Deployment Script: IE11 needs one reboot (x86 and X64) updated for 3.5.0

Topics: Archive - Deployment Scripts
Aug 26, 2014 at 5:40 PM
Edited Dec 19, 2014 at 4:49 PM
There are alot of KBs that need to be used in the package.
You want to run the IE install with /log and you will see all the files it uses. The add-content line was just for SCCM 2012 application model. It does require one reboot. I couldn't ever get the toolkit to send error code 3010. So I put the restart prompt.
# Show Welcome Message, close Internet Explorer if required, allow up to 3 deferrals, verify there is enough disk space to complete the install and persist the prompt
Show-InstallationWelcome -CloseApps "iexplore" 

# Show Progress Message (with the default message)
Show-InstallationProgress

function IsInstalled($hotfixid)
{
$ret = $false
    Get-WmiObject -Query "Select * from Win32_QuickFixEngineering WHERE HotfixID = '$hotfixid'" -Namespace "root\CIMV2" | ForEach-Object {
        $ret = $true
            }

                return $ret
          }

Prerequisite 1

$update1 = "KB2834140"
If (IsInstalled($update1))
{
write-log -Message "$update1 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
  Write-log -Message "Installing $update1..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.1-KB2834140-v2-x86.cab /quiet /norestart"
}

Prerequisite #2

$update2 = "KB2670838"
If (IsInstalled($update2))
{
write-log -Message "$update2 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
  write-log -Message "Installing $update2..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\KB2670838_x86.CAB /quiet /norestart"
}

# Prerequisite #3
$update3 = "KB2639308"
If (IsInstalled($update3))
{
write-log -Message "$update2 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update2..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\KB2639308_x86.CAB /quiet /norestart"
}

Prerequisite 4

$update4 = "KB2731771"
If (IsInstalled($update4))
{
write-log -Message "$update4 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
 write-log -Message "Installing $update4..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\KB2731771_x86.CAB /quiet /norestart"
        }

Prerequisite #5

$update5 = "KB2729094"
If (IsInstalled($update5))
{
write-log -Message "$update5 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update5..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c " C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.1-KB2729094-v2-x86.cab /quiet /norestart"
}

Prerequisite #6

$update6 = "KB2786081"
If (IsInstalled($update6))
{
write-log -Message "$update6 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update6..." -source 'Isinstalled' -Logtype 'Legacy'
    cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\KB2786081_x86.CAB /quiet /norestart"
}

Prerequisite 7

$update7 = "KB2888049"
If (IsInstalled($update7))
{
write-log -Message "$update7 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update7..." -source 'Isinstalled' -Logtype 'Legacy'
    cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.1-KB2888049-x86.cab /quiet /norestart"
 }

Prerequisite 8

$update8 = "KB2882822"
If (IsInstalled($update8))
{
write-log -Message "$update8 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update8..." -source 'Isinstalled' -Logtype 'Legacy'
    cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.1-KB2882822-x86.cab /quiet /norestart"
}

*===============================================

* INSTALLATION

$installPhase = "Installation"

*===============================================

# Perform installation tasks here

main program

write-log -Message "installing main file" -source 'Isinstalled' -Logtype 'Legacy'
cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\IE11-neutral.Downloaded.cab /quiet /norestart"

spelling

write-log -Message "installing spelling file" -source 'Isinstalled' -Logtype 'Legacy'
cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.3-KB2849696-x86.cab /quiet /norestart"

Hypenation

write-log -Message "installing Hypenation file" -source 'Isinstalled' -Logtype 'Legacy'
cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.3-KB2849697-x86.cab /quiet /norestart"

*===============================================

* POST-INSTALLATION

$installPhase = "Post-Installation"

*===============================================

Setup auto-update false

write-log -Message "set no auto update" -source 'Isinstalled' -Logtype 'Legacy'
Set-RegistryKey -Key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main" -Name "EnableAutoUpgrade" -Value "0" -Type Dword -ContinueOnError $true

set detection

Add-Content -path "c:\windows\logs\IE11installed.txt" -value "install via sccm2012" -ErrorAction SilentlyContinue

exit Script

Show-InstallationRestartPrompt -countdownseconds 10
Nov 5, 2014 at 5:42 PM
Edited Dec 19, 2014 at 4:51 PM

*===============================================

* PRE-INSTALLATION

If ($deploymentType -ne "uninstall") { $installPhase = "Pre-Installation"

*===============================================

# Show Welcome Message, close Internet Explorer if required, allow up to 3 deferrals, verify there is enough disk space to complete the install and persist the prompt
Show-InstallationWelcome -CloseApps "iexplore" -closeappscountdown "60"

