This article will cover how to make use of an Ivanti EPM Provisioning binary to help you in either troubleshooting or (if desired) duplicating detailed (sub-)steps of Ivanti EPM Software Distribution.
If you've ever been in a situation where you'd love to have "out of band' access to Ivanti EPM technology to download "just this one file" as part of some script you're writing, this is the way to do it.
What is PEDownloader.exe exactly?
As the name may appear to imply - it is one of the key binaries that we make use of when downloading files into a Windows PE environment. So it's actually originally a file from the Provisioning side of the product - usually to help download "this or that" as part of the image deployment process.
However, the binary CAN also be used inside a "full" Windows environment. It's THIS aspect that we look to exploit to make use of to help you along with a few things.
Where is it located?
- The "PEDownloader.exe" binary can be found in the root of the LDLOGON share of your Core Server.
- Most clients will already have a copy of the binary in their LDCLIENT folder (so - )
What can I get it to do?
The short answer to that is - "anything that regular Ivanti EPM Software Distribution can do".
You can make use of (or exclude) Peer Download, Preferred Servers, authenticating to shares, verifying downloaded files against certain hashes. In short - "everything" that regular Software Distribution does / can do, you can do via this binary (as it calls upon the same tech to do the respective deed).
A detailed print out of all the command-line options can be had by running "pedownloader /?" - a copy of whose output is included further below for your convenience.
How does it work? A short working example walkthrough
PEDownloader.exe is very easy to use. It makes use of (and calls upon) all the regular software distribution technology available through regular software distribution - all available through some command line options.
Example 1 - Download a file from a server
Let's start with the complete basics - let's download a file from the source server. To this end, we see the command-line and the resulting output as follows (I'm using the pedownloader.exe out of the LDCLIENT directory in this scenario).
Note that you get visual confirmation of the following:
- Where the file(s) was/were downloaded from.
- How long the file download took.
So if you want/need to test peer download across your network, as an example - this is a superbly easy & convenient (and repeatable) way to do so.
Actual command-line used in this example (split up for easier readability)
C:\Program Files (x86)\LANDesk\LDClient>pedownloader.exe /P="http://samarkum.fantasia.org/ldlogon/xx/vlc-2.1.3-win32.exe" /O /Dest="C:\Program Files (x86)\LANDesk\LDClient\sdmcache\vlc-2.1.3-win32.exe" /AllowSource
Note also the following here:
- No file-hash has been specified here - so the file won't be verified upon download!
- The use of the "/O" flag forces an overwrite of any existing file in the destination.
- In order to make use of the Peer Download option (as in example 2), you may need to re-start the "LANDESK Targeted Multicast"-service on the device that's due to serve as a peer. This is ONLY necessary because we're not going 100% through the "regular" download process here. The process parses files in SDMCACHE every hour roughly - a manual re-start simply accelerates this as it triggers this step right away.
Example 2 - Force a download from a peer
So - basic download is working. Great - now let's use this to test Peer Download on the network segment that we've pulled the file from Example 1 down.
Here, I've spun up another client and I am going to force the use of Peer Download (and only peer download).
REMEMBER - I've re-started the "LANDesk Targeted Multicast" on the device that's due to act as a peer, so it is now aware of the new file that was downloaded upon it.
Actual command-line used in this example (split up for easier readability):
C:\Program Files (x86)\LANDesk\LDClient>pedownloader.exe /P="http://samarkum.fantasia.org/ldlogon/xx/vlc-2.1.3-win32.exe" /O /Dest="C:\Program Files (x86)\LANDesk\LDClient\sdmcache\vlc-2.1.3-win32.exe" /AllowPeer
Note the following bits of data we get back:
- We get confirmation again of the download source (Peer in this case)
- We get information the specific IP from which peer we've downloaded the file.
- I've (again) not specified a file-hash, so the file will not be verified against it!
Things to be aware of
- Unless you specify a DESTINATION in your command-line, WinPEDownloader will always download files into the root of your SDMCACHE folder (by default - C:\Program Files (x86)\LANDesk\LDClient\SDMCache\ ).
- It's good practice to always encapsulate path names with "-s (even when there are no spaces) as a "just in case" habit enforcer.
Full Command Line options
For reference and convenience - here's a print-out (to save you the hassle of doing so yourself) of all of the command-line options / parameters for WinPEDownloader for LANDesk Management Suite 2016. You can get your specific versions' help data by running "pedownloader.exe /?" from a command prompt.
Downloads files or folders to the local machine.
