Webcast: Package & Step Level Conditions - Transcript

company JJB
JJ Bateman|April 29, 2021
Package and Step Level Conditions
Package and Step Level Conditions
    No Data

    SPEAKERS Lex, JJ, Jordan, Kelly

    Lex  00:00 ---   Normally, we have a much better intro. Go ahead, Jordan.

    Jordan  00:06 --- As you can see, normally things are a lot different and I'm not on camera, you could pretend like I'm not there until you talk to me.

    Lex  00:13 --- Hey, guys, we are covering package and step level conditions today. This is so weird. I mean, sitting in a chair instead of standing up doing this. With that,

    JJ  00:25 ---  get used to it get used to it, the new studios gonna have couches. 

    Lex  00:29 --- They don't really

    Kelly  00:30 --- Oh, yeah, you're gonna relax.

    Lex  00:33 --- I'm not sure that's a good thing. What if I fall asleep in the middle of my presentation,

    JJ  00:38 ---  then you fall asleep in the middle of your presentation. 

    Jordan  00:42 --- just be Lex quirk. Electrical Engineering when you do it. By herbal for me.

    Lex  00:48 --- It's that what it is? Well, now that you derailed my train, guys, so package and step level conditions, let's just kind of run into this, I built this really cool super dirt test package. Let's just open this up and take a look. So ultimately, at the package level, you know, you can do these at step level in the package level. Let's just do a quick run through on these. So first of all, you can decide whether the package is going to run on the OS, whatever OS version, right? So in the event, like sometimes, you know, you do maintenance and stuff. And you know, you're going to do a reboot, right. Anytime I do a reboot, I always make sure I uncheck the servers Reason being is I like to reboot those by hand as opposed to, you know, say accidentally rebooting those. Jordan, any other interesting thoughts on on just the OS level type conditions,

    Jordan  01:45 --- I just really like it every time we see that the VISTA is still there. , I don't think my recommendation for using the VISTA is to upgrade.

    Lex  01:56 --- Okay. Now, if you do check in our package library, again, if you were to say, look at any of the windows 10 updates, again, there's a couple different ways that you're going to do that this would definitely limit to Windows 10. Os. And then obviously, they're gonna take a few steps further, but Anywho, so that is the OS version, condition, architecture version, Jordan. My favorite, I'm just kidding, this is not this is you'll generally see this, if you're running stuff against a 32 or 64 bit machine, I generally use this at a step level, because a lot of times we're going to be you know, if you install seven zip, you've got the 32 bit install and the 64 bit install. And this is where you would do that you can do it this step that will show you but you could limit this package to run only at, you know that OS level

    Jordan  02:47 --- with some PowerShell. Like, if you're looking in specific folders, the folder structure can be different based on 32 to 64. So it's a good way to make sure that if you wrote the code specifically for one, it's only going to run against the ones it's going to work on. Oh, excellent. Speaking

    Lex  03:01 --- of PowerShell, tell us about this. Oh, man.

    Jordan  03:04 --- I yeah, any more defaults to 5.1? On Windows 10. If people are not on Windows, I can't remember if seven or Vista can take windows 10 to more than haven't haven't used in so long. But my recommendation is to update everyone to the latest PowerShell. You can, but codes and what works does change for PowerShell. based on what's in there. So if you write something in PowerShell, three, there's no guarantee it's going to work in five. I mean, if you can obviously make it so it works for all of them. But if not, it's something where you can just limit the machines that it's not going to fail on based on the command that doesn't exist.

    Lex  03:40 --- Yeah. So the takeaway from that is upgrade, upgrade, upgrade, okay,

    Jordan  03:45 --- the later PowerShell is better.

    Lex  03:49 --- Let's also, before we take questions talk about the logged on state to basically you can limit this to run it for me if the users logged on or not logged on. And again, these are tools they're free to use. Personally, I always run stuff after hours. I just don't like phone calls. So it is there for you to use. 

