lazyadmin.nl Open in urlscan Pro
2606:4700:3034::ac43:a4bc Public Scan

Back to summary

URL:
https://lazyadmin.nl/it/pdq-deploy-inventory/
Submission: On May 27 via manual (May 27th 2024, 5:27:45 am UTC) — Scanned from NL

Form analysis
3 forms found in the DOM

GET https://lazyadmin.nl/

<form method="get" class="search-form navigation-search" action="https://lazyadmin.nl/">
  <input type="search" class="search-field" value="" name="s" title="Search">
</form>

GET https://lazyadmin.nl/

<form method="get" class="search-form navigation-search" action="https://lazyadmin.nl/">
  <input type="search" class="search-field" value="" name="s" title="Search">
</form>

POST https://lazyadmin.nl/wp-comments-post.php

<form action="https://lazyadmin.nl/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate="">
  <p class="comment-form-comment"><label for="comment" class="screen-reader-text">Comment</label><textarea id="comment" name="comment" cols="45" rows="8" required=""></textarea></p><label for="author" class="screen-reader-text">Name</label><input
    placeholder="Name *" id="author" name="author" type="text" value="" size="30">
  <label for="email" class="screen-reader-text">Email</label><input placeholder="Email *" id="email" name="email" type="email" value="" size="30">
  <label for="url" class="screen-reader-text">Leave Empty</label><input placeholder="Leave Empty " id="url" name="url" type="text" value="" size="30">
  <p class="comment-form-subscriptions"><label for="subscribe-reloaded"><input style="width:30px" type="checkbox" name="subscribe-reloaded" id="subscribe-reloaded" value="yes"> Notify me of followup comments via e-mail. You can also
      <a href="https://lazyadmin.nl/comment-subscriptions/?srp=7457&amp;srk=1ee5dad2be1a3f5b900eccf9b5db9a3b&amp;sra=s&amp;srsrc=f">subscribe</a> without commenting.</label></p>
  <p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="7457" id="comment_post_ID">
    <input type="hidden" name="comment_parent" id="comment_parent" value="0">
  </p>
  <p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="6749d10bd2"></p>
  <p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="40">
    <script type="rocketlazyloadscript">document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() );</script>
  </p>
</form>

Text Content

Menu
* Articles
* Home Network
* Office 365
* Microsoft Office 365 Comparison
* PowerShell
* Smart Home
* SysAdmin
* Windows 11
* Blogging
* Tools
* Network Gear
* About
* Newsletter
* Shop
*

GETTING STARTED WITH PDQ DEPLOY & INVENTORY

Published December 1, 2022 Last updated December 1, 2022 by Rudy Mens2 Comments

As a sysadmin, I try to automate as much as possible of my daily tasks. One of
the biggest time savers for me was when I started using PDQ Deploy back in 2016.
Before that we were installing the software manually, using images (which were
always outdated), and trying to stay up-to-date with the latest software
patches.

PDQ Deploy combined with PDQ Inventory is a powerful patch management system
that allows you to fully automate your software installation and patch
deployment. One of the biggest advantages is that PDQ is pretty easy to set up
and maintain. And the large package library that comes with the Enterprise
license really helps a lot with that.

In this article

Toggle
* PDQ Deploy and Inventory
* Free vs Paid version
* Automatically Installing new Computers
* Getting Started with PDQ Inventory
* Creating Collections
* Getting Started with PDQ Deploy
* Auto Download Packages
* Creating your own Packages
* Deploying Packages
* Automatically install packages with Schedules
* Setting the Triggers
* Choosing the Targets
* Packages and Options
* Create and Install the Baseline Automatically
* Creating the OU’s in Active Directory
* Schedule the baseline
* Wrapping Up

In this article, we are going to take a look at how to get started with PDQ
Deploy and Inventory, creating our first packages, and setting up a baseline
deployment.