# Show Progress Message (with the default message)
Show-InstallationProgress

function IsInstalled($hotfixid)
{
$ret = $false
    Get-WmiObject -Query "Select * from Win32_QuickFixEngineering WHERE HotfixID = '$hotfixid'" -Namespace "root\CIMV2" | ForEach-Object {
        $ret = $true
            }

                return $ret
          }

Prerequisite 1

$update1 = "KB2834140"
If (IsInstalled($update1))
{
write-log -message "$update1 is already installed, skipping."  -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
  Write-log -Message "Installing $update1..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.1-KB2834140-v2-x64.cab /quiet /norestart"
}

Prerequisite #2

$update2 = "KB2670838"
If (IsInstalled($update2))
{
write-log -Message "$update2 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
  write-log -Message "Installing $update2..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\KB2670838_amd64.CAB /quiet /norestart"
}

# Prerequisite #3
$update3 = "KB2639308"
If (IsInstalled($update3))
{
write-log -Message "$update2 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update2..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\KB2639308_amd64.CAB /quiet /norestart"
}

Prerequisite 4

$update4 = "KB2731771"
If (IsInstalled($update4))
{
write-log -Message "$update3 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
 write-log -Message "Installing $update3..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\KB2731771_amd64.CAB /quiet /norestart"
        }

Prerequisite #5

$update5 = "KB2729094"
If (IsInstalled($update5))
{
write-log -Message "$update5 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update5..." -source 'Isinstalled' -Logtype 'Legacy'
        cmd.exe /c " C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.1-KB2729094-v2-x64.cab /quiet /norestart"
}

Prerequisite #6

$update6 = "KB2786081"
If (IsInstalled($update6))
{
write-log -Message "$update6 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update6..." -source 'Isinstalled' -Logtype 'Legacy'
    cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\KB2786081_amd64.CAB /quiet /norestart"
}

Prerequisite 7

$update7 = "KB2888049"
If (IsInstalled($update7))
{
write-log -Message "$update7 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update7..." -source 'Isinstalled' -Logtype 'Legacy'
    cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.1-KB2888049-x64.cab /quiet /norestart"
 }

Prerequisite 8

$update8 = "KB2882822"
If (IsInstalled($update8))
{
write-log -Message "$update8 is already installed, skipping." -source 'Isinstalled' -Logtype 'Legacy'
}
Else
{
write-log -Message "Installing $update8..." -source 'Isinstalled' -Logtype 'Legacy'
    cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.1-KB2882822-x64.cab /quiet /norestart"
}

*===============================================

* INSTALLATION

$installPhase = "Installation"

*===============================================

# Perform installation tasks here

main program

write-log -Message "installing main file" -source 'Isinstalled' -Logtype 'Legacy'
cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\IE11-neutral.Downloaded.cab /quiet /norestart"

spelling

write-log -Message "installing spelling file" -source 'Isinstalled' -Logtype 'Legacy'
cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.3-KB2849696-x86.cab /quiet /norestart"

Hypenation

write-log -Message "installing Hypenation file" -source 'Isinstalled' -Logtype 'Legacy'
cmd.exe /c "C:\Windows\System32\dism.exe /online /add-package /packagepath:$dirfiles\Windows6.3-KB2849697-x86.cab /quiet /norestart"

*===============================================

* POST-INSTALLATION

$installPhase = "Post-Installation"

*===============================================

Setup auto-update false

write-log -Message "set no auto update" -source 'Isinstalled' -Logtype 'Legacy'
Set-RegistryKey -Key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main" -Name "EnableAutoUpgrade" -Value "0" -Type Dword -ContinueOnError $true

set detection

Add-Content -path "c:\windows\logs\IE11installedX64.txt" -value "install via sccm2012" -ErrorAction SilentlyContinue

exit Script

Show-InstallationRestartPrompt -countdownseconds 150

*===============================================

* UNINSTALLATION

} ElseIf ($deploymentType -eq "uninstall") { $installPhase = "Uninstallation"

*===============================================

# Show Welcome Message, close Internet Explorer if required with a 60 second countdown before automatically closing
Show-InstallationWelcome -CloseApps "iexplore" -CloseAppsCountdown "60"

# Show Progress Message (with the default message)
Show-InstallationProgress

# Perform uninstallation tasks here

*===============================================

* END SCRIPT BODY

} } Catch { $exceptionMessage = "$($_.Exception.Message) ($($_.ScriptStackTrace))"; Write-Log "$exceptionMessage"; Show-DialogBox -Text $exceptionMessage -Icon "Stop"; Exit-Script -ExitCode 1 } # Catch any errors in this script
Exit-Script -ExitCode 0 # Otherwise call the Exit-Script function to perform final cleanup operations

*===============================================

Dec 19, 2014 at 3:15 PM
@Scorchguy thank you for taking the time and effort to share this with us! One question to you all, I have recently been tasked with deploying IE11 in my environment. Another team mate of mine, who no longer works here, created a IE11 package using the Internet Explorer Administration Kit (IEAK). I was looking to use the toolkit to simply further enhance the deployment experience within my organization. We are currently deploying the IEAK version of IE11 using an SCCM application and it works just fine.

