupDescriptor.xml

PackageGroupDescriptorTemplate.xml

When you enable the CG it will create the file:

UserPackageGroupDescriptor.xml

So this makes it possible to see if it is imported and not enabled, or removed completely if no files exist here.

There is no good way around using CG if you need two App-V packages to work together dynamically.

You could repackage them all together in the same big package.

But the drawbacks are: Package size will be much bigger, will affect load speed, deployment speed and maybe performance when using programs inside the package. And if you want to just upgrade one program the complete package has to be upgraded.

Also remember that if you use App-V Office you have to set the exact same isolation flags on all the other packages in that CG....making it even more of a pain to manage...

  • Other usefull programs                                                                                                                                                                                                                                         

Other software you should use for editing and working with App-V:

If you need to have several scripts pr event then you should have a look at scriptlauncer or scriptrunner (free with App-V, but not completly silent when running) Or you could create your own script parser like us, but that will require a lot of error handling.

A VERY usefull full editor is AVE. It will cost you some cash, but it's one of the best App-V editors out there capable of editing all versions of App-V.

This is allmost essential when you want to only change a file or two or do some easy changes without reverting a virtual machine with a sequencer, it can also display a grafical overview of the numbers of shortcuts, com objects, active x plugins and all other kind of files in the package.

Another editor capable of editing and build App-V packages is Advanced installer, the same company who created the free command line tool we use for detection rules.

Also check out http://www.tmurgent.com/TmBlog/ for the best in depth information and free App-V tools.

                            

  • Command line syntax

When you deploy App-V packages trough ITMS using powershell scripting, you are actually running it through cmd.exe and not the direct powershell shell.

The syntax is a little bit different because of that. I will share the commands you will need to do your App-V bidding.

Install commandline (COMPLETE,ADD&PUBLISH&MOUNT):
powershell.exe "Add-AppvClientPackage -Path 'package.appv' | Publish-AppvClientPackage –Global | Mount-AppvClientPackage"
 
AddPackage commandline (ADD&MOUNT):
powershell.exe "Add-AppvClientPackage -Path 'package.appv' | Mount-AppvClientPackage"
 
PublishPackage commandline (PUBLISH&MOUNT):
powershell.exe "Publish-AppvClientPackage -Name 'package' –Global | Mount-AppvClientPackage"
 
Uninstall commandline (COMPLETE,UNPUBLISH&REMOVE):
powershell.exe "Unpublish-AppvClientPackage -Name 'package' -Global | Remove-AppVClientPackage"
 
UnpublishPackage commandline (UNPUBLISH):
powershell.exe "Unpublish-AppvClientPackage -Name 'package' -Global"
 

 

 
Use google and you will find a lot of great App-V blogposts, but be aware that a lot is outdated so check the date of postings. 

Disclamer: You are on your own from now, there is no official support for this stuff in ITMS, and I will not take any responsibility for any problems you may have now or down the road, best of luck! 

 

 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

01-16-2020 04:38 AM

New free tool out on my github for viewing and editing all isolationsettings for use in the same Connectiongroup.
You can find links and more info at my blog.

Related Entries and Links

No Related Resource entered.