    Jordan  04:10 --- The logged on comes in handy with things like Appx packages, although now with that, Appx, you can do all users if you're uninstalling, like if they're doing like Firefox that they installed on the owners on the personal profile, having something to uninstalls that that only runs if someone's logged on. Make sense? Because if they're not logged on, you might not be able to find it in there.

    Lex  04:30 --- Very good point. Very good point. Okay, well, let's think we got a question about registry registry questions, Kelly.

    Kelly  04:39 --- Yeah, let's see if we can find that. Okay, Hey, guys, how can I scan the registry of computers looking for a specific value? I would like to populate a collection library with the results. Thanks, D north.

    Lex  04:54 --- Alright, you'll notice right here there is a registry condition. We're going to go over that but for what you want to You're going to want to actually do a registry scanner. You go into scan profiles and inventory. New. Let's just call this. I don't know, we'll call it. ridge. So we know it's a registry scanner. Server mode. We're gonna look for server mode on PDQ. Okay, we're going to add a registry scan. And it just so happens, I am going to use this later. There is the key, there's the mode. So I'm going to copy this. We need the mode and the mode is server. It is from what I understand case sensitive. So protocol mode. And we'll just take any of the modes from there. Give that an okay. And then we'll just run a scan, I'm going to run it against just get us right now, because Guinness does happen to have that on there. So right click and ‘scan computer’, we'll do our reg server mode. And it should return that information. And then from there, you can build collections by looking in the registry table. Right, so there's our Guinness files servers registry. Right there. Apparently, I typed that wrong.

    Jordan  06:24 --- But if you've done it correctly, this would have been a wow moment.

    Lex  06:27 --- Yeah, that's where you gonna do it. I swear, I did this earlier. Anywho. I guess I could troubleshoot that. But that's what I would do. Okay. Again, I probably need to just grab that mode there. So any rate.

    Jordan  06:42 --- So let's just jump register on the step condition for a deployment. But that's not going to return data you could build a collection off of is just going to install or not install the package.

    Lex  06:53 --- Let's just try to write that right now. So this dir, we're going to go and do it if it exists, okay? Again, here's that registry entry. Okay, we're going to go software inventory protocol, copy. And then we will paste the key in there, it is looking for the value for mode. and the value contains the server. Fair enough, we'll save that and we'll just kick that off against a couple of machines, right click and see if that works. So it's just going to do a deer. So we'll deploy that against the console here, the period and then we'll say, Bugs Bunny. And if I did that correctly, it should run. There we go. It's running on Guinness, because it did find that and it is not running due to registry conditions on Bugs Bunny. So that'd be a registry condition. Jordan, go ahead.

    Jordan  07:55 --- Well, it just is it's filling that fast, because it's not copying anything over. So it tests the condition first before it sends anything over. So it really can speed up packages where it's, you're not sure if it's going to be able to install or not.

    Lex  08:07 --- So at that level, it runs at runtime, right evaluates before it runs a package, which is kind of cool. We can do similar things if a file exists or doesn't exist. Okay. So, it just so happens that on the C drive of a handful of machines, I put a file called new machine dot txt. Okay, save that. And now, according to this, if that is where I came up with this idea is, you know, image machines, right. And when you image them, if you drop a text file, somewhere where you can find it, obviously, you can do a scanner and build a collection to run it against. And you can also do a file step or file condition here. So let's, let's just go kick this off again and check it out. Oh, no, I didn't build the collection. Well, let's build one really quick. Computer, I do believe I ran files and directories, the name contains the machine t exe T, see if we've got those out there. 20 machines, okay. So it should run against a handful of those machines. So at this point, we will deploy this once and we'll grab I don't know, choose some targets from various sources to verify that this new collection here we'll grab these three should run against those three. And now Bugs Bunny. Let's just say it runs against crony. See if that works. So now it should run against. Apparently crony does have it. Hmm, interesting. Well, if it didn't if a machine didn't have it, like, I guess I can go and find We're not the ones that don't have it easy enough, right? And then we'll run it against one of those files. don't return me any of those. What's really quiet, Jordan, any thoughts?