PDQ DEPLOY AND INVENTORY

PDQ Deploy and Inventory are two products that are bought together. Deploy is
used to automate your patch management, install software and deploy custom
scripts on your endpoints. Inventory scans, collects, and organizes your
endpoints in collections.

The two products together form a powerful deployment system that allows you to
install packages on targeted clients when needed. For example, when there is a
new version of Autodesk Revit released. Before you had to install the new
version manually on all workstations.

With Inventory, we can automatically create a collection of machines, that
already have Revit 2022. In Deploy, we can create a new package for Revit 2023,
as explained in this excellent guide. Now we only have to schedule the
installation in PDQ Deploy, and all workstations that have Revit 2022, will
automatically get the new version.

Creating these packages always takes a bit of time. But once you have your
library built up with your custom packages, you will see that it becomes a huge
time-saver when installing or updating software on the endpoints.

FREE VS PAID VERSION

Good to know, there is also a free version for both Deploy and Inventory
available. Now I have to say the paid version, which costs $1500 per sysadmin
for both tools, is really great value for money. But if you are on a tight
budget then the free version can be a good start.

One of the biggest advantages of the paid version is the full package library in
PDQ Deploy. This library contains more than 250 packages with the most popular
software that is always up-to-date and managed by PDQ. In the Free version, you
will find some packages in the library, but this is mainly the .Net Framework
and a handful of other tools.

PDQ Inventory FeatureFreePaidAdd computer by nameXXActive Directory SyncXNetwork
DiscoveryXStandard Scan Information XXFull Scan InformationXStatic
CollectionsXXDynamic CollectionsXXRemote Tools (Reboot, shutdown, Wake, VNC, Run
Command)XXBuilt-in ReportsXXCustom ReportsXAuto ReportsXCollection
LibraryXAdditional Tools LibraryX

PDQ Inventory Free vs Paid

PDQ Deploy FeatureFreePaidPackage LibraryXX– Full LibraryXCreate Custom
PackageXX– Install stepsXX– Command or PowerShell stepsX– Nested PackagesX– File
CopyX– Message StepX– Reboot, Sleep, LogoffX– Package and Step ConditionsXDeploy
OnceXXScheduled deploymentsXRetry ScheduleXPull Copy Mode (Client downloads file
from the repository)XNotificationsXDeployment ReportsXX

PDQ Deploy Free vs Paid

AUTOMATICALLY INSTALLING NEW COMPUTERS

Every company has a couple of default applications that are installed on all
computers. We call this a baseline. This is the minimal software that is
required, like your company’s anti-virus scanner, PDF reader, browser, Office,
etc. We can use PDQ Inventory and Deploy to automatically install this baseline
on all new computers.

We do this by watching a specified OU in the Active Directory, any computer
placed in the OU will get the baseline installed automatically, and once
completed move it to a different OU.

I will explain more about setting up a baseline later in the article.

GETTING STARTED WITH PDQ INVENTORY

So the first step is to set up and configure our PDQ Inventory installation.
During the installation, you will need to select the license that you want to
use and enter domain administrator credentials. I recommend creating a unique
service account for this in your Active Directory with the appropriate
permission (administrator access on the clients).

> Tip
>
> A better solution is to use LAPS (Local Administrator Password Solution), but
> you can only use it with PDQ Deploy Enterprise and you will need to use the
> push copy mode.

The next step is to connect PDQ Inventory to the Active Directory and select the
containers you want to scan.

1. Select Options > Preferences
2. Make sure that Active Directory is selected on the left side
3. Enable Auto Sync
4. Set the sync to every 15 min
5. Delete mode, Full Sync, so inventory also cleans up old deleted computers
6. Click Include Container and select the OU with computers (repeat this for
every OU needed)

PDQ Inventory AD Sync

.Net Framework is required by the clients to run the Inventory scans. On most
Windows 10 and 11 devices is this installed by default, but to be sure, click on
.Net Installation in the preferences and enable Automatically install .Net.
Also, make sure that the install file is selected, or otherwise download .Net.

