Category filter
Distribute enterprise apps to Windows devices
This article deals with the distribution of enterprise apps on Windows devices.
Enterprise apps are custom apps developed by an organization or a third party to be used within the organization. These apps are also known as internal or in-house apps.
Since these apps contain proprietary business information, many organizations do not host these apps on public distribution channels (Microsoft Store for Windows devices). In such cases, they rely on enterprise app stores that can seamlessly deploy their internal apps within the organization.
Hexnode delivers its own enterprise app store to securely distribute apps, whether store or internal, to the organization’s devices. In the case of Windows devices, administrators can deploy enterprise (MSI/MSIX/EXE) apps to the managed devices without compromising data security.
Add enterprise apps to Hexnode app inventory
An enterprise app must first be uploaded to the Hexnode app inventory before its distribution.
- Log in to your Hexnode portal.
- Navigate to Apps.
- Select +Add Apps > Enterprise App.
- Choose the platform as Windows.
- Provide the App Name.
- You can either upload with:
- MSI file: Click on Choose the MSI File and select a file from the system.
- MSIX file: Click on Choose the MSIX File and select a file from the system.
- EXE file: Click on Choose the EXE File and select a file from the system.
- From Manifest URL: Enter the URL to the app and its version. Note that only apps with the .msi extension are supported for installation.
Or
Or
Or
- Select an app category or input a new category by clicking on the + button.
- Provide a description for the application and click Add to upload the file.
- SHA-256 Checksum: Hexnode uses the SHA-256 checksum to ensure that the apps are not corrupted while uploading them to the portal and deploying them to devices. Provide the SHA-256 checksum(hash) of the file to verify the file integrity before distribution. If left blank, Hexnode UEM will skip the file verification.
- If it’s an MSI file, specify the device location where the MSI file should be installed. For example, C:\Program Files.
- While uploading the MSI/MSIX/EXE file, you can check the Notify admin via email once app upload succeeds/fails option to receive the email notifications on the app upload status.
- Click Add to upload the file.
Managing multiple versions of MSI apps
For MSI apps, you can upload different versions of the same app and choose the version to be used for installation.
To add a different version of an app:
- Go to the Apps tab and click on the app for which you want to add a new version.
- In the App details dialog box, click the gear icon at the top right and select Edit.
- You can add a new version using either of the following methods:
- Upload via MSI File: Upload the new MSI file.
- Upload via Manifest URL: Enter the URL of the app and its version.
- You can also edit app details such as App Name, Category, Description, and enable/disable Notify admin via email for upload succeeds/fails notifications.
- There is a gear icon at the top right, where you can choose to view the Version History or delete the app from the Hexnode app inventory. Note that deleting the app will delete all its versions and remove it from any associated groups and policies.
- Click Save to apply the changes.
Version History
If you want to view the version history of an app (all added versions and their details):
- Go to the Apps tab and click on the app for which you want to check the version history.
- In the App details dialog box, click the gear icon at the top right and select Version History.
- Here, you can see the versions of the app that have been uploaded along with their details.
- The most recent version uploaded to the Hexnode app inventory is automatically marked as the Latest version.
- On the Version History page, you will see three icons to the right of each version:
- Download Icon: To download the file.
- Edit Icon: To customize the validation criteria for each version of the MSI app.
- Delete Icon: To delete an app version. Upon clicking the delete icon, you’ll be prompted to select how policies, groups, and catalogs should be affected:
- Remove the app from associated policies, groups, and catalogs
- The app will be removed from associated Required Apps policies, App Groups, and App Catalogs.
- The app will be removed from associated Required Apps policies, App Groups, and App Catalogs.
- Update policies/groups/catalogs with the latest app version
- The app version will be updated to the latest available version on the associated Required Apps policies, App Groups, and App Catalogs.
- Remove the app from associated policies, groups, and catalogs
Success Criteria
The Required Apps policy in Hexnode ensures that a specified application remains installed on the device. It periodically checks for the app’s existence on the device and re-initiates installation if found missing.
In the case of MSI apps, it all depends on the app identifier/version, both included in the MSI file and of the installed app, that determines whether the policy association is successful. The policy deploys the app once again when a discrepancy is identified between these values, even if the app is installed (but holds a different identifier/version). A faulty MSI file might install the app to have an identifier/version different from those extracted during MSI file upload.
Defining a success criterion for installation allows administrators to validate specific app parameters post installation to alert them to any inconsistencies. A success criterion specifies a set of parameters, like app identifiers, registry path, and app path, used to verify an app’s installation on a device. The criterion, if satisfied, concludes that the app is installed despite any discrepancies in the MSI file. The administrators can verify it directly from the console.
Defining Success Criteria for MSI files
For MSI files, a validation criterion can be defined to notify administrators of a successful app installation using the following steps:
- Log in to your Hexnode portal.