    Jordan  10:18 --- Oh, well, I just kind of find the chat where the text is hard to read. I'm wondering, where if we can't zoom in and zoom out anymore? If we could just maximize the windows we have? Yeah.

    Lex  10:29 --- Okay.

    JJ  10:30 --- I don't think that's going to change the size of the text. So this  And so maybe if you have, I don't know, if you have some sort of accessory or accessibility utility for the, for the heard of seeing, 

    Jordan  10:45 --- does that make it any better? 

    JJ  10:47 --- No, like I said, the text is going to be the same exact size

    Jordan  10:51 --- on that one. 

    Kelly  10:52 --- But Jordan, you'll, you'll be happy you're no longer on screen?

    Jordan  10:55 --- That is my hope. All right, yes.  removing us from the said didn't make it better. There's just something I guess we're gonna work on before the next webcast?

    Lex  11:08 --- I'll tell you it makes it better because they don't have to look at us. Maybe Anywho, it did fail in Elmer Fudd. Because the file didn't exist. So. So that's your file conditions? Let's take another question.

    Kelly  11:23 --- All right. Yeah, this is kind of a two parter. Kind of package level condition be set so that it doesn't trigger a fail if the condition is not met, instead of two schedules, one for my AD computers with a pull package, and another for my non AD computers with a push, I would like to have one schedule with two conditional packages, Josh see. Alright,

    Lex  11:47 --- so what I'm going to do for this, we're going to just duplicate this. And we'll call this package the AD package, right, this one's going to run against AD. And AD gets the push, right. So here, we're going to go to options. And we're going to go to the copy mode and excuse me, pull, not a push for the AD, right? Save that. And then we will go to the non AD package here. And we'll go to conditions and say that's the default push here. So we can force it with a push. Okay. Now, the other thing you don't want to do is this, under conditions, only run this if it is not a member of and we're going to go look at the PDQ if it's not a member of AD. In this case, now, if you've got multiple domains, you may have to do some more. Work with that, and again, probably should do on the AD one. So that only runs against those it is a member of and we'll go grab the AD. AD. And now that you have that tag both these bad boys here, you schedule with them. There's your one schedule, that's going to run the two different packages and only run against AD ones against AD and the non AD against non AD. Hopefully that takes care of that one for you, man. Any comments on that, Jordan?

    Jordan  13:12 --- Well, just for that one, it's not so much you can have a separate condition that says if this fails, we continue in a way it's more of you just need to put the opposites in on your filter for each one. Yeah, this

    Lex  13:23 --- is how it just would run on what it needs to run on. Not necessarily. triggers and that is so excellent. Do we want to ask another question? Or should we keep moving on?

    Kelly  13:37 --- Now Yeah, I can give you one. Hey, guys, I am installing Google Drive on stations with PDQ Deploy, I'm having some stations come up with very large debug log files any reason why that might happen? Curtis J.

    Lex  13:54 --- Alright, I'm not sure about why Google Drive installs would be giving you huge logs, I can tell you a place to look to see what kind of law if you look under logging, you know, options preferences. You know, depending on what you have tagged here will depend on a lot of the data. You're getting back now, for Google Drive itself producing a big log file Jordan, any thoughts?

    Jordan  14:17 --- Without knowing how the install works? I'm I mean, they probably have documentation on how to make it less verbose. But if it's not happening to each one, is there a specific issue I'd have to be able to look into the actual install to see it.

    Lex  14:32 --- Okay. All right. Well, let's, let's jump back to our super dir package here. Alright, you guys did happen to see that we were using collections here. So the nice thing about this, let's say you wanted to make sure that a package did or did not get installed, let's say did not get installed. Because we've got machines here that none shall update. Okay. So what you can do is you You know, let's say this is your job update, or you want to keep a legacy version of Firefox or Chrome, you come into the package and just say, Okay, this package is okay to update on anything that is not a member of, in this case, I would go grab my none shall update static collection in this case. So that's a way to do that. Jordan thoughts on this at the package level.

