Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Rolling out Upgrade from ISA 2000 to ISA 2004
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Rolling out Upgrade from ISA 2000 to ISA 2004 - 2.Mar.2006 10:06:07 PM
|
|
|
berwin98
Posts: 7
Joined: 20.Feb.2006
Status: offline
|
Ok...I have seen a few dead threads about Upgrading the client.
Here are the two scripts to first uninstall the ISA 2000 client and then install the ISA 2004 client.
Uninstall ISA 2000 client:
msiexec /x \\<isa2000 computer>\mspclnt\MS_FWC.MSI /quiet /norestart
Install ISA 2004 client:
msiexec /i \\<isa2004 computer>\mspclnt\MS_FWC.msi /quiet
We have Auto Detect running and I think the only issue is that the web proxy settings do not get updated until the computer is rebooted. If you really wanted to, you could force a reboot with the second script by using the /forcerestart.
Thanks,
Bob
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 6.Mar.2006 4:47:35 PM
|
|
|
Belaflek
Posts: 7
Joined: 5.May2004
Status: offline
|
Question on this. We are a pretty small shop. ISA ENT 2000...uninstalled and installed ISA 2k4 and Config server on the same machine. Being that the old client is effectively no longer at said share in part one...could one change the first one with a local path?
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 6.Mar.2006 4:53:51 PM
|
|
|
berwin98
Posts: 7
Joined: 20.Feb.2006
Status: offline
|
Hey,
As long as you have the old install directory, you can put it anywhere you want. If you want to save the ISA2000 mspclnt folder...and then copy it to your new ISA server under a different share name, you can do this as well. As long as you have that MSI (and any supporting files) for the old ISA client, then you can do the uninstall.
Thanks,
Bob
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 21.Mar.2006 7:13:19 PM
|
|
|
greygoose
Posts: 9
Joined: 4.Jan.2006
Status: offline
|
How did you deploy these commands to the clients? Group Policy? If you did, how did you get the commands to only run once each?
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 21.Mar.2006 7:17:22 PM
|
|
|
berwin98
Posts: 7
Joined: 20.Feb.2006
Status: offline
|
We used Alteris to deploy the client. You can also use SMS or I guess Group Policy. I'm not very familiar with Group Policy Deployment, but my assumption is somehow it knows if the client was deployed. I would try that first. If you are still getting it to run everytime the policy is updated, then you could write a script to check for a reg key first and if it does not exist then you can run the setup.
Thanks,
Bob
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 21.Mar.2006 8:05:14 PM
|
|
|
greygoose
Posts: 9
Joined: 4.Jan.2006
Status: offline
|
The 2000 client was not deployed via Group Policy - it was installed manually on each machine. I'm trying to figure out a way to script the uninstall of the 2000 clients and then roll out the 2004 client via Group Policy.
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 21.Mar.2006 8:33:51 PM
|
|
|
berwin98
Posts: 7
Joined: 20.Feb.2006
Status: offline
|
Again, I am not a group policy software deployment expert. You might be able to create a new MSI through WISE to *just* run the commands to uinstall and install the new firewall client. Or use a login script to do this....the problem with using the login script is the workstations will take longer to login in the next morning.
Depending on how many users you have, I could put on my Microsoft Hat and recommend SMS 2003. SMS gives you greater control over software distribution and can provide status of software deployments (to tell if the client received the package, etc), and can defined whether to use BITS for Dial-up and VPN connections. Also, it has Hardware/Software Inventory, Remote Control, Software Metering, etc.
...and you wouldn't have this problem. SMS knows if the package has been installed already and will not attempt to re-run the advertisement.
Thanks,
Bob
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 22.Mar.2006 1:04:05 AM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Here is some KiX code that will search whatever DN you provide.
BREAK ON
$BaseKey = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C7A59A8-9ABE-459A-9A93-08C281A4A264}'
$objConnection = CreateObject("ADODB.Connection")
$objCommand = CreateObject("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection
$objCommand.CommandText =
"SELECT Name FROM "
+ "'LDAP://OU=Computers,OU=yada,OU=yada,dc=bla,dc=local'"
+ " WHERE objectCategory='computer'"
$objCommand.Properties("Page Size").Value = 100
$objCommand.Properties("Search Scope").Value = 2
$objCommand.Properties("Cache Results").Value = (not 1)
$objRecordSet = $objCommand.Execute()
$objRecordSet.MoveFirst
while not $objRecordSet.EOF
$curComputer = $objRecordSet.Fields("Name").Value
'.'
IF Ping($curComputer)
$InstallSource = ReadValue('\\'+$curComputer+'\'+$BaseKey,'InstallSource')
If $InstallSource
'InstallSource = '+$InstallSource ?
EndIf
EndIf
;DoX($curComputer)
$objRecordSet.MoveNext
Loop
;===================
Function Ping($PC)
Dim $PC
Shell'%comspec% /c ping -n 1 '+$PC+' >nul'
$Ping = NOT @error
EndFunction
You can also pull the UninstallString.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 22.Mar.2006 5:13:34 PM
|
|
|
greygoose
Posts: 9
Joined: 4.Jan.2006
Status: offline
|
Thanks for the script. I was able to use it to list the clients using the old 2000 FWC. Now I just need to script the uninstall by inserting into the registry:
SET KEY=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
REG ADD %KEY% /V TITLE /D "Removing Software" /f
REG ADD %KEY%\000 /VE /D "Waiting for Network Components" /f
REG ADD %KEY%\000 /V 1 /D "cmdow @ /HID sleep 10" /f
REG ADD %KEY%\005 /VE /D "Removing 2000 Firewall Client" /f
REG ADD %KEY%\005 /V 1 /D "msiexec /x \\oldisa\mspclnt\MS_FWC.MSI /quiet /norestart" /f
Thanks again
< Message edited by greygoose -- 22.Mar.2006 5:59:59 PM >
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 22.Mar.2006 5:56:19 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Thanks for the feedback and for taking my humble beginnings and running with it.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 24.Mar.2006 9:11:35 PM
|
|
|
greygoose
Posts: 9
Joined: 4.Jan.2006
Status: offline
|
I am almost done with the script. I can detect whether the computer has the 2000, 2004 or no client installed. It then performs the appropriate operation. The only problem is that the user that logs on needs to be a local administrator or the old firewall client will not uninstall and the new client will not be installed.
I also was going to deploy the new client via Group Policy, but decided against it. I cannot figure out a way to edit the .msi (via ORCA) or make a .mst file to specify what server I want the client to use. When I install in the script via the setup.exe file, I am able to specify the correct server via the "\\isa2004machine\mspclnt\setup.exe /v"SERVER_NAME_OR_IP=ISA2004MACHINE ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=0 /qn" switch.
I cannot use a WPAD entry to specify the correct ISA server because we have 2 different ISA servers on one subnet.
Thanks to anyone who knows how to edit the .msi file via ORCA to specify the correct ISA server.
< Message edited by greygoose -- 24.Mar.2006 9:12:37 PM >
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
