Software Deployment via MSI – How I Do It

Part of my job is to deploy software to our fleet of Windows computers via SCCM.  This involves PowerShell scripts to automate the process and capture logs. So, I decided to make a post showing how I do it.

Anyone can double-click an MSI file to launch it and proceed through the GUI to eventually have the program install (as long as they have sufficient rights on the device to do so). In a business environment, it is best to not let the average user have this level of access – it often leads to malware and other problems. So, administrators use utilities like Microsoft’s System Center Configuration Manager (SCCM) to wrap up programs in a cute little bow to be either automatically deployed to devices, or to be made available for the user to install at their convenience. Either way, the installations usually need to be “silent” (no GUI or user interaction) so they can be installed in the background, or to prevent the user from pressing a button you may not want them to. This can be challenging at times because every company is different, every programmer is different, and even if industry standards are followed, there is enough wiggle-room to make things crazy.

Many programs are packaged into an MSI file by their authors and this makes it really easy. You put the MSI filename into a generic MsiExec command with some switches and it works flawlessly.  Same thing with the uninstall… but with a little bit of tweaking.

For this post, I’ll be using the Cisco AnyConnect Secure Mobility Client program. If you search the interwebs, there are A LOT of posts about people having difficulty uninstalling this program and I really don’t know why.

Here is the install command for version 4.6.00362:

MsiExec.exe /i anyconnect-win-4.6.00362-core-vpn-predeploy-k9.msi /qn reboot=ReallySuppress

That is the standard, normal, every-day way to automate the install of a program using an MSI. You can take that command, replace the MSI filename with any other MSI filename you want, and it will install silently without a reboot. Easy-peasy!

To automate the uninstall of a program, you need the uninstall command string. How do you get this? There are a few ways.

Mainly, the registry. You can find damn near everything you need in the registry. To find uninstall string, you look in the following locations:




Look at each item in the tree and you will most likely find an entry for the program you want. That entry will contain a value for “UninstallString” or something similar. There you go, the command you need to run to uninstall the program!

So, for version 4.6.00362 of the Cisco AnyConnect Secure Mobility Client, you would run the following uninstall command:

MsiExec.exe /X{511F072A-BBE3-4BE8-92BF-6C497DB76179} /qn

I hope this helps some of you. If you have any questions, comments, or concerns please reply below!

I am not a PowerShell expert. Always test any scripts you find online on a test system before using them in production. If you blow your shit up, it’s not my fault.