CREATING COLLECTIONS

Collection in PDQ Inventory allows you to organize and group your computers,
based on installed applications, application details (version for example),
operating system details, or hardware specifications. It comes with a lot of
commonly used collections by default, which is great. But we can also create our
own collections.

For example, we can create a collection based on the Windows version number.
This way we can easily target and update computers that are running behind with
the feature updates.

1. Expand Workstation
2. Right-click on Windows 11 and select New > Dynamic Collection

3. Give your collection a name
4. Enable Drill down from parent collection. This way only Windows 11 machines
are selected in this case.
5. Create a filter, where the Computer > SP/Release > equals 21H2

Collection Filter

You will now get a list of all Windows 11 machines that are running on 21H2.
Dynamic lists will automatically update, so machines that you upgrade to 21H2,
will automatically be added to the list.

We can do the same for applications. Only what I like to do here is create first
a dynamic collection based on the application name. This will give all computers
that have, for example, DisplayLink, installed. Then create two nested dynamic
collections based on the version numbers of the application. One will contain
all clients with the latest version number and the other all clients that have a
lower version. This way we can easily update outdated clients.

1. First, create a new dynamic collection and set the filter to Application >
Name > Contains, and as a value the name of the application
2. Create a new dynamic collection under the one that we just created. Name it
“latest” and add two filters:
– Application > Name > Contains > and as value the name of the applications
– Application > Version > Version Equals and as value the version number.
3. The last step is to create a dynamic collection with the name Old. Here we
will also add two filters:
– Application > Name > Contains > and as value the name of the applications
– Application > Version > Version Lower Than and as value the version
number.

Software Collection

Note that I selected the Drill down from the parent collection option. This way
the filters are only run against the computers from the parent collection, so
PDQ Inventory doesn’t have to go through all computers again, but only check the
computers that have DisplayLink installed.

Read more about the drill-down function, and what it does and doesn’t do in this
guide.

GETTING STARTED WITH PDQ DEPLOY

The install configuration of PDQ Deploy is similar to Inventory. During the
setup, you will need to enter credentials that Deploy can use the install
software on the client. You can use the same service account as you have created
for Inventory.

After the installation, we might need to make a couple of changes in the
preferences depending on your environment. Open the preferences under Options
and check the following settings:

* Auto Download – Downloads automatically new versions of packages after 7 days
by default. This is in most cases fine, it will download and update Chrome on
the clients for example after 7 days automatically.
* Deployments
* Default Timeout for packages is 60 min. You can change this per package or
increase it here. This will kill the installation if it hasn’t finished
within 60 minutes.
* Scan after deployment – Change it to Applications. No need to do a full
scan after installing a package
* Offline Status – Enable Ping before deployment to check if a client is
online before attempting to install a package. Optional – Enable Send
Wake-on-LAN to wake up computers if your clients support it.
* Performance
* Concurrent Targets Limit – Increase or decrease the concurrent
installations depending on your server specifications and available
bandwidth.
* Copy Mode – Important one – Set it to Push if the repository is on the same
server as PDQ Deploy. If you are using DFS shares or have the repository in
a central location, then use Pull mode.

AUTO DOWNLOAD PACKAGES

The enterprise version of PDQ Deploy comes with a package library of more than
250 applications. A lot of these applications, like Chrome, and Adobe Reader,
are updated regularly and you often want to install these updates also quickly
on your clients.

To do this we can download these packages as auto downloads. This way, PDQ will
automatically download a new version of the package within 7 days after it’s
released. Later we will combine this with a schedule to install the
applications.

* Open the package library
* Select the applications that you want to auto download
* Click Download Selected in the top right corner

Auto Download packages

The downloaded packages will appear on the left side, under packages.

CREATING YOUR OWN PACKAGES

In both the free and enterprise version of PDQ, you can create your own
packages. Now creating packages isn’t really difficult, but sometimes you will
need to search the documentation or do a bit of trial and error to find the
correct parameters to use for your installation.

