A few months ago, I blogged about my automated packaging and patching solution which can be run on a schedule to check if a new version of an application is available and if there is a new version available, package that up into an application container and deploy it. I am delighted to announce, I have published the script on my GitHub repository but before you check it out, feel free to read this blog post to get full context about the script and why I am so excited about it.
Why Automated Packaging and Packaging is Needed
This script is particularly timely as there are now more critical vulnerabilities disclosed than ever before, cyber gangs are exploiting vulnerabilities on average within 7 days of public disclosure and some vendors are increasing the frequency of their application updates, notably Google has announced a change to their update cadence of Chrome with a plan to release security updates to be released every week and this is the second time they have changed the update cadence in the last 2 years. All of this amounts to an increased demand on IT Administrators. If you work in a large enterprise environment where every application must be packaged and deployed, staying on top of every update with a manual packaging effort could be impossible. Some organizations have turned to simply allowing certain applications to auto-update, which is an idea that was unthinkable only 10 years ago.
For old farts like, I could have never imagined auto-updates being permitted inside a corporate network. Giving vendors carte blanche to tinker with applications on your corporate desktops was so fundamental as a standard that the very first step of application packaging was figuring out how to disable the auto-updates but it has gotten to the point that allowing a vendors to update their own applications and for businesses to accept the risk of an outage caused by a bad update is more palatable than falling behind on application updates, getting breached via a known vulnerability and then having to disclose that breach and the fact you were running unpatched software. The stakes are incredibly high.
Some of the Existing Options
Older package formats are susceptible to issues like applications conflicts, corruptions where applications do not uninstall fully or at all, active setup attempt to use a cached installer that no longer exists etc. Most application management tools/package manager tools that have auto-updating features rely on mostly vendor install media that is in the exe or msi format. Some can be integrated with traditional enterprise deployment tools but these tools can be slow when it comes to deploying applications.
For these reasons, I decided to leverage the Cloudpager PowerShell Module, the Cloudpaging Non-Interactive Packager, the Evergreen PowerShell Module and Automai to achieve my goal of automatically packaging and patching applications in a modern format using a deployment tool that provides me visibility and recourse plus one that is faster than some of the traditional tools used by the enterprise. You can see my solution in action for yourself in the above video.
The script which I have now made publicly available can be used together with your own automation pipeline platform of choice. If you so choose, you could also take the script and modify it to produce a different package format and deploy using a different tool. If you would like a deep dive of the code, I did a session at the Cloudpaging User Group going through my script in great detail. You can get access to the recording by joining the group then joining the Slack Workspace and going to meeting-recordings once added. The script also contains some sections that are commented out, you can uncomment these and populate the variables if you would like to integrate Teams and ChatGPT into your automated solution. In my environment, I have the script send a notification to a Teams channel every time application are updated so the Admins are kept in the loop. I also have used ChatGPT to auto-populate some of the properties like the application description. I was inspired by Erik from XenAppBlog.com for the ChatGPT use-case, thanks Erik!
What’s Next for the Script
I have been using the script since last year. Other started using the script a couple of months ago and once I had a first stable version out there and being used, I decided to focus on what I could improve upon in future. I currently have an updated version of the script which I am testing that integrates Windows Package Manager (WinGet) and Chocolatey plus it has improved error handling. The new integrations are pretty cool. They may require further testing as one of the downsides with WinGet and Chocolatey is that they don’t use the same standardized PowerShell output that you get with the Evergreen PowerShell Module or indeed the Cloudpager PowerShell Module.
If you use Cloudpager, I hope you will try out my script and please let me know if you have any feedback.