Deploying Firefox

I was recently tasked with deploying Firefox to a large chunk of system in the organization as a secondary browser. My first thought was this would be painful as hell, however after looking into it, deploying Firefox isn’t that bad. First I’m going to skim over the few things that in my opinion you absolutely must do for a “enterprise” type of deployment.

  • Use the ESR version of Firefox.
  • Repackage the Firefox install as an MSI. I don’t know of any free tools that you can do this with, but some examples would be Wise Packaging Studio (I don’t think this is being sold anymore…), AdminStudio, or MSI Studio.
  • Install Firefox to a unique directory. For example, if the version is 10.0.7, install Firefox to a directory like C:Program FilesMozilla Firefox 10.0.7.
  • Add the version number and ESR to any shortcuts.
  • Create your own JS file under INSTALLDIRdefaultspref.
  • Use a override.ini file.
  • Create an encoded Mozilla.cfg file.

You should have your encoded cfg file, your ini file, and your JS file ready to go before you go to repackage the application.

So first, start off by going out to http://www.mozilla.org/en-US/firefox/organizations/ and grab the latest ESR of Firefox.

Next, open up Notepad and paste the following into  it.

[XRE]
EnableProfileMigrator=false

Save that as “override.ini”, and stash it somewhere.

Also in Notepad (new session), paste the following into it.

pref(“general.config.filename”, “mozilla.cfg”);
pref(“browser.startup.homepage”,”data:text/plain,browser.startup.homepage=http://www.intrntpirate.com/”);

Save this file as custom.js and also stash it somewhere. This JS file contains Firefox settings that can be changed by an end user. (Think preferences within group policy.) The first line references the configuration file we’ll create next.

Lastly, in Notepad (again, a new session), paste the following into it.

//
lockPref(“browser.rights.3.shown”, true);
lockPref(“startup.homepage_welcome_url”,””);
lockPref(“app.update.auto”,false);
lockPref(“extensions.blocklist.enabled”,false);
lockPref(“extensions.shownselectionUI”,true);
lockPref(“network.http.pipelining”,true);
lockPref(“network.http.proxy.pipelining”,true);
lockPref(“network.http.pipelining.maxrequests”,8);
lockPref(“network.http.max-connections”,96);
lockPref(“network.http.max-connections-per-server”,32);
lockPref(“security.enable_tls”,false);
lockPref(“browser.shell.checkDefaultBrowser”,false);
lockPref(“toolkit.telemetry.enabled”,false);
lockPref(“toolkit.telemetry.prompted”,2);
lockPref(“toolkit.telemetry.rejected”,true);
lockPref(“extensions.getAddons.get.url”, “127.0.0.1”);
lockPref(“extensions.getAddons.search.browseURL”, “127.0.0.1”);
lockPref(“extensions.getAddons.search.url”, “127.0.0.1”);
lockPref(“extensions.getMoreThemesURL”, “127.0.0.1”);
lockPref(“extensions.webservice.discoverURL”, “127.0.0.1”);
lockPref(“app.update.auto”,false);
lockPref(“app.update.channel”,””);
lockPref(“app.update.enabled”,false);
lockPref(“app.update.url”, “127.0.0.1”);
lockPref(“app.update.url.details”, “127.0.0.1”);
lockPref(“app.update.url.manual”, “127.0.0.1”);
lockPref(“application.use_ns_plugin_finder”,false);
lockPref(“browser.download.useDownloadDir”,true);
lockPref(“browser.search.update”,false);
lockPref(“dom.disable_window_open_feature.location”,true);
lockPref(“dom.disable_window_open_feature.resizable”,true);
lockPref(“dom.disable_window_open_feature.scrollbars”,true);
lockPref(“dom.disable_window_open_feature.toolbar”,true);
lockPref(“extensions.blocklist.url”, “127.0.0.1”);
lockPref(“extensions.dss.enabled”,false);
lockPref(“extensions.update.enable”,false);
lockPref(“extensions.update.autoUpdateDefault”,false);
lockPref(“extensions.update.url”, “127.0.0.1”);
lockPref(“security.enable_ssl3”,true);
lockPref(“security.enable_tls”,false);
lockPref(“signon.autofillForms”,false);
lockPref(“signon.rememberSignons”,false);
lockPref(“xpinstall.whitelist.required”,true);
lockPref(“browser.download.manager.scanWhenDone”,true);
lockPref(“browser.formfill.enable”,false);
lockPref(“extensions.autoDisableScopes”, 15);
lockPref(“xpinstall.enabled”, false);

