Automating Application Packaging is a topic I have covered numerous times on my blog but I realized, my last significant update was shared back in 2021. A lot has changed in the last couple of years. Patching of non-Microsoft Windows applications has become a higher priority than ever due to several high profile vulnerabilities such as the Log4Shell vulnerability, the Solarwinds supply chain attack and more.
Organizations have found themselves in a position where they need to react quickly. Just last month, Google patched 2 zero-day vulnerabilities in the space of just 4 days. It is becoming impossible for EUC teams to keep on top of things. Chrome as an example was getting updated every couple of weeks in the past but now a new minor rev appears to be released into the stable channel every night. Even some popular open source applications are getting more frequent patching than ever before. It may be tempting to simply allow applications to auto-update as the vendor releases a new version but this is not optimal in large scale enterprise environments.
Allowing Auto-Updates is Risky Business
Allowing applications to update themselves frequently with no internal control is not an attractive prospect to some organizations particularly those who are risk averse like financial organizations. It can also be jarring for organizations to lack the visibility of whether or not the vendor’s patching was 100% successful. A product like Patch My PC can deploy new versions as they become available. I did a demo of Patch My PC with Intune last year. While it gives great visibility and control, when using the product I was still relying on Intune for deployments which I find to be slow and unreliable. It also deploys exes and msi packages which can also be prone to installation failures, application conflicts and failed or unclean uninstalls of previous versions during upgrades.
All of these reasons is why I thought I would share another update to my automated packaging factory content. Over the last couple of years I updated the logic in my PowerShell script and this time also show how I use a set schedule and detection logic to determine if a new version of an application is available and if there is, package it into an application container and deploy to an early adopters group to streamline the patching of applications.
In the embedded video above, I demo using different components I have mixed together to automate the packaging of ANY application and show how I schedule the script to run in Automai Tester, how I use the Evergreen PowerShell module as part of my workflow, how I leverage Robotic Process Automation for applications that are not accessible in the PowerShell module or that just benefit from RPA and how I leverage application containers for delivering my applications and their patches.
I didn’t want this to be a promotion for my employer so I did not cover the application patching benefits of Cloudpager like the ability to rollback patches if needed. The video does show using Cloudpager to deploy patched applications to an early adopters group using Workpods – which I think is pretty cool but if you would like to see Rollbacks in action and how to deploy updates quickly when needed (which is increasingly frequent), I suggest you check that out HERE.
Personally, I think this is a pretty cool use-case for application containers as it increases the control organizations have for patching and expedites speed of rolling out updates. It also reduces the risk by being able to roll patches back cleanly and quickly every time. Patching using EXEs and MSIs can be problematic if vendors do not follow best practices. Those package types can also result in the perception of an intrusive update occurring if the user witnesses pop-up notifications and dialogs appearing. The RPA is also a game changer, in my opinion. While you may not want to automate packaging of every application in your organization an RPA product can make it hypothetically possible to automate packaging of every application as you can automate pretty much any workflow with an RPA regardless of whether there is an available API or programmatic way to do it.
I plan to go over this in more detail and look at some of the PowerShell code at the next Cloudpaging User Group on June 9th for anyone interested in seeing more! If you cannot attend that session, I also hope to share a more detail breakdown of the script in a later blog post but for now I hope the video will pique your interest!