Installing 3rd party apps is not simple

I dont see a simple way to install software from chocolaty except if I create a 3rd party patch management module, then assign it to a Policy, then assign a computer to that policy, then wait. It seems like way too many steps and cumbersome. Is there just a way to select an asset then pick a software title then click install?

1 Like

Not in the WebUI.
You have to write a script, then run the install from the script tab.

Yes, use a script with runtime variables, one for $packagenames and one for $action:

Import-Module $env:SyncroModule -DisableNameChecking

$choco = "$env:allusersprofile\chocolatey\choco.exe"

&$choco $Action $PackageNames -y -r --noprogress
if ($LASTEXITCODE -eq 1) { exit 1 }

$InstalledPackages = &$choco list -l -r --idonly
$InstalledPackages
2 Likes

The managed third-party stuff is policy-based by design. so you’d make a sub-policy for third-party patch management (you’ll likely have many dependent on how large you are and the diversity of your base), then those get put into a policy and applied tot any level of the Policy Inheritance tree. Assets can either inherit those or you can apply a single policy directly to an asset if need be, but that should be rare.

Chocolatey Software | Installing Chocolatey - It seems by default power shell is ‘restricted’
Whats the smoothest way to get Chocolately installed to all computers?

I have this in a Batch script called Install Chocolatey

@powershell -NoProfile -ExecutionPolicy Bypass -Command “iex ((New-Object System.Net.WebClient).DownloadString(‘https://chocolatey.org/install.ps1’))” && SET “PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin”

And force the Install Chocolatey script to run as logged in user.

Then in the scripts I have that install apps I have lines like this

c:\ProgramData\chocolatey\choco.exe install adobereader -y --no-progress

Of course you can get more fancy, but this works.

There is much room for improvement in this area of SyncroMSP.
But as their focus in on the PSA, and the roadmap is not shared, I tend to assume there will be no improvement in this area of the RMM till 2024 or 2025.
If the improvements happen earlier, then it will be a pleasant surprise. :slight_smile:

Chocolatey is already provided by Syncro if you have a thirdparty patching policy set up for the asset. It’s located at C:\Program Files\RepairTech\Syncro\kabuto_app_manager\choco.exe

This may explain Syncro’s third-party patch management as it currently exists, but doesn’t really address the original post.

An RMM should have the built-in ability to push out third-party software to assets on demand. Syncro does not.

I use a script with runtime variables much like isaacg suggests. It works, but is not the same as having the capability built-in.

1 Like

Not long after I started with Syncro, I read somewhere on the forums that the Chocolatey provided by Syncro wasn’t using the full choco repository.
I don’t have a reference for that, and it might be wrong too, but it led me to not use Chocolatey deployed by SyncroMSP.
So I guess this is a good time to clear that up with this question.
Is there any negative outcome possible when using the SyncroMSP Chocolatey compared to the Official Chocolatey, or are they exactly the same from a repo and feature point of view?

There is a Chocolately community edition and a paid/pro one basically. Syncro uses the community edition. But it’s still the real thing.

Yea, you have full access to the repo. Possible downsides to using Syncro’s chocolatey:

  • They don’t update the version very often, on my machine looks like it’s 0.11.3 (October 27, 2021), probably not an issues in most cases (EDIT this appears to be a me issue not a syncro issue)
  • It’s only installed if you have a 3rd party patch policy applied to the asset, which doesn’t happen instantly either, so if you want to have onboarding setup scripts that install things with choco you’ll have issues. I install the official choco as a setup script to avoid this issue, but unfotunately Syncro likes to ignore the order of the setup scripts, so that’s not foolproof either, I have a bug filed on that.

Thanks @isaacg
Here is there release notes page for Chocolatey.
Chocolatey Software Docs | Release Notes

A major problem that stands out to me about SyncroMSP not updating their version of chocolatey since 0.11.3 Oct 2021 is the [Security] bug that was fixed in version 1.2

[Security] Unable to extract files from nupkg when different file name encoding is used ¡ Issue #2816 ¡ chocolatey/choco ¡ GitHub

Using version 0.11.3 feels to me like an unacceptable security risk, so I’ll keep using the latest version of 1.3.1…and therefore not use the 3rd party app patching policies.

Good find. You’ll need to periodically update chocolatey, I don’t believe it does so automatically

choco upgrade chocolatey

or ‘upgrade all’ would work as well.

Thanks for that.
Maybe I’m odd, but if Syncro is providing chocolatey, I kind of expect SyncroMSP to upgrade every component of what they provide at least every time there is a new version of the agent released…and when there is a new update to a component, then release a new agent version.

Doesn’t make sense to me to expect every partner to reinvent the wheel and put the chocolatey upgrade commands into a scheduled script?

5 Likes

I feel that should certainly be an automated update with syncro rmm type thing, no?
On that note, seems the machines I’ve checked of mine thus far are 1.3.1.

Apparently everyone but me it updates fine. I’m guessing cause I’ve installed regular chocolatey as well as Syncro’s somehow it’s borked Syncro’s updating. Still investigating

1 Like

Oh yeah I would LOVE to solve that problem as well. Maybe enabling a first time run order of execution. That would smooth things out. Currently, I have to re-run scripts a few times to ensure that my onboarding of new clients works properly. Or setup additional scripts that do validation checks to make sure things don’t slip through the cracks.

I did a little playing around, but just decided this is probably not worth my time and just added a line to upgrade syncro’s choco to my regular choco monitor script. Probably should be there just to make sure anyway. Referencing syncro’s choco directly upgraded from 0.11.3 to 1.3.1 without issue so I’m chocking it up to some conflict between the two installs.
&"C:\Program Files\RepairTech\Syncro\kabuto_app_manager\choco.exe" upgrade chocolatey -y

2 Likes