When creating packages you want to run the installation in silent mode. This
means that the installation is done in the background without the need for user
interaction. If you have an MSI installation file, then this is pretty
straightforward. But with .exe files, you sometimes first need to unpack the
.exe file or run the .exe locally with the parameter /? behind it.

> Tip
>
> Make sure you check the documentation of the software to find the correct
> parameters to use for a silent install. Sometime you can preconfigure the
> software, for example, add license keys, or a server connection address,
> during the installation.

Packages can exist out of one or more steps that need to be performed for the
installation. This can be an install step, where you actually install an MSI
file for example. But also a message, (PowerShell) command, reboot, file copy,
or nested step.

1. In PDQ Deploy, Click File > New Package (or right-click in the sidebar)
2. Enter the name of the package and optional the version and description
3. Click on Steps > New Step and choose Install

Add Install Step
4. Enter a step title, which describes what the steps do
5. Select the installation file and make sure that the path starts with
$(repository)
6. When using an MSI file, the MSI options are already set correctly for a
silent install. But if you are using a .exe file, you will need to add the
silent install parameters in the parameters field.

> Note
>
> $(repository) is a shorthand for the default repository location
> %PUBLIC%\Documents\Admin Arsenal\PDQ Deploy\Repository. Using the variable in
> your packages isn’t only shorter, but also allows you to change the repository
> location later easily.

Create PDQ Deploy Package

For each step, we can also add conditions. These conditions can be a specific OS
Architecture version, for example (32/64bit) or the logged-on state. When we
need to restart a computer for example, then we want to make sure that nobody is
logged on. So we can add a condition to the step to only run when no user is
logged on:

When you have added the necessary steps for your package, click save in the top
left corner. Make sure that you test your packages on a test machine before
deploying them to production machines.

DEPLOYING PACKAGES

Installing (deploying) packages is where PDQ Deploy really starts to show its
power. We have a variety of options when it comes to deploying packages. You can
deploy the package to single or multiple computers, to a collection from PDQ
Inventory, or to all computers in a specific OU in the Active Directory.

Besides that we also have multiple options for when to install the package:

* Deploy Now
* Schedule deployment
* Once
* Every n days/hours
* Daily / Weekly / Monthly
* Heartbeat (when the endpoint comes online)

So for example, to install our newly created package to a single computer, we
can select the package, and click on Deploy > Deploy Once (or press Ctrl + D).
If you know the computer’s name, then you can simply enter it or look it up in
Inventory.

All targets that you select or entered will be listed. You will see a green
checkmark behind the computer name if the target is online. Click on Deploy Now
to install the package immediately.

If you have selected multiple targets (or a collection) then some of the targets
might be offline. This isn’t an issue, you can still use the deploy now feature.
Under the tab Offline Settings, you can configure what PDQ should do with the
offline targets. By default, it will retry to deploy it within the next 3 days.

Deploy package

AUTOMATICALLY INSTALL PACKAGES WITH SCHEDULES

We can also install packages automatically with schedules. Schedules are a great
way to automate your application installation and make sure that all computers
have the latest version of an application.

For example, we want to make sure that our computers have the latest version of
DisplayLink installed. We have created the Inventory collection before which
tracks the computers that have the latest or an old version of Display Link.

In PDQ Deploy we can create a new schedule, which we will need to give a name.
What I like to do is start the name of my update schedules with (auto) and
schedules that only run once with (once). This way it’s easier to clean up
obsolete schedules later on.

SETTING THE TRIGGERS

We need to determine the trigger(s) for our schedule. A good setup is to run the
updates on a weekly basis around lunchtime for example. This way the majority of
the computers are updated when they are not used.

For the computers that are offline, we will also add a heartbeat trigger. This
way they will still update when they come online. The retry queue will also
partially tackle this, but the problem with the retry queue is that it only runs
n amounts of times (by default 72 times, each hour for the next 3 days).