Save this file and call it Mozilla.txt. Now, navigate out to the following site -> http://www.alain.knaff.lu/howto/MozillaCustomization/cgi/byteshf.cgi, upload your Mozilla.txt and then download an encoded Mozilla.cfg file. Stash this config file with your other two files. It’s worth noting however that you don’t have to encode the config file. I do it just so end users can’t easily edit the configuration file. If you choose not to encode the config file, then instead of originally saving the notepad document as a .txt file, save it as a .cfg file and then add the following line to your JS file.

pref(“general.config.obscure_value”, 0)

Now, in case you’re just following this blindly, I’ll go over what we just did briefly. The override.ini file is in place to prevent the Import Wizard from running the first time an end user launches Firefox. (Like all things in the files we just created, if you don’t want a setting or “feature”, change it or remove it.) The custom JS file I pasted in above contains a line telling Firefox to read a particular configuration file, and then it also sets a preference for what I would like the home page to be. By setting this in the JS file an end user can permanently change the home page to whatever they’d like. Finally, the configuration file is there to lock settings in place. It’s very possible you could put the homepage in the configuration file as a Pref instead of a lockPref, however I haven’t tried. I pasted in most of what I have in my configuration file. There are a few settings I’ll call out. The rest are all set because they make sense to me for having set in an enterprise environment.

  • startup.homepage_welcome_url : I set this to nothing so that when a user opens Firefox for the first time they only see 1 tab open with their home page. If this is set to a corporate intranet site which is the same as the homepage, the user will see 2 identical tabs. If you don’t configure this option with anything then the user will see a Firefox welcome site. I prefer the user get a clean looking browser without junk, so I’ve removed the welcome tab on first launch.
  • extensions.shownselectionUI = false : I set this to false so that the end user doesn’t get a window regarding add-ons appearing the first time they launch Firefox. This is a similar window as to what Internet Explorer has for ‘speeding up your browser’ by disabling add-ons. In my case, any add-ons present on the system are there for a reason, so the users here don’t need to see this screen.
  • browser.shell.checkDefaultBrowser = false : This prevents the “Do you want Firefox to be the default browser” box from showing up. In my case Internet Explorer is still the default browser. Setting this in no way prevents the user from manually changing firefox to being the default though.
  • toolkit.telemetry.rejected = true : This is setting 1 of 3 settings that prevents the ‘do you want to send info back to Mozilla’ bar from appearing during first launch.
  • toolkit.telemetry.prompted = 2 : This is setting 2 of 3
  • toolkit.telemetry.enabled = false : This is setting 3 of 3

All the extension. and app. settings have to do with preventing add-ons/extensions and preventing automatic updates and such. Where you see 127.0.0.1 I’m just telling the browser to look back at the local system for a update server and such. So far the settings I have set seem to be effective at keeping add-ons and updates away. For those who don’t understand why I wouldn’t want automatic updates, generally in large environments you want to control the version of the software being used.

So now that you understand what the various files you created are for, now it’s time to package the application. I would suggest using a snapshot mode to capture the installation, but you can do whatever you’d like. Keep in mind that it’s best to install to the unique installation directory using the Firefox setup, and to change shortcuts and add your files before you capture the results with your repackaging software.

In case I didn’t already say this,… which I don’t think I did, override.ini and mozilla.cfg both go in the installation directory right alongside Firefox.exe. Your custom JS file goes under .defaultspref.

One issue you might see during your deployment is the add-on window still appearing during the first launch of Firefox even though there’s a configuration item set telling it not to appear. I’ve found that in my cases, this happens when there’s already a Firefox profile in existence. If you open up the prefs.js file under %AppData%MozillaFirefoxProfilesflakdfja.default and remove the lines that contain “user_pref(“extensions.”, you won’t see this issue. My best guess is that the new version of Firefox has an issue with extensions that were registered under an older version. In my case, I created a VBScript to delete the lines from the JS file, then embedded this script in a custom action that ran during install and repairs of the MSI. This is where you find ActiveSetup rather useful.

If anyone reads this and finds that I’m doing something odd, or wants to point out another way of accomplishing the same task, let me know. This is my first run with deploying Firefox, and all of the above was figured out in just a couple of hours.

Deploying Microsoft SharePoint Designer 2010

The following steps you through deploying SharePoint Designer 2010 as well as uninstalling it using command line.

First you’ll want to download SharePoint Designer x86 or x64. You’ll get a executable that’s about 260-285MB. You’ll then want to extract the executable by running “SharePointDesigner.exe /extract:C:extractedfiles”. Yes, I know there are install parameters for the base executable that you download, however you can’t silently deploy the application in this state.

Once the files have been extracted you’ll find an Office 2007/2010 like structure of files. You’ll then want to create an MSP file like you would for Office. This is done by running “Setup.exe /admin” and then running through the configuration gui. Once you’ve created your MSP, you can silently install SharePoint Designer by running “Setup.exe /adminfile MYMSP.msp”.

