The Context
When performing a DLP installation, there is a point in which two (or more, depending on installation tiers) .msi files must be executed to install the server JRE and Detection Server. This then involves inputting the required information through the wizard for each file before moving on with the installation.
This is what the directory for a Detection Server upgrade looks like ordinarily when doing the process manually:
As a fan of automating processes, this seemed like the perfect opportunity to make another task easier through use of a short script, as opposed to launching two files, inputting the information, then waiting for it to finish.
Both versions of the script are at the bottom, and my breakdown is used to guide through the logic behind the steps. This guide is using 15.1 MP1 and the upgrade from 14.6 to 15.1 MP1. However, the logic behind it can be used for any version, as we’re automating the file executions.
The Arguments
There is an option to run these commands separately on the command line. The arguments are then put in and executed. This script differs in that it is automating both tasks to execute in one move, without having to change directories and arguments barring the initial input. It also saves time on UI navigation.
With this being Powershell, arguments are entered as an all-encompassing ‘-ArgumentList’ and then the arguments being wrapped in quotes. I’ve included basic arguments in this article for illustration. However, there is a full list of commands to customise the install found in the installation guide (https://support.symantec.com/en_US/article.DOC9257.html). This can be used to add options to enable FIPS, bind ports etc.
The argument list looks something like this:
-ArgumentList "/passive /norestart /Lv DetectionServer.log UPDATE_USER_NAME=protect UPDATE_USER_PASSWORD=passwordhere FIPS_OPTION=Disabled SERVICE_USER_PASSWORD=protect INSTALLATION_DIRECTORY=C:\ProgramFiles\Symantec\DataLossPrevention"One thing to note, in my example, I’m using the argument “/passive”. This requires no user interaction but does have a minimal UI in the form of a progress bar. If you would prefer to not have this, switch the argument from “/passive” to “/qn”. Below is an illustration of what you will see with the "/passive" argument:
The Sleep
As we’re installing the server JRE (assuming a fresh install, in the upgrade script, this part of the script is replaced by the Detection Server base patch), this needs to complete before the Detection Server is installed. Ordinarily, Powershell executes commands one at a time as quickly as possible. Therefore, it is important to build in a step to allow the JRE (or base patch) to complete before executing the main .msi file.
The syntax is fairly simple and is shown below. The argument “-s” denotes seconds. This can be changed for milliseconds by changing the argument to “-m”.
Start-Sleep -s 3The Conclusion
This script isn’t anything tremendous. It’s not going to change the way we understand Powershell as a whole. What it does do however, is to enable us to save time and resource by making processes more efficient. This is particularly relevant for consultants, as our clients trust us to leverage our expertise in a way that improves their business.
This script contributes to the ideology of making things smoother and more streamlined for us and our clients through automation of tasks that can be automated, leaving us free to deal with the more intensive tasks.
Once again, I hope this helps.
Thanks
Chris
Regular Install Script:
Start-Process "C:\path\to\jre\file.msi" -ArgumentList "/passive"
Start-Sleep -s 3
Start-Process "C:\path\to\detection\file.msi" -ArgumentList "/passive /norestart /Lv DetectionServer.log UPDATE_USER_NAME=protect UPDATE_USER_PASSWORD=passwordhere FIPS_OPTION=Disabled SERVICE_USER_PASSWORD=protect INSTALLATION_DIRECTORY=C:\ProgramFiles\Symantec\DataLossPrevention"Upgrade Install Script:
Start-Process "C\path\to\base\patch\msp\file " -ArgumentList "/passive"
Start-Sleep -s 3
Start-Process "C\path\to\msp\file " -ArgumentList "/passive /norestart /Lv DetectionServer.log UPDATE_USER_NAME=protect UPDATE_USER_PASSWORD=passwordhere FIPS_OPTION=Disabled SERVICE_USER_PASSWORD=protect INSTALLATION_DIRECTORY=C:\ProgramFiles\Symantec\DataLossPrevention"