Triggers in PDQ Deploy Schedule

CHOOSING THE TARGETS

For the targets, we are going to select our Inventory collection DisplayLink
(old). This contains all computers that still have an old version of
DisplayLink.

Software collection

PACKAGES AND OPTIONS

In this case, we only selected one package, because we target computers with an
old version of DisplayLink. But it’s also possible to attach multiple packages
to one schedule.

We can also configure options like notifications, offline settings stop
deployment settings.

CREATE AND INSTALL THE BASELINE AUTOMATICALLY

A baseline is a collection of software that all computers need. So the first
step is to create our baseline package in PDQ Deploy.

Create a new package (ctrl + n) and name it Baseline. Next, we will add all the
packages we want to install as a nested package. Click on add step and select
nested package. Choose the package and repeat this step for every package that
you want to install.

Sometimes you will need to add a Sleep or reboot step after a package before you
can install the next one. This is a bit of a trial and error.

A couple of useful steps to add is a PowerShell script to enable BitLocker for
example. You can add a PowerShell step for this and use the following code:

Enable-Bitlocker -MountPoint c: -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector

Another useful PowerShell script that I use is to remove default installed
Windows apps:

# Windows 10 Default App Removal Script
# src: https://community.spiceworks.com/topic/1777896-remove-pre-installed-apps-from-the-windows-10-all-apps-menu#entry-6116454
#--------------------------------------------------------------------------------------
$apps=@(
"9E2F88E3.Twitter" #Twitter
"ClearChannelRadioDigital.iHeartRadio" #iHeartRadio
"Flipboard.Flipboard" #Flipboard
"king.com.CandyCrushSodaSaga" #CandyCrushSodaSaga
"Microsoft.3DBuilder" #3D Printing Software
"Microsoft.BingFinance" #Bing Finance
"Microsoft.BingNews" #Bing News
"Microsoft.BingSports" #Bing Sports
"Microsoft.CommsPhone" #Communications - Phone App
"Microsoft.Getstarted" #Get Started Hub
"Microsoft.Messaging" #Windows Messenger
"Microsoft.MicrosoftOfficeHub" #Office 2016 Hub
"Microsoft.MicrosoftSolitaireCollection" #Solitaire
"Microsoft.Office.OneNote" #OneNote
"Microsoft.Office.Sway" #Sway Presentation/Collab Software
"Microsoft.People" #People Hub
"Microsoft.SkypeApp" #Skype
"Microsoft.Windows.Phone" #Windows Phone Connector
"Microsoft.WindowsPhone" #More Windows Phone
"Microsoft.WindowsSoundRecorder" #Recorder
# "Microsoft.WindowsStore" #App Store
"Microsoft.XboxApp" #Xbox
"Microsoft.ZuneMusic" #Zune or Groove Music
"Microsoft.ZuneVideo" #Zune Video or Groove Video
"Microsoft.windowscommunicationsapps" #Default Mail and Calendar Apps
"Microsoft.MinecraftUWP" #Minecraft
"ShazamEntertainmentLtd.Shazam" #Shazam
"Microsoft.FreshPaint" #FreshPaint
"TheNewYorkTimes.NYTCrossword" #New York Times Crossword
"Microsoft.ConnectivityStore" #Microsoft WiFi App
)

foreach ($app in $apps) {
Write-Output $app
$appVersion = (Get-AppxPackage -Name $app).Version
if ($appVersion){
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage
}
Get-AppXProvisionedPackage -Online | where DisplayName -EQ $app | Remove-AppxProvisionedPackage -Online

$appPath="$Env:LOCALAPPDATA\Packages\$app*"
Remove-Item $appPath -Recurse -Force -ErrorAction 0
}

CREATING THE OU’S IN ACTIVE DIRECTORY

To install the baseline automatically we need to create two OU’s (or at least
one of them) in our Active Directory, Deploy, and Stock. We are going to monitor
the Deploy OU with PDQ Inventory and create a schedule that will install the
baseline on all computers in this OU. When done, we move the computers to the
Stock OU.