In order to uninstall SharePoint Designer using command line, you’ll first need to create the below XML file.

<Configuration Product=”SharePointDesigner”>
<Display Level=”none” CompletionNotice=”no” SuppressModal=”yes” AcceptEula=”yes” />
<COMPANYNAME Value=”CAS” />
<OptionState Id=”WAC_SPD” State=”absent” Children=”force” /> //sharepoint designer
<Setting Id=”SETUP_REBOOT” Value=”Never” />
</Configuration>

Place your XML file in the same folder as Setup, then run “Setup.exe /uninstall sharepointdesigner /config uninstall.xml”.

Deploying Java Runtime Environment

Deploying JRE’s in my opinion has always been a pain, however my new employer has developers that write Java based applications, so obviously I’ve had to improve my skills with deploying JRE’s to business users. The first thing I’ve come to discover is that a JRE can be ran against a system in two different ways. The first way would upgrade an existing installation of JRE, where as the second way leaves an existing installation alone and installs itself as a stand alone instance, which allows you to install multiple versions of JRE on a system. If you’re looking to upgrade existing installations, you’ll start your Java deployment out by simply running the Java offline installer and then grabbing the MSI it extracts from your Application Data. If you want to install a stand alone instance of Java, you’ll run your Java offline installer with STATIC=1. (For example, “jre6.exe STATIC=1”) Once you’ve gotten the MSI that extracts from the offline installer I would recommend creating an MST with the following customization, however technically you could deploy it “as is” at this point.

  • Set the AUTOUPDATECHECK property in the MSI to 0
  • Create custom actions that run as deferred executions right before InstallFinalize that adjust registry entries for auto update and deletes the files java.exe, javaw.exe, and javaws.exe from %windir%system32. You need to make sure that these custom actions only run if the product is NOT installed. You also need to configure permissions on HKLMSoftwareJavaSoftJava Plugin-in so that users can write to that key.

After all of the above, you’ll end up with a decent JRE deployment.

Some additional things to know about JRE’s is the layout of the registry under HKLMSoftwareJavaSoft. Some key items that I feel are worth pointing out is that you can always find the default running version of Java by looking at “HKLMSoftwareJavaSoftJava Runtime Enviroment” and then reading the Reg_Sz item “BrowserJavaVersion” or “CurrentVersion”. You can then use those values to navigate to sub keys under the “Java Runtime Environment” key where you can find where Java is installed to. This is useful if you need to run Java.exe as part of a Java application install.

MSI Custom Actions using MSI Public variables

Recently I’ve been doing a lot with application repackaging and having to get a lot more creative with things than I had to at previous employers. I found myself needing to create a custom action for an MSI that ran a vbscript, and that vbscript needed to know what the installation directory was set to. Now, obviously most of the time you’re going to know what the installation directory is because you’re setting that already in the MSI and during a passive/silent install it’s obviously pre-determined, so needing to pull that into your vbscript is rare because you can just manually specify the directory. However, in my case end users could change the installation directory (which they would…) and that would royally screw up my custom action.

After some researching I found that it was actually really easy to pull in an MSI property into vbscript and then set it to the value of a variable, however then I found that you could not even read a ‘Public Property’ during the deferred execution phase.  I found a bunch of articles explaining ways that were suppose to allow you to get the property over, however none of them were just “working”. Finally, after about a day of looking at all these different solutions to the problem, I managed to get it working. So hopefully in an effort to save someone else a bunch of time, below are the steps for being able to read a public property during a deferred custom action.

  1. The first step to do is to create a deferred execution custom action within your MSI that will be running your vbscript. In this example, we’ll name the custom action “LabVBSCA”.
  2. The next step is to create an immediate execution custom action that creates a property. You can call the custom action whatever you would like, in this example though we’ll stick with calling it “LabCusProp”. Now, set the name of the property that it’s creating to be the SAME as the name of the custom action you created in step 1. In this case, you’re going to be creating a property called “LabVBSCA”. For the value of this new property, you can put in a single public property or multiple public properties, however in this example just put in “[INSTALLDIR] for the value of the new property.
  3. Back to the vbscript in custom action “LabVBSCA”, the following code can be used to pull the INSTALLDIR property into your script as a variable.Dim MSICustomAction
    MSICustomAction = Session.Property(“CustomActionData”)
    MsgBox(“”& MSICustomAction &””)

As for where the custom actions need to go in the event sequencing, the actions both need to live under “InstallExecuteSequence”, however where they go in the order items I don’t believe matters. I’m pretty sure the rule is “If it’s not working, lower the items in the list of events.” I do believe though that for best results, the custom action that creates the new property should placed before the custom action that uses the new property.