- Navigate to Apps.
- Select the desired MSI file.
- At the bottom, you will find the following parameters to edit:
- App Identifiers: Add one or multiple app/installer identifiers (product codes), separated by a semicolon (;). Once the MSI file is installed, Hexnode verifies if the installed application contains the specified app identifier. In case of a mismatch, the success criterion will fail.
For example:
The App Identifier may be a string of numbers, or a name provided by the app publisher, such as
{3456C7D8-2345-6789-ABCD-EFG12345678}
orMozilla Firefox
. - Registry Path: This option allows you to define the path of a registry key to be checked on the target device. This can be any registry key created when the app is successfully installed. If the key does not match, the success criteria will fail.
There are two components to configure in this option:
- Registry Root: This is the top-level directory in the Windows Registry, such as HKLM (HKEY_LOCAL_MACHINE), HKCU (HKEY_CURRENT_USER), HKCR (HKEY_CLASSES_ROOT), HKCC (HKEY_CURRENT_CONFIG), and HKU (HKEY_USERS).
- Subkey: This is the specific path within the registry root, such as \SOFTWARE\MyCompany\MyApplication.
For example:
In the case of Firefox, the registry key related to the app is ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox’.
From the registry root dropdown, choose HKLM and enter the subkey ‘
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox
‘.
- App Identifiers: Add one or multiple app/installer identifiers (product codes), separated by a semicolon (;). Once the MSI file is installed, Hexnode verifies if the installed application contains the specified app identifier. In case of a mismatch, the success criterion will fail.
- Install Path: This option can be used to confirm the app’s installation on the device by checking for a specific file present on the target device. The file’s location is indicated in the Path field, which should contain the path of any file created upon successful app installation.
For example:
In the case of Mozilla Firefox, the path of the file is most likely to be in the following format:
C:\Program Files\Mozilla Firefox\firefox.exe
Later, the administrators can select one of these parameters to assign it as the success criteria when deploying an MSI file to the devices.
If no success criterion is specified, the extracted Installer identifier (while uploading) will be used as the default success criterion after defining it as the App identifier parameter.
Deploy the apps to target devices
The apps added to the app inventory can be distributed to the devices using the remote action or Required Apps policy.
Install apps via Actions
Method 1
- Navigate to Manage > Devices.
- Click on the device.
- On the device summary page, click Actions > Install Application.
- Select the app.
- Click Configure to specify the installation settings.
- Click Install.
Install apps via Policy
- Navigate to Policies.
- Create a new policy with the New Policy button or select an existing policy.
- From Windows > App Management, select Required Apps.
- Click on Configure and +Add button to either add an app or a group of apps from the app inventory.
- Select the required app(s) and click on Done.
- Configure the installation settings and click Save.
- Next, associate the policy with the target devices by navigating to the Policy Targets tab.
- Select the required Devices/Device Groups/Users/User Groups/Domains to which the policy is to be associated.
- Click on Save.
For MSI apps deployed via the Required Apps policy, deleting the deployed version from the Hexnode app inventory removes it from both the device and the policy. Note that the associated policy gets replaced with the latest available app version.
Installation settings
For MSI apps, Hexnode enables you to configure various app installation settings during deployment via the Required Apps policy and the Install Application remote action.
- Enable logging: This setting helps specify the MSI app’s default logging mode. Ticking this option enables the logging service, and the Windows Installer records the errors and events into logs on the specified log path of the device. The diagnostic data contained in the logs helps the user to troubleshoot in case the installation fails.
- Log path: Specify a custom path for the output log file. You can provide the complete path of a folder along with the desired file name and format. C:\Hexnode\Logs\MSI Logs\
.log is set as the default log path.
- Force device restart after app installation: Upon successful installation, the system restarts automatically when this option is selected.
- Installation Timeout: If the app installation process does not complete within the specified time duration, it will be forcefully terminated. The minimum and maximum time duration is 10 and 60 minutes respectively.
- Add command-line parameters: You can specify additional parameters by ticking this option while distributing the MSI app to the device. These command-line parameters help you modify the installation process and other related operations on the device.
- Change app version: Select the app version you wish to install on your device. All uploaded versions of the app are displayed with their respective version numbers.The version marked as Latest is the most recent version.
- Success Criteria: You can choose one of the validation criteria defined during the MSI file upload to the Hexnode app inventory. The installed application must meet the selected criterion for the installation action to be successful. The three available options are:
- App exists: This option uses the App identifiers parameter as the success criterion.
- Path exists: This option uses the Install path as the success criterion. It can be edited or updated directly from the Installation Settings.
- Registry exists: This option uses the Registry path as the success criterion.
After app deployment, administrators can verify the success criteria status from the Action History tab of the device in the Hexnode portal. Select the app status corresponding to the initiated action to view detailed information.