Base Application Deployment

At Acorn, we have a standard set of base applications that we push out to all of our client computers. These include but are not limited to Adobe Acrobat Reader, Adobe Flash Player, and Java. These applications are typically the target of malware applications and as such, require constant updating. I will describe our the system that I have developed to keep our client computers up-to-date.

Deployment Server Configuration

We have a publically accessible web server that hosts the MSI packages for each of the base applications. We host the MSI files within a folder named deploy. Periodically we will update the MSI files, which we then upload to the deploy folder.


There is a file called spider.php which is setup as a cronjob to run daily. spider.php traverses through the deploy folder and all subfolders to generate a listing of all files which it stores in a file that it generates named files.txt. Below is a sample files.txt:



#m      h       dom     m       dow     file
00      *       *       *       *       /usr/local/bin/php /usr/local/www/data/baseapps/deploy/spider.php

Client Server Configuration

Each customer server has a scheduled task that runs each night to download the latest versions of the MSI packages. The script is a powershell script which downloads the files.txt file, parses it for which files to download, and then downloads each file. The script is named updatebaseapps.ps1.


$baseurl = "" #Base URL for where the applications are located
$filelist = "files.txt" #The list of all files to download
$root = "D:\location\to\baseapps\share\goes\here\software\deploy\" #Destination folder on the customer's server

$source = $baseurl + "/" + $filelist
$destination = $root + "\" + $filelist

if (Test-Path $root) {
    rm -r $root

#Make the root path folder 
mkdir $root

#Create a new WebClient object to download the files
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)

#Parse the files.txt file and download each file that is included in it
Get-Content $destination | Foreach-Object {
    #If it's a directory
    if ($_.Contains("#directory#")) {
        $_ = $_.Replace("#directory#", "")
        $_ = $_.Replace("/", "\")
        $dir = $root + $_
        #Make the folder if it doesn't exist
        if (-not (Test-Path $_)) {
            #write-host "Creating Directory: " $dir
            mkdir $dir
    else {
        $URL = $baseurl + $_
        $file = $_.Replace("/", "\")
        $fullfile = $root + $file
        write-host "Downloading:" $URL
        $wc.DownloadFile($URL, $fullfile)

Group Policy

Lastly, we have a group policy that applies to all customer workstations and laptops to push out the new MSI packages.