    Jordan  15:25 --- And not really, I guess the only major difference is the package level is a way to make it if you have a lot of things stolen from a single package to make sure that they all don't hit the same behavior, you can put a little bit of customization in there.

    Lex  15:40 --- Now, let me show you another way you can do this, I'm going to build a new package. And we'll talk about step level conditions because they're basically the same, we're going to do what I like to call the make a match, right? make them match up or a baseline of sorts, right? We'll call this a match. All right, so let's say everybody, all the machines over a year, you know, you install some here, install some there, you want to make sure everybody has the same, you know, seven, zip, and Chrome and Firefox in this case, right, I could do more, but this will take forever. Hey, what you can do, if you go in here, you can go Okay, go ahead and install seven zip. Or let's say you needed to get everybody on seven zip only install it on. And again, you can do any of these as a member of and I'm going to say in this case, let's make sure everybody has seven zip. So we'll go up and have the collection library, utilities, seven zip not installed. So if they already have seven zip, it's good to go, right? Same thing with Chrome, right? When you get to this condition. Now this one I would do in this one specific because this one's already got a package condition on it that is only supposed to run on a collection named valid. Now we did a video or webcast a little while ago on validating machines, right? So we're going to override the nested package conditions, okay. And we're going to say this only runs on a member of, you know, missing chrome in this case. Now, we can do the same thing with Firefox, but you guys get the idea, right? Now, here's the interesting thing, right, we can then take this and say this is a match. And we only want to run this on accounting machines, right? So you'll notice right here, I've got a counting super spy Ninja, you know, a bunch of these. So at this point, I can now when I find where I did with it, I can say, only run this, this is an accounting only update. Okay, so we're going to use both sets. So again, we have to be in accounting, and then doesn't have seven zip and doesn't have Google. And now all the machines and accounting, you know, if you had all the software in there you could make, you know, make all the machines match. Right. Jordan, thoughts on this?

    Jordan  17:59 --- Just one thing to make note of the department field that we're using on that one isn't something that we find by default, that's a custom field that we built. So if there's if you're in there looking for the department to duplicate it, and it's not there, it's something that we customized ourselves.

    Lex  18:13 --- Yeah. So hopefully, that just kind of sparked some ideas. Other things you can do at the step level, right? is, let's say these were prerequisites again, you know, you need to have dotnet, whatever, before you can install. You know, I don't know, Crystal Reports before you can have QuickBooks, you know, you can make a smart package that is going to take care of all of your prerequisites. So all right, any other thoughts? Jordan, should we start taking some questions?

    Jordan  18:44 --- I think we've got quite a few questions. Let's dive in.

    Lex  18:46 --- Let's do it.

    Kelly  18:48 --- All right. Hey, guys, is there a way to deploy a package to a device that is not on the domain? Can I set up local user credentials and push to an IP? Russell? Okay, hey,

    Lex  18:59 --- Russell, let me make sure that I can actually run this and haven't put any conditions on this. And I'll show you how to do that. All right. So again, deploy, you need to have your, excuse me deploy once, you'd have your local credential setup, right. So right here. I don't happen to have any local credentials, but you'd select your local admin credentials. And then you'd pop in IP right at the computer, hit deploy now, and it would connect, use your local admin credentials and run that deployment. So it did a dir on that machine at this point. So hopefully, that takes care of that. But again, your credentials, you'd set those up options, credentials. And you could add credentials there.

    Jordan  19:53 --- There's also inventory. If you have a lab setup for those local credentials, you can put labs and inventory Worry and then do a network scan, which we'll look at not just AD machines, but all but IP. And then have the scan set to the lab's credentials. And that way, if you check the box on the deploy to use image or imagery credentials, it should work by default without having to set it every time.

