# Base Application Deployment

At Acorn, we have a standard set of base applications that we push out to all of our client computers. These include but are not limited to Adobe Acrobat Reader, Adobe Flash Player, and Java. These applications are typically the target of malware applications and as such, require constant updating. I will describe our the system that I have developed to keep our client computers up-to-date.

## Deployment Server Configuration

We have a publically accessible web server that hosts the MSI packages for each of the base applications. We host the MSI files within a folder named deploy. Periodically we will update the MSI files, which we then upload to the deploy folder.

### spider.php

There is a file called spider.php which is setup as a cronjob to run daily. spider.php traverses through the deploy folder and all subfolders to generate a listing of all files which it stores in a file that it generates named files.txt. Below is a sample files.txt:

#directory#acrobatreader
files.txt
#directory#flashplayer
#directory#java
spider.php
flashplayer/flash_player_active_x32.msi
flashplayer/flash_player_active_x64.msi
flashplayer/flash_player_plugin_x32.msi
flashplayer/flash_player_plugin_x64.msi
#directory#java/java_x32
#directory#java/java_x64
java/java_x32/Data1.cab
java/java_x32/java_x32.msi
java/java_x64/Data1.cab
java/java_x64/java_x64.msi

#### crontab

#m      h       dom     m       dow     file
00      *       *       *       *       /usr/local/bin/php /usr/local/www/data/baseapps/deploy/spider.php


## Client Server Configuration

### updatebaseapps.ps1

$baseurl = "http://server.address.goes.here/baseapps/deploy/" #Base URL for where the applications are located$filelist = "files.txt" #The list of all files to download
$root = "D:\location\to\baseapps\share\goes\here\software\deploy\" #Destination folder on the customer's server$source = $baseurl + "/" +$filelist
$destination =$root + "\" + $filelist if (Test-Path$root) {
rm -r $root } #Make the root path folder mkdir$root

$wc = New-Object System.Net.WebClient$wc.DownloadFile($source,$destination)

#Parse the files.txt file and download each file that is included in it
Get-Content $destination | Foreach-Object { #If it's a directory if ($_.Contains("#directory#")) {
$_ =$_.Replace("#directory#", "")
$_ =$_.Replace("/", "\")
$dir =$root + $_ #Make the folder if it doesn't exist if (-not (Test-Path$_)) {
#write-host "Creating Directory: " $dir mkdir$dir
}
}
else {
$URL =$baseurl + $_$file = $_.Replace("/", "\")$fullfile = $root +$file
write-host "Downloading:" $URL$wc.DownloadFile($URL,$fullfile)
}
}


### Group Policy

Lastly, we have a group policy that applies to all customer workstations and laptops to push out the new MSI packages.