Windows Silent Deployment

Introduction

Pushing out an application to hundreds or thousands of users is a task faced by many IT professionals, there is no shortage of tools attempting to simplify this. All of them have some similarities, in that they assume an installer of some kind. For Microsoft’s line of Windows operating systems, these solutions often assume an MSI package installer, and they have some mechanism for copying the installer to supported machines and running it, either by itself or as part of a script.

The Backblaze MSI installer, when run on a user account, can determine the user’s email address from the domain’s Active Directory. The MSI installation process can then provide the authorization to install the backup client with the elevated privileges required for a backup program.

This document will go over both using the MSI package as is and the PowerShell script built around it to add some extra functionality. Either can be used as you see fit.

 

Let's go over the two main types of deployments we see.

Decentralized Deployment "User-Managed Account"

Do not provide an email at runtime. Since emails will be different per endpoint the installer will pull from Active Directory.

  • This requires an Active Directory environment to be set up. 
  • If you don't have an Active Directory setup you will need to fill in a relevant email for each deployment. Custom scripting can be involved with the PowerShell script below to actively pass these values in at runtime. 

Decentralized deployments involve an account for each endpoint that is then part of your business group which manages payment and admin activity (if enabled). In this scenario, the end-user will have access to their own data through the Backblaze portal.

 

Centralized Deployment "IT Managed Account" 

Hardcode the primary email as it will stay static.

  • This will skip the process of querying Active Directory. 

Centralized deployments where every endpoint will be logged into a primary Backblaze account that is managed by IT. In this scenario the end-user will not have access to their data on Backblaze, they will need to contact whoever manages that centralized account. These deployments are quite simple as the email passed to the installer doesn't change per endpoint.

 

Prerequisites

  • Windows 7 and above
  • Active Backblaze Group
  • < groupID > and <groupToken> are required across all types of deployments. These can be retrieved from your Backblaze portal through the following steps 
    1. Log into your portal and navigate to “Group Management”, navigate to the group we are deploying for. Select “Send Invites” Screen_Shot_2021-04-07_at_12.53.24_PM.png
    2. Select “Advanced Instructions” on the following screen. The two parameters you see at the end of the command are your groupID and groupToken values respectively. You will need these two values for the rest of this documentation.
      Screen_Shot_2021-04-07_at_12.53.46_PM.png

 

MSI Package

Our current most up to date version of our MSI installer can be found here 

https://secure.backblaze.com/win32/install_backblazemsi.msi

 

The MSI package is controlled through the following parameters passed through the command line. You will need the groupID and groupToken gathered earlier in this document. 

 

Install Mode: /i

msiexec.exe /i install_backblazemsi.msi BZEMAIL=alias@domain.com BZGROUPID=***** BZGROUPTOKEN=***************
  • (Optional)  BZEMAIL=email
  • (Required) BZGROUPID=groupID
  • (Required) BZGROUPTOKEN=groupToken

 

Uninstall Mode: /uninstall or /x

msiexec.exe /uninstall install_backblazemsi.msi

 

Powershell Deployment

While the MSI package can be convenient in applications where the use is static across all installations. The PowerShell script allows us to adapt to large deployments where special considerations are needed to be made for endpoints. Most deployment tools allow pushes of Powershell scripts to be run on endpoints. The script will download the latest installer to a temp directory (or a directory of your choice) from which it will run an installation, update, or uninstallation. 

 

By taking advantage of the following PowerShell script around it you are able to do any of the following operations

  • Create an account and install using hardcoded email values
  • Sign-in account and install using hardcoded email values
  • Create an account and install using email values pulled from Active Directory
  • Sign-in account and install using email values pulled from Active Directory
  • Update current installation
  • Uninstall current installation

 

Gist of our latest PowerShell script

Before running the script you will need to hardcode in a few values depending on the type of deployment you are looking to do. 

param( 
    [string] $groupID = "groupID", REQUIRED
    [string] $groupToken = "groupToken", REQUIRED
    [string] $userEmail = "email", OPTIONAL
    [string] $workingDirectory, OPTIONAL
    [string] $uninstall = "false"
)

<$groupID > and <$groupToken> are required parameters for the script to run properly. Again these values can be grabbed from your group invitation section of your Backblaze portal. 

 

<$userEmail > is an optional parameter. If left blank the script will trigger the MSI installer to pull from Active Directory. If you don't have an Active Directory environment set up the email parameter is required.  

This is where you can run custom scripting to port in emails at runtime from your own source.

 

<$workingDirectory> is an optional parameter. Using this the script will download and run the installer at the specified directory. By default, the script will create a temporary working directory at "C:\tmp\backblaze_install_dir"

 

<$uninstall> is an optional parameter. Changing this to "true" will set the script to run an uninstallation of the Backblaze program on the endpoint.

 

The script will automatically run an update on any endpoint if it finds Backblaze is already installed. 

 

Troubleshooting:

Please note, a successful installation will result in a BZERROR:1001.

If you see other output error codes, here are potential issues:

  • BZERROR:190 - The System Preferences process is running on the computer. Close System Preferences and retry the installation. (This shouldn't appear as the script should be closing
  • BZERROR:1000 - This is a general error code. One possible reason is that the Backblaze installer doesn't have root permissions and is failing. Please see the install log file for more details.
  • BZERROR:1016 - The intended email address already has a Backblaze account, the group ID is incorrect, or the group token is incorrect.

If you are unable to successfully install or see a different error, please contact our Support team. Please provide Support with the install log from the computer you are unable to silently install for.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk