Install/Deploy Silently

[Drew]

All,

I've been trying to find out the proper switches for deploying this program
to several hundred workstations. My travels so far have shown me the /S /v
and /qn switches. I also know about the ones if you type the installation
program and put a /? at the end. What I can't seem to find is an
explanation of all these switches either in this newsgroup (web based or
news reader) but did notice a comment from someone (a rep from MS?) who said
that this might be a feature that comes out later on and is going to be
charged for.

Is there a switch for installing silently with NO user interaction either
via batch/command file or SMS?
Should I just be turning this into an MSI file myself using the free tools
available?
Is there going to eventually be a charge from MS or someone else for the use
of this software? If so, when? I have budgets to inflate.

So far my evaluation of this software is that it is not much better than the
manual scanners available for free. In fact, it hasn't so far caught all
the spyware that others scanners do. I currently use at least 3 especially
if I suspect spyware/adaware is installed. It would be convenient to rely
on one product for this issue as I do for SPAM and viruses.

Thanks for your time today.

Drew

 

[Bill Sanderson]

This software is not suitable for deployment in such an environment. Among
other attributes, it requires running as administrator, will allow users to
block administrative scripts, and contains an elevation of privilege
security vulnerability.

Here's what's known about command line switches for the app itself:

http://blogs.technet.com/stevedod/archive/2005/04.aspx

There've been some stabs at silent installs in this group, I think some
successful--however, I'm not sure if the HTML interface retains messages
fare enough back to make the search facility effective.

Here are the notes I have in this area:

[Managed environments, scripting, turning off real-time protection]

http://support.microsoft.com/kb/892375 End users may be prompted to allow or
block administrative actions that originate from a central management tool
after they install Windows AntiSpyware (Beta) on a computer that is managed
by Systems Management Server 2003

Scripting issues:

http://www.microsoft.com/technet/scriptcenter/resources/articles/antispy.mspx
(sorry--this one has gone permanently missing)

Unattended uninstall:

The command should be:
MsiExec.exe /X {536F7C74-844B-4683-B0C5-EA39E19A6FE3} -qn

If you want a log file ... (note: no space between the /L
and its parameters (ime))

MsiExec.exe /X {536F7C74-844B-4683-B0C5-
EA39E19A6FE3} /Lime c:\temp\msas.log -qn

(from lori)

Unattended Install:

http://www.overdose.net/docs/msas_silent_remote_install.txt
-----------------
Security vulnerability:

Multiple Vendor Insecure Call to CreateProcess() Vulnerability

iDEFENSE Security Advisory 11.15.05
www.idefense.com/application/poi/display?id=340&type=vulnerabilities

--

 

[Guest]

And make sure that WGA is already installed on the target machine, or the
silent install will fail.

- Eric McWhorter

This software is not suitable for deployment in such an environment. Among
other attributes, it requires running as administrator, will allow users to
block administrative scripts, and contains an elevation of privilege
security vulnerability.

Here's what's known about command line switches for the app itself:

http://blogs.technet.com/stevedod/archive/2005/04.aspx

There've been some stabs at silent installs in this group, I think some
successful--however, I'm not sure if the HTML interface retains messages
fare enough back to make the search facility effective.

Here are the notes I have in this area:

[Managed environments, scripting, turning off real-time protection]

http://support.microsoft.com/kb/892375 End users may be prompted to allow or
block administrative actions that originate from a central management tool
after they install Windows AntiSpyware (Beta) on a computer that is managed
by Systems Management Server 2003

Scripting issues:

http://www.microsoft.com/technet/scriptcenter/resources/articles/antispy.mspx
(sorry--this one has gone permanently missing)

Unattended uninstall:

The command should be:
MsiExec.exe /X {536F7C74-844B-4683-B0C5-EA39E19A6FE3} -qn

If you want a log file ... (note: no space between the /L
and its parameters (ime))

MsiExec.exe /X {536F7C74-844B-4683-B0C5-
EA39E19A6FE3} /Lime c:\temp\msas.log -qn

(from lori)

Unattended Install:

http://www.overdose.net/docs/msas_silent_remote_install.txt
-----------------
Security vulnerability:

Multiple Vendor Insecure Call to CreateProcess() Vulnerability

iDEFENSE Security Advisory 11.15.05
www.idefense.com/application/poi/display?id=340&type=vulnerabilities

--

All,

I've been trying to find out the proper switches for deploying this
program to several hundred workstations. My travels so far have shown me
the /S /v and /qn switches. I also know about the ones if you type the
installation program and put a /? at the end. What I can't seem to find
is an explanation of all these switches either in this newsgroup (web
based or news reader) but did notice a comment from someone (a rep from
MS?) who said that this might be a feature that comes out later on and is
going to be charged for.