In the event that you’re wanting to pass multiple public properties over, you can simply put “[PROP1],[PROP2],[INSTALLDIR]” in for the property value that you create in step 2, and then in step 3 you’ll just need to split the array in your vbscript.

 

Hopefully this write up helps someone else save some time figuring it out…

Controlling the Stationery fonts in Outlook 2010

You might find that you need to specify a particular font to be used in Outlook. This could be because you want to have a standard across the board, or because some users require a specific font.

The font settings in Outlook 2010 are located under File -> Options -> Mail -> Stationery Fonts. Once there you’ll see that you can adjust the front for New/Replying messages, as well as the font for plain text messages. Any change that you make for these fonts is stored under “HKCUSoftwareMicrosoftOffice14.0Commonmailsettings.

Once you identify the font settings you want, you have three ways of deploying. You can include the font settings with your Office MSP file, implement the registry modifications using a GPP, or deploy the registry modifications using a deployment tool like ConfigMgr. Obviously if you use the Office MSP file, the font change will only stay in affect as long as the end user doesn’t change it. If you use a GPP or ConfigMgr, you can configure the settings to be reapplied.

Deploying PDF Creator 1.2.0

By doing the following you can deploy PDF Creator 1.2.0 silently without the Yahoo toolbar installing.

Save the following as “settings.ini”

[Setup]
Lang=english
Dir=C:Program FilesPDFCreator
Group=PDFCreator
NoIcons=0
SetupType=custom
Components=program,ghostscript,comsamples,languages,languagesenglish
Tasks=
Printername=PDF Printer
ServerInstallation=0
Win9xPrinterdriver=0
WinNtPrinterdriver=0
Win2k32bitPrinterdriver=0
Win2k64bitPrinterdriver=0
Toolbar=0
DontUseYahooSearch=1
Place both the PDF Creator executable and the settings.ini file in the same directory and then run the following command line.
“PDFCreator-1_2_0_setup.exe” /loadinf=”settings.ini” /verysilent /forceinstall /norestart

Deploying Cisco IP Communicator

Today I was tasked with setting up a package in SCCM for deploying Cisco IP Communicator. Since I wanted to be able to deploy just the provided MSI I had to find out how to pass configuration information about the TFTP servers during the installation. Hopefully the below command line will save someone out there a lot of time.

msiexec.exe /i CiscoIPCommunicatorSetup7.0.5.4.msi ADDLOCAL=”ALL” ARPSYSTEMCOMPONENT=”1″ /qb-! TFTP1=”0.0.0.0″ TFTP2=”0.0.0.0″ /norestart

Deploying Adobe Reader X using an MST answer file

In order to deploy Adobe Reader X using an MST file, you’ll need to first extract the installation source and then use the Adobe Customization Wizard to generate an MST file.

To do this, open a command prompt and then run the following on your Adobe X executable.

AdbeRdrX_en_US.exe -nos_o”C:temp” -nos_ne

Running the above command will extract the executable to the “temp” folder on the C: drive. Once the source has been extracted, launch the Customization Wizard for Adobe Reader/Acrobat X. Go to File, Open Package, and open the AcroRead.msi for Adobe Reader X. You can then go through and make your customizations to the application. Once you’ve finish customizing the deployment, click Transform at the top and then Generate Transform. Save the MST file in the same folder as the installation source.

Now open up the folder in which your installation source is located at, and open the Setup.ini file in Notepad. Under the [Product] section, add without quotes ” CmdLine=TRANSFORMS=”unattend.mst” ” under “msi=AcroRead.msi” if it already isn’t set that way.

You can now run setup.exe without any command line arguments and it will automatically pickup all your customizations from the MST you’ve created.

Uninstall Office 2007/2010

The following config file can be used to silently uninstall an Office 2007 or 2010 installation. All you need to do is change the product code in the xml file to match the product code for the version of Office installed. For example, if you have Office 2007 Enterprise edition installed on a machine, then the product code would be “Enterprise”.

Below is a copy of the config file I use, with the product code replaced with “PROD_CODE”. To use the config file, run the following command line using the setup.exe from the Office installations source.

“setup.exe /uninstall PRODCODE /config uninstall.xml”

<Configuration Product=”Enterprise”>
<Display Level=”None” CompletionNotice=”No” SuppressModal=”Yes” AcceptEula=”Yes” />
<Setting Id=”SETUP_REBOOT” Value=”Never” />
</Configuration>

<Configuration Product=”Enterprise”><Display Level=”None” CompletionNotice=”No” SuppressModal=”Yes” AcceptEula=”Yes” /><Setting Id=”SETUP_REBOOT” Value=”Never” /></Configuration>