    Lex  20:16 --- That is, I love that. And that setting is right there. Thanks, Jordan. What else did we got?

    Kelly  20:26 --- This one's interesting. Hey, guys, devices are still showing in the app installed collection after uninstalling MSI x a nerd nerd, blah, blah rubric, reboot device, confirm app is no longer installed, run app scan in inventory. And there's a little more nerd nerd filters, nerd, nerd, blah, blah. Thanks, Ray.

    Lex  20:49 --- Now, I think we pull that information from the registry. Don't me, Jordan.

    Jordan  20:54 --- I believe so. Yeah.

    Lex  20:56 --- So if it's not removing that from the registry, but is removing the program, but it's not cleaning out the registry, it would still show that app installed, wouldn't it?

    Jordan  21:05 --- Yeah, the best way I can think to test that is to on the machine that is still showing up, even though it's on installed is to build the registry scan that's looking at that location, and scan the machines and see if those are still coming back as having a result.

    Lex  21:18 --- There you go. Yeah, I would do it again. Yeah, look for that executable, or whatever it is that kicks that off with a file scanner. Nice. Got another question? Sure.

    Kelly  21:31 --- Why not? Gentlemen, more of a request than a question, can we get options to tweak the pending reboot notification, perhaps turn ON OFF file? renames, for example. And that comes from Doug Kay.

    Lex  21:50 --- Boy, Jordan, I, you know, I guess Can you make the request? Sure. I'm trying to think how you do that.

    Jordan  21:58 --- And it looks in four or five different locations that we don't have control? It's the back end of the product? I can't think of a way to do that. So you could build the collection of No, no, because there's no time data when the need to reboot pops up. So you couldn't even put a timespan in that.

    Lex  22:17 --- That's a tough one. I know. You can look at the I know the registry, where to look in the registry for it. But that's Yeah, I don't know. Gonna have to punt on that one. Not sure.

    Jordan  22:27 --- But on the previous question, Colby pointed out in chat that his query is also using contains, which means it might be finding the like application instead of just equals that's just another alternative in case it's not an artifact. There we go.

    Kelly  22:45 --- All right, we got a couple more cool. Is there a way to set a condition on time of day day of MONTH looking to prevent the accidental deploy of a package outside of our maintenance window? Thanks, Patrick.

    Lex  23:01 --- Case schedules. triggers, let's say weekly. We'll go Saturday. starting April 29 ending trying to think is there a way to do that Jordan? Where we've got the is it under options? I swear there's a spot in here we can don't, you know, only run between these times?

    Jordan  23:32 --- I don't remember something like that. But I'm not thinking of what it is. I'm hoping.

    Lex  23:37 --- Yeah, hopefully someone can pop that up in the chat because

    Jordan  23:40 --- it's already in there. There's a blog for new releases for PDQ Deploy and PDQ inventory, timeframes for heartbeat and interval triggers. Okay, interval series. spot there.

    Lex  23:53 --- So interval triggers. Boop, start and stop. There we go. Once a day, once every two days once a week. Are you running between these times? Thanks, Colby.

    Jordan  24:04 --- Yeah, we knew it existed. So without Thanks, Colby.

    Lex  24:08 --- I know I could do it. What else did we got?

    Kelly  24:13 --- Got one last question. Unless you guys have anything else you want to dive into?

    Lex  24:19 --- Play? You know, let me dive into one. One other thing really quick? And then we'll move that last question. A lot of times, you know, again, some of the interesting things that we have found is when you build the collections here, obviously the more in depth your collection, the more logic you can apply to it. So you could say something to the effect like this and apply it right. So let's say a computer needs to be part of the accounting department, right? So we'll come down and excuse me, collection will go to collection here is a member of again, it will say accounting or we'll say super spy in this case. Okay? And we'll also say the collection is not a member, again, the more in depth and the more logic you can add here, you know, none shall update. So in this case, it can be a super spy and it can't be updated. And now I've got a collection for Super spy that, you know, you don't have to, again, the more you can put in this single collection, you can reference it in one place at the package step level, and that's my preferred method. Jordan, do you have a preferred method for your conditions?