Is there a switch for installing silently with NO user interaction either
via batch/command file or SMS?
Should I just be turning this into an MSI file myself using the free tools
available?
Is there going to eventually be a charge from MS or someone else for the
use of this software? If so, when? I have budgets to inflate.

So far my evaluation of this software is that it is not much better than
the manual scanners available for free. In fact, it hasn't so far caught
all the spyware that others scanners do. I currently use at least 3
especially if I suspect spyware/adaware is installed. It would be
convenient to rely on one product for this issue as I do for SPAM and
viruses.

Thanks for your time today.

Drew

 

[Bill Sanderson]

Indeed--I don't think this was true when I wrote that message--WGA changes
periodically, it appears.

I don't know what the plan is for enterprise deployment. I would think in
may such situations, volume licenses would be involved--I'm unclear how this
works with WGA--maybe you can tell me?

--

And make sure that WGA is already installed on the target machine, or the
silent install will fail.

- Eric McWhorter

This software is not suitable for deployment in such an environment.
Among
other attributes, it requires running as administrator, will allow users
to
block administrative scripts, and contains an elevation of privilege
security vulnerability.

Here's what's known about command line switches for the app itself:

http://blogs.technet.com/stevedod/archive/2005/04.aspx

There've been some stabs at silent installs in this group, I think some
successful--however, I'm not sure if the HTML interface retains messages
fare enough back to make the search facility effective.

Here are the notes I have in this area:

[Managed environments, scripting, turning off real-time protection]

http://support.microsoft.com/kb/892375 End users may be prompted to allow
or
block administrative actions that originate from a central management
tool
after they install Windows AntiSpyware (Beta) on a computer that is
managed
by Systems Management Server 2003

Scripting issues:

http://www.microsoft.com/technet/scriptcenter/resources/articles/antispy.mspx
(sorry--this one has gone permanently missing)

Unattended uninstall:

The command should be:
MsiExec.exe /X {536F7C74-844B-4683-B0C5-EA39E19A6FE3} -qn

If you want a log file ... (note: no space between the /L
and its parameters (ime))

MsiExec.exe /X {536F7C74-844B-4683-B0C5-
EA39E19A6FE3} /Lime c:\temp\msas.log -qn

(from lori)

Unattended Install:

http://www.overdose.net/docs/msas_silent_remote_install.txt
-----------------
Security vulnerability:

Multiple Vendor Insecure Call to CreateProcess() Vulnerability

iDEFENSE Security Advisory 11.15.05
www.idefense.com/application/poi/display?id=340&type=vulnerabilities

--

All,

I've been trying to find out the proper switches for deploying this
program to several hundred workstations. My travels so far have shown
me
the /S /v and /qn switches. I also know about the ones if you type the
installation program and put a /? at the end. What I can't seem to
find
is an explanation of all these switches either in this newsgroup (web
based or news reader) but did notice a comment from someone (a rep from
MS?) who said that this might be a feature that comes out later on and
is
going to be charged for.

Is there a switch for installing silently with NO user interaction
either
via batch/command file or SMS?
Should I just be turning this into an MSI file myself using the free
tools
available?
Is there going to eventually be a charge from MS or someone else for
the
use of this software? If so, when? I have budgets to inflate.

So far my evaluation of this software is that it is not much better
than
the manual scanners available for free. In fact, it hasn't so far
caught
all the spyware that others scanners do. I currently use at least 3
especially if I suspect spyware/adaware is installed. It would be
convenient to rely on one product for this issue as I do for SPAM and
viruses.

Thanks for your time today.

Drew