So in your Active Directory, create the two OU’s in your computers OU:

Active Directory

The next step is to create a new dynamic collection in PDQ Inventory. I like to
use two collections for this, one to find all new computers and the other for
new notebooks. The latter often need additional packages, so I have a Baseline
Notebook package, where the first step is the normal Baseline package as a
nested step.

For the collection, we can filter the computers based on the Chassis (if you
want to split computers and notebooks) and we add another filter for the AD
Path, which needs to contain Deploy (the OU name):

SCHEDULE THE BASELINE

We have set the sync time of PDQ Inventory and AD to 15 minutes. So we can run
the schedule every 15 minutes as well. This way, the baseline will automatically
start with installing on new computers within this timeframe.

In the schedule, at an Interval Trigger and set it to 15 minutes. For the
targets, we select the Dynamic collection that we just created, _New
Workstations.

The computer must be moved to a different OU in the Active Directory once the
baseline installation is completed. To do this, we can add a PowerShell step in
our baseline package:

$path = "OU=Stock,OU=Computers,OU=Oslo,DC=LAZYADMIN,DC=NL"
$session = New-PSSession -computerName LA-SRV-LAB02 # Name of the domain controller
$computer = $env:computername

Invoke-command { import-module activedirectory } -session $session
Invoke-command { Get-ADComputer $Using:computer | Move-ADObject -TargetPath $Using:path } -session $session

So now you only need to place your new computer in the correct OU, and the
installation will automatically start. With this setup, you can install multiple
computers simultaneously while you are working on other tasks.

WRAPPING UP

As mentioned in the beginning, PDQ is really easy to set up and maintain. When
you create new packages, make sure that you search the documentation of the
software that you want to install for the appropriate silent install options.

If you can’t get it to work, then you can always reach out to the PDQ community
where there is a lot of knowledge on deploying software packages silently.

I hope you liked this article, if you have any questions, just drop a comment
below.

Tweet
Pin
Share
Share
0 Shares

Tags IT

YOU MAY ALSO LIKE THE FOLLOWING ARTICLES

May 17, 2024

HOW TO TURN OFF GOOGLE AI SEARCH

Mar 5, 2024

HOW TO INSTALL ACTIVE DIRECTORY USERS AND COMPUTERS (ADUC)

Feb 28, 2024

MANAGE YOUR ACTIVE DIRECTORY WITH ADMANAGER PLUS

2 THOUGHTS ON “GETTING STARTED WITH PDQ DEPLOY & INVENTORY”

1. Jordan
December 1, 2022 at 21:20 | Reply

Your script for removing the windows apps has the -allusers for the get, but
not for the remove-appxpackage. When run like that I think the result is it
will find the app on any user, but it will still only remove for the
logged-on user. Depending on what version of Windows you are deploying on
the -allusers may or may not exist for Remove-AppxPackage.

I love the sections about cleaning it out of LocalAppData, I will be adding
that to my list for sure.

* Rudy Mens
December 2, 2022 at 15:42 | Reply

Hi Jordan,

You are correct that -allusers is needed to remove the package for all
users. Only in this case, I am running the script on a new computer, where
only the local administrator account had logged on. And by removing also
the provisioned package (Remove-AppxProvisionedPackage), we make sure that
the apps won’t be activated/installed for new users.

But if you want to use this script on computers that user’s already have
logged on to, then the -Allusers is indeed needen.

lazyadmin.nl Open in urlscan Pro 2606:4700:3034::ac43:a4bc Public Scan

Form analysis 3 forms found in the DOM

GET https://lazyadmin.nl/

GET https://lazyadmin.nl/

POST https://lazyadmin.nl/wp-comments-post.php

Text Content

lazyadmin.nl Open in urlscan Pro
2606:4700:3034::ac43:a4bc Public Scan

Form analysis
3 forms found in the DOM