Deploying applications to end-user Windows machines has never been easier if you are a Microsoft Intune administrator. Earlier what used to be a painstaking process of installing each application and its required dependencies one by one, has evolved into a professional solution where you can package all the applications along with their required dependencies into one complete “.intunewin” package for a simplified solution.
The concept of modern management or modern device management takes this a step further by providing IT administrators an even simpler way of installing, managing, updating & uninstalling applications using package managers.
Linux adopted early the practice of maintaining a centralized location where users could find and install the software.
What is a “Package Manager”?
A package manager or package management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer’s operating system in a consistent manner. It keeps track of what software is installed on the computer and allows us to easily install new software, upgrade the software to newer versions, or remove software that was previously installed.
As the name suggests, package managers deal with packages: collections of files that are bundled together and can be installed and removed as a group. Often, a package is just a particular program. A software package is an archive file containing a computer program as well as necessary metadata for its deployment. The computer program can be in source code that has to be compiled and built first. Package metadata includes package description, package version, and dependencies (other packages that need to be installed beforehand).
Package managers are charged with the task of finding, installing, maintaining, or uninstalling software packages upon the user’s command. Typical functions of a package management system include:
- Working with file archivers to extract package archives
- Ensuring the integrity of the package by verifying their checksums and digital certificates, respectively
- Looking up, downloading, installing, or updating existing software from a software repository or app store
- Grouping packages by function to reduce user confusion
- Managing dependencies to ensure a package is installed with all packages required
Package Managers differ based on the packaging system as well as the operating systems for which they are used. For example, RPM-based Linux, Yum, and DNF are package managers. For DEB-based Linux, we have apt-get, aptitude command line-based package managers. For Windows, the two most used package managers are Winget & Chocolatey. Over the next couple of weeks, I am going to do a deep dive on how to leverage these platforms along with Microsoft Intune to make applications management easier.
In this part 1 of the 4-part series, we will investigate Chocolatey and what it does. In the next installment, I will walk you through steps to get it set up in your organization using Microsoft Intune and how you can use this to manage application installment & management. In parts 3 & 4 we will look into how the same can be achieved via Winget.
Chocolatey is a machine-level, command-line package manager and installer for Windows software. It uses the NuGet packaging infrastructure and Windows PowerShell to simplify the process of downloading and installing software.
Some well known features of chocolatey:
- Deploy Anywhere: chocolatey supports all Windows versions after Windows 7. It requires PowerShell v2+ and Microsoft .NET Framework 4.x. You can deploy on-prem, to Azure, AWS, or any cloud provider you might be looking at
- Deploy with Everything. Anything that can manage endpoints or do remote deployments can either direct Chocolatey through commands, batches, or scripts. Full configuration management solutions like Ansible, Chef, PowerShell DSC, Puppet or Salt typically have providers/modules that allow you to work within their languages to manage both Chocolatey installation/configuration and software
- Packages are Independent and Portable. When you deploy through multiple systems or want to migrate from one to another, you can take the work you have done with Chocolatey with you. How is that for some major time-savings
- Completely Offline and Secure. You can step up your own local repositories and start using them without the need for an internet connection
- Create Your Own Deployment Packages and use them internally
- Manage Dependencies With Ease. You can build specific installation paths for your applications
One of the most time-consuming tasks with Microsoft Intune is the application portion, where you package applications up to deploy. Currently, if the application is bundled as an executable (exe), the steps are as follows:
- Grab the installation executable
- Find the install switches – most common one is the silent switch
- Find the install directory or registry key to tell Microsoft Intune if it installed correctly or not
- Find the uninstall executable and any switches it has as well
- Wrap the executable in an ‘INTUNEWIN’ format
- Import file into Microsoft Intune
- Configure the application with the install and uninstall switches as well as the directory it creates to Microsoft Intune knows if it installed correctly or not
With Chocolatey, the process gets reduced and we only need to do the following:
- Find any install switches
- Grab the installation executable
- Find the uninstall process and switches
- Configure the application with any install switches, or uninstall switches within the Intune blade
Stay tuned for part 2, where we install Chocolatey as a Win32 app using Microsoft Intune and install subsequent software.