However, I wanted to use the toolkit to check if IE processes was running and if so prompt the user to close it and most importantly prevent it from running while the install was running. So in theory the could below would be used - I extracted the "IE11-Setup-Full.exe and that is why I am calling the batch file already pre-built into the PKG by IEAK"
#*===============================================
#* PRE-INSTALLATION
If ($deploymentType -ne "uninstall") { $installPhase = "Pre-Installation"
#*===============================================
    
# Prompt the user to close the following applications if they are running:
    Show-InstallationWelcome -CloseApps "iexplore" -BlockExecution
# Show Progress Message (with default message)
    Show-InstallationProgress

#*===============================================
#* INSTALLATION 
$installPhase = "Installation"
#*===============================================

# Install IE11 created via IEAK
    Execute-Process -FilePath "IE-Setup.cmd" -WindowStyle Hidden -IgnoreExitCodes "3010" 
    
#*===============================================
#* POST-INSTALLATION
$installPhase = "Post-Installation"
#*===============================================

# Restart Computer after Install of IE11  
    Show-InstallationRestartPrompt -Countdownseconds 10 -CountdownNoHideseconds 10
While this does get IE11 installed and restarts the PC successfully, as the install commences I get a dialog box stating that "Launching this application has been temporarily blocked so that installation operation can complete." This message comes up even though IE itself is not running at the time of install. My guess is that since the batch file is calling "IE-Redist.exe" it causes that dialog box to come up.

So ultimately I am wondering has anyone used the toolkit to deploy an IEAK branded IE11 install? If so did you run into any of the same issues I am? If I was simply to use the script you posted on here, would I achieve the same results just in a different manner? I figured IEAK gave you the capability to further customize your IE11 deployment.

I thank you for any feedback and your time.
Dec 19, 2014 at 4:44 PM
I haven't used the IEAK because I haven't had to change IE too much.. most everything can be found in the registry / GPO.
Since 3.5.0 came out I had add some proxy settings and stop the protected banner... this goes in post install... this works for IE9,IE10,IE11

[scriptblock]$HKCURegistrySettings = {
    Set-registrykey -key 'HKCU\Software\Microsoft\Windows\CurrentVersion\Internet settings' -name 'AutoConfigURL' -Value 'your company proxy here' -type string -SID $UserProfile.SID
    Set-registrykey -key 'HKCU\Software\Microsoft\Internet Explorer\Main' -name 'Start Page' -Value 'your company's start page' -type string -SID $UserProfile.SID
    Set-registrykey -key 'HKCU\Software\Microsoft\Internet Explorer\Main' -name 'NoProtectedModeBanner' -Value 1 -type dword -SID $UserProfile.SID
    }
Invoke-HKCURegistrySettingsForAllUsers -RegistrySettings $HKCURegistrySettings
Jan 8, 2015 at 5:40 PM
Wonderful script, I'm going to use this to catch some of my clients who somehow didn't get the update via Software Updates. What was the reason for using DISM to install the updates, instead of wusa. (ex. wusa.exe Windows6.1-KB2888049-x64.msu)?
Jan 13, 2015 at 2:45 PM
<---name change
dism lets you inject it without any reboots...
Mar 9, 2015 at 7:33 PM
What are you using for your detection method?
Mar 10, 2015 at 3:13 PM
I did use the IEAK to deploy IE 11. As for customizing settings, we use GPO and GPP.

For the detection part, I use File System method to check for the file version of iexplorer.exe. This can avoid user to reinstall IE 11 in case they had manually upgraded themselves.

Wai Yin
Mar 10, 2015 at 5:16 PM
superz202 wrote:
I did use the IEAK to deploy IE 11. As for customizing settings, we use GPO and GPP.

For the detection part, I use File System method to check for the file version of iexplorer.exe. This can avoid user to reinstall IE 11 in case they had manually upgraded themselves.

Wai Yin
would be interested to see your code amigo.