[/P=<package/file path>|/Dir=<filedir>] [[/WanBW=xx]|[LanBW=xx]]
[[/AllowMulticast /MulticastGuid=<guid> /MulticastDelay=<seconds>]|
[[/RequirePref]|[/AttemptPref]|[/NoPref]|[/NoServerCom]] [/PreserveDir] [/O]
[/Recursive] [/UseDownloaderCopy] [/Username=<username> /Password=<password>]
[/ShowProgress] [/NoProxyhost] [/NoHardLink] [/Dest=<destination path name>]
[/PushWan] [/Synchronize] [/CancelAfter=<seconds>] [/Discard=<ttl in seconds>]
[/MaxThreads=xx] [/Hash=<md5hash>] [/NoPushHash] [/CoreServer=<core server>]
[/CalculateHash /P=<local file path>] [/WOL=<MAC Addresses>]
/P Specify the package to download. This can be a web path (http://server/share/package.exe) or a UNC path
(\\server\share\package.exe). Use quotes where needed.
/Dir Specify the directory/folder to download. This can be a web path (http://server/share/folder) or a UNC path
(\\server\share\folder). Use quotes where needed.
/WanBW The bandwidth (as a percentage) to allow over the WAN.
(This is to the source or preferred server)
/LanBW The bandwidth (as a percentage) to allow over the LAN.
(This is to the peers)
/AllowMulticast Allows multicast to take place. Discovery will occur between all of the machines using the same multicast GUID, to determine the multicast representative.
This option requires the use of /MulticastGuid and /MulticastDelay.
/MulticastGuid Specify a GUID for the file or folder to download. This MUST be in a GUID format.
/MulticastDelay The number of seconds that the multicast representative will wait before beginning to broadcast the job.
/MCRAllowPeer Allows multicast representative to download from a peer. By default, the multicast representative will inherit this trait from /AllowPeer if used.
/MCRAllowSource Allows multicast representative to download from a source. By default, the multicast representative will inherit this trait from /AllowSource if used.
/PeerOneSource Allows downloading from a peer but requires that only one of the peers can download from the source (or preferred server).
/AllowPeer Allows downloading from a peer.
/AllowSource Allows downloading from the source (or preferred server).
NOTE: Regardless of the order placed on the command- line, the hierarchy of the above options is...
/AllowMulticast, /PeerOneSource, /AllowPeer, and /AllowSource. There are no default options.
/RequirePref Require the use of a preferred server.
/AttemptPref Attempt the use of a preferred server.
/NoPref Do not use a preferred server (default setting).
/NoServerCom Specifies that no head request be done on the package.
/PreserveDir Preserves the full package path in the cache directory.
/O Overwrites the package in the cache.
/Recursive Recurse the subfolders when the package is a folder.
/UseDownloaderCopy Moves package to location rather than copying it.
/Username The user name to use if authentication is needed for the package path.
/Password The password to use if authentication is needed for the package path.
/ShowProgress Shows the progress of the download.
/NoProxyhost Specifies to go directly to URL rather than through proxyhost.
/NoHardLink Do not create a hard link (copy of the package).
/Dest The destination on the local machine to download the package.
/PushWan Use WAN bandwidth for file replication.
/Synchronize Synchronizes files instead of just copying them.
/CancelAfter Cancel the job after the specified number of seconds.
/Discard How long (in seconds) the package should exist in the cache.
/MaxThreads Maximum number of peer discovery threads. (default=15, max=30)
/Hash The MD5 hash of the package. This ensures that the package being downloaded is the right one.
/NoPushHash Do not push the hash to the machine.
/CalculateHash Outputs the hash of a package (that resides in a local directory).
/WOL Send list of MAC addresses to multicast service for WOL separated by a comma.
/CoreServer Overrides core server to use to get credentials and and the preferred server list.
/NoSource Mapped over to /AllowPeer.
/OneSource Mapped over to /PeerOneSource.
/AttemptPeer Mapped over to /AllowPeer and /AllowSource.
/SourceOnly Mapped over to /AllowSource.
To download a package (or file) from an anonymous web share and allow it to
come from a peer or the source, enter the following:
pedownloader.exe /P="http://server/share/package.exe" /AllowPeer
To download a package (or file) from a secure UNC share and force it to get
the file from the source (or preferred server), enter the following:
pedownloader.exe /P="\server\share\package.exe" /AllowSource
/AttemptPref /User=<username> /Password=<password>
To multicast a folder with all of its subfolders, enter the following from
each machine you want involved in the multicast. The MulticastDelay will
provide time for you to enter this on each machine:
pedownloader.exe /Dir="http://server/share/folder" /Recursive
/PreserveDir /AllowSource /AllowPeer /AllowMulticast /MulticastDelay=300
With the above example it would wait 300 seconds (5 minutes), and then begin
multicasting the files from the folder(s). It would place all of the files
in the cache directory in the same folder structure as existed on the source.
Depending on the version of PEDownloader used in your specific version of LANDESK Management Suite, you may have certain deprecated options - so please verify against your own version to ensure full accuracy.
This article covered everything that you need to get started & make use of PEDownloader.exe to help you with either troubleshooting or the occasional "one-off" operation that you may even want to script.