FREDWESTON.NET - Silently Install Cisco IP Communicator
Silently Install Cisco IP Communicator
Posted under Work Stuff on Tuesday, December 3, 2013 @ 3:32:02 PM
Show Previous Article Show Next Article
My company uses IP Communicator pretty extensively for our staff that travel internationally to help cut down on telecom costs.  Cellular roaming can cost $1.50-2.50 per minute and is the single biggest cost on our wireless bill during months when we're heavily deployed overseas.

We'd been manually installing CIPC because I hadn't found a working method to do an unattended install in the couple hours I spent trying to make it work.  Eventually I got tired of doing manual installs and put in the time to make silent installs work, and figured I'd post what I found here so someone else might be able to make use of it.

The CIPC MSI installer has some CLI switches that facilitate this, namely you can use the /qb switch to do a silent install and you can also use the DEVICENAME and TFTP1 options to set the devicename and tftp server address, respectively.

By default, CIPC uses the MAC address of a network adapter to create the device name, but that makes no sense to me because that means CIPC only works when the PC is connected using that NIC.  So for example if the system is hardwired when the devicename is generated and then later on the user is on WiFi and wants to use CIPC, no dice.  We use hardcoded device names to get around this problem, and we just make the device name the same as the PC name because those are already unique and tracked and it makes it easy to associate the device name with a specific person with a DN.

The switches alone will get you most of the way there, the problem we had is that during the installation Windows would throw up a security prompt for the user to confirm the Cisco driver installation.  The way around that is to preload the Cisco code signing certificates on the local PC, which will cause the driver to be installed without a security prompt.

To get the certificate(s) you need to add, on a PC with CIPC already installed, open certmgr.msc and navigate to Trusted Publishers > Certificates and you should see one or more certificates listed here that are issued to Cisco Systems, Inc.  Right-click on each certificate and select export.  Export the certificate as Base-64 encoded X.509 and save those exported certificates somewhere where the systems running the unattended install process will be able to access them.

Now, for your unattended install process, you can use a simple batch file.

Step 1, preload the certificates.  If you exported more than one certificate in the step above, you'll need to run the command below for each certificate:

start /wait serverinstallciscocertmgr.exe -add serverinstallciscocisco1.cer -c -s -r localMachine TrustedPublisher

Step 2, install CIPC using the /qb switch to make the install silent and the devicename and tftp1 switches to specify those values:

start /wait msiexec /norestart /i serverInstallCISCOCiscoIPCommunicatorSetup.msi /qb DEVICENAME="%computername%" TFTP1=""

Step 3, the registry updates below may not be necessary.  I got the process working and didn't try taking these out because I didn't want to spend anymore time on this or tempt fate and break it.  These handle setting the devicename.

start /wait REG ADD "HKEY_CURRENT_USERSoftwareCisco Systems, Inc.Communicator" /f /v HostName /t REG_SZ /d %computername%
start /wait REG ADD "HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCisco Systems, Inc.Communicator" /f /v HostName /t REG_SZ /d %computername%
start /wait REG ADD "HKEY_CURRENT_USERSoftwareCisco Systems, Inc.Communicator" /f /v AlternateDeviceName /t REG_DWORD /d 00000001
start /wait REG ADD "HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCisco Systems, Inc.Communicator" /f /v AlternateTftp /t REG_DWORD /d 00000001
start /wait REG ADD "HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCisco Systems, Inc.Communicator" /f /v AlternateDeviceName /t REG_DWORD /d 00000001