Just echoing what others have said already. We have an area in the registry we created on all computers via gpo HKLM > system > company name > apps. I usually wrap the install in a script that will also write something to that area in the registry and use that for detection On Mar 30, 2015 4:25 PM, "Merenda, Kenneth" <[email protected]> wrote:
> There are two ways I would go about this: > > > > Option A: Script the main app together with this one. It could be as > simple as a batch file to run both executables in serial. > > > > Option B: Figure out what file associations are changing. Those will be > registry keys that can use as your detection method. > > > > My preference would be option B, because SCCM would be able to report > success/fail on each component of the install, and not just the script that > chains the components together. > > > > *Kenneth Merenda* > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Beardsley, James > *Sent:* Monday, March 30, 2015 2:34 PM > *To:* [email protected] > *Subject:* [mssms] Help with Detection Method > > > > I'm creating a deployment type for an application I'm working on and its > not the main app install, it's a small script compiled to an .exe (written > by the vendor) that needs to be run beforehand. The script just deletes > some file associations (which ones, I'm not clear on) and I'm trying to > figure out what I can use for the detection method. As far as I can tell, > it doesn't create any files, it doesn't create anything in Add/Remove, and > without knowing which files associations it's modifying, I have nothing to > detect. I've reached out to the vendor so waiting on a response from them. > Assuming they can't help, any ideas? I thought about using a Powershell > script to read from the event logs (Applocker execution events) to see if > its been run. I also thought about wrapping it in a script that writes > something to the registry which can be used for detection. Before I went > down that road, figured I'd see if there were any other ideas. > > > > Thanks! > > > > *James Beardsley |* Firm Technology Group > > Dixon Hughes Goodman LLP > > > > [image: cid:8644FC49-D5C9-45AE-B387-04FAFC0CC7A5] > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.dhgllp.com_&d=AwMFAg&c=r_B2dqKkHczsuXPCSs5DOw&r=krYjy-Xm1tps1F_nkG9sNKQIT3ZPFrUh3rvr18goJ2E&m=rw2XLdgTFI8reT8lnUcCW68tSB5tzpWWtRiyJQwPgfU&s=0EYIt5pqdvMkXrS5N9nMiTI8_LubOZfpi15LaVh1-3Y&e=> > > > ------------------------------ > > *Confidentiality Notice:* This e-mail is intended only for the addressee > named above. It contains information that is privileged, confidential or > otherwise protected from use and disclosure. If you are not the intended > recipient, you are hereby notified that any review, disclosure, copying, or > dissemination of this transmission, or taking of any action in reliance on > its contents, or other use is strictly prohibited. If you have received > this transmission in error, please reply to the sender listed above > immediately and permanently delete this message from your inbox. Thank you > for your cooperation. > > > >
