Third Party Patching
Why Enterprise-Ready Applications are a Must for Any Organization
Aapo KettunenTopics: Third Party Patching
Third-party applications are used in almost every organization, regardless of sector and size. Because installing applications manually is tedious, organizations use different solutions to deploy applications to their environment.
Regardless of the device management system or deployment solution, there are a few best practices to follow when you are deploying applications to your environment. With these best practices, you can ensure that the third-party application is compatible with enterprise use.
Disable Automatic In-App Updates
It’s crucial to keep your software ecosystem updated. However, having more granular control over application versions can save you from potential nightmares. When automatic updates are disabled, you can deploy new versions to your test group a few days before production deployment. Application vendors test their products before releasing new versions, but there can still be bugs or compatibility issues that you want to detect before your end users do.
In some applications, automatic updates require administrative permissions to update the application. No end user should have local admin privileges to their device, and without admin rights automatic updates could cause excessive tickets to the help desk. Centralizing application updates eliminates this issue.
Hide First Run Wizard
To save time and effort, it is important that end users can start using applications right after the app install. First run wizards are meant to help users configure the application in the way that the application vendor sees as the best fit. This usually means signing into the application, sending all the usage data, setting up the application as a default app, and reading end user license agreements.
In an enterprise ready application, all the settings that would be configured in the first run wizard are already set in the application package. The end user can start using the application without having to think about how it is configured.
As an example, the default first run experience in Firefox asks end users to:
- Set the application as a default browser
- Import data from other browsers
- Sign in
- Install Firefox on their mobile device
- Choose what kind of usage data to send automatically to Firefox
First run experience in a standard installation.
An enterprise ready version of Firefox doesn’t show any prompts to end users, disables automatic updates, and doesn’t check if the browser is default. The end user can start working and using the application the second the application has been installed.
First run experience in an enterprise-ready application.
Suppress Notifications
We all get a lot of notifications already from email and quick messaging services. Therefore, suppressing all unnecessary in-app notifications can help end users focus better on their work. Notifications can be triggered by automatic updates, tips of the day, or new features. Multiply this over many apps, and the notification stream can quickly become overwhelming.
End users appreciate the centralized suppression of notifications.
Remove Desktop Shortcuts
By default, most applications will add another icon to your already crowded desktop. Desktop shortcuts, however, don’t organize applications very effectively. Instead of adding desktop shortcuts, you can pin important applications to the start menu or to the taskbar using Microsoft’s instructions: https://learn.microsoft.com/en-us/windows/configuration/windows-10-start-layout-options-and-policies.
No need to add desktop shortcuts.
Customizing Applications for Enterprise Compliance
Adapting an application for enterprise use isn’t a one-size-fits-all process. Typically, vendors offer installation packages in MSI or EXE formats for Windows devices. While we won’t delve into the technical nuances of these formats, it’s worth noting that MSI files generally offer greater ease of modification and deployment compared to their EXE counterparts.
Step 1: Test Before You Tweak
Before diving into customization, it’s a good idea to manually install the application on a virtual machine. This will give you an understanding of the default settings and any additional configurations that may be necessary for enterprise deployment.
Step 2: Configure for Silent Installation
After identifying the settings that need adjustments, the next step is to learn how to configure them for a ‘silent’ installation—one that doesn’t require user interaction. This can often be achieved through a combination of group policies, registry edits, or MSI properties, among other methods. While some vendors provide comprehensive documentation for these settings, others may require you to dig deep into the operating system or even employ a process monitor for precise adjustments. For instance, Firefox can be customized using its policies.json and mozilla.cfg files.
Step 3: Tools and Commands
MSI packages can be edited using specialized software like Microsoft Orca or Master Packager. Additionally, command-line parameters can be employed for both MSI and EXE installers. The available parameters vary between applications and installation formats. Sometimes, pre- or post-installation scripts may be necessary, and tools like PSAppDeployToolkit can be handy for such tasks, especially when they involve PowerShell commands for registry changes or other system configurations.
Enterprise-Ready Applications Required
Ensuring that your third-party applications are enterprise-ready is not just a convenience—it’s a necessity. By adhering to the best practices outlined above and leveraging the right tools, you can best ensure that your applications not only meet but exceed enterprise-level requirements in both functionality and security. Remember, a well-configured software environment isn’t merely about deployment; it’s about creating a seamless, secure, and productive workspace for your end-users. So take the initiative, customize wisely, and set the stage for a more efficient and secure organization.
