There are two ways I would go about this: Option A: Script the main app together with this one. It could be as simple as a batch file to run both executables in serial.
Option B: Figure out what file associations are changing. Those will be registry keys that can use as your detection method. My preference would be option B, because SCCM would be able to report success/fail on each component of the install, and not just the script that chains the components together. Kenneth Merenda From: [email protected] [mailto:[email protected]] On Behalf Of Beardsley, James Sent: Monday, March 30, 2015 2:34 PM To: [email protected] Subject: [mssms] Help with Detection Method I'm creating a deployment type for an application I'm working on and its not the main app install, it's a small script compiled to an .exe (written by the vendor) that needs to be run beforehand. The script just deletes some file associations (which ones, I'm not clear on) and I'm trying to figure out what I can use for the detection method. As far as I can tell, it doesn't create any files, it doesn't create anything in Add/Remove, and without knowing which files associations it's modifying, I have nothing to detect. I've reached out to the vendor so waiting on a response from them. Assuming they can't help, any ideas? I thought about using a Powershell script to read from the event logs (Applocker execution events) to see if its been run. I also thought about wrapping it in a script that writes something to the registry which can be used for detection. Before I went down that road, figured I'd see if there were any other ideas. Thanks! James Beardsley | Firm Technology Group Dixon Hughes Goodman LLP [cid:8644FC49-D5C9-45AE-B387-04FAFC0CC7A5]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.dhgllp.com_&d=AwMFAg&c=r_B2dqKkHczsuXPCSs5DOw&r=krYjy-Xm1tps1F_nkG9sNKQIT3ZPFrUh3rvr18goJ2E&m=rw2XLdgTFI8reT8lnUcCW68tSB5tzpWWtRiyJQwPgfU&s=0EYIt5pqdvMkXrS5N9nMiTI8_LubOZfpi15LaVh1-3Y&e=> ________________________________ Confidentiality Notice: This e-mail is intended only for the addressee named above. It contains information that is privileged, confidential or otherwise protected from use and disclosure. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, or dissemination of this transmission, or taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please reply to the sender listed above immediately and permanently delete this message from your inbox. Thank you for your cooperation.