    Jordan  25:32 --- Not necessarily preferred. I just know this kind of goes into the simplicity that we're talking about in the pre show, where if you have a whole bunch of machines, and you're sending out every time, it I mean, you have as many only so many active deployments you can have going on at the same time. So if you have logic and limiting what it's going into, you can get to that quicker and you have less, I guess, resources being taken up and you can get your machines updated faster. So just put in the work early, make sure you're hitting everything that you need, and then just make everything easier in the future.

    Lex  26:04 --- Excellent. Well, let's take that last question. Kelly, unless there's more questions that have popped

    Kelly  26:10 --- No. All right, the final question for a PDQ Deploy Windows Update packages are Windows 2008 R2 servers that do not have the extended security update purchase, purchase slash enabled, still listed correctly. Within PDQ inventory, cumulative update, latest and old accurately in PDQ inventory collections. That was a mouthful, by the way. Thanks, Keith. Kay.

    Lex  26:35 --- That, okay, so I know, if Windows, if Microsoft doesn't support it, you know, we kind of follow their support. So does it display correctly here? That's a good question. That's the current KB out there. 513 83. I

    Jordan  26:56 --- think that is so so the collections are just going to go based on whatever the last KB from Microsoft was, if there's something where it's not getting updates, because it's out of extended service, we don't have a way to account for that. It's just, it just basically, if they have the latest KB, then then it will show up in the latest.

    Lex  27:15 --- There you go.

    Kelly  27:17 --- And we actually do have one more question that came in if you guys would like that. You can auto package updates. For example, the recent Firefox update 88, updates a variable in inventory to reflect the latest version rather than having to manually update these. Thank you, Craig.

    Lex  27:37 --- If you go to the collection library, Internet browsers, Firefox, just say 64 bit. Let's go look at the latest and old. There is version 88. Right there. So if you do use this, you know if you've purchased inventory, this comes with it. So I would look in the collection library under inner Nick, excuse me, Internet browsers. And again, if you've got your auto update set again, that set here and preferences. Auto download skews me. Mine set to seven days, just because I'm too lazy to change it. Actually, that works really well. Jordan, did I misread that? Or misunderstand that question? Because I think, you know, that collection automatically updates here, because we manage it for him.

    Jordan  28:24 --- So if you're specifically talking about ones that are auto update within our collection, those are in our package library, those should update automatically in our collection. If it's one where he built it himself, there is a way to use PowerShell to kind of automate the process of updating everything. We have a couple of webcasts on how you can get everything set up.

    Lex  28:45 --- Yeah, you would look under automating packages that aren't in our package library. Again, if it's in our package library, let us do the work for you. It's much easier for you. Yeah.

    Kelly  28:57 --- All right. I think it would be about this time, we would tell you to go to camera 2

    Lex  29:01 --- camera 2

    JJ  29:03 --- camera 2

    Lex  29:05 --- everybody. Thank you guys for watching. Hopefully, you know, we've at least shown how to use some of these options for you. Maybe spark some ideas on different ways that you can use that. Thanks for watching. I'm Lex.

    Jordan  29:20 --- I'm Jordan with PDQ. Yay.

    Kelly  29:22 --- Thank you for being a part of our webcast today. If you had questions that we were not able to get to today, feel free to reach out to our support forums. Thanks again for joining us, and we'll see you back here next week.

    company JJB
    JJ Bateman

    JJ is a technical creative. He finds joy in programming, automation, and in participating in the artistic sides of things. You'll often find him drinking on Thursdays on the PDQ webcast, rambling and raging remotely at the Bermuda Triangle/heisenbug-tier tech at the studio in SLC.

    Related articles