Learn AD in 15 Minutes a Week: Windows 2000 Server Software Management Tools

Thursday Jul 18th 2002 by ServerWatch Staff
Share:

Jason Zandri's latest article in the Learn Active Directory Design and Administration in 15 Minutes a Week covers some of the Windows 2000 Server Software Management Tools for handling the deployment and management of software through Group Policy.

by Jason Zandri
www.2000trainers.com

Welcome to the tenth installment of Learn Active Directory Design and Administration in 15 Minutes a Week, a weekly series aimed at current IT professionals preparing to write the new Windows Active Directory Design and Administration exams (70-219 and 70-217 respectively), as well as newcomers to the field who are trying to get a solid grasp on this new and emerging directory service from Microsoft. This installment is going to cover some of the Windows 2000 Server Software Management Tools for handling the deployment and management of software through Group Policy. This week is going to focus on Software Installation Mechanics and assigning and publishing software to users and computers.


Software Installation Extension

System Administrators can use Software Installation and Active Directory Group Policy to centrally manage their networks initial deployment of software, all of its upgrades, patches, and quick fixes for the deployed software. You can update a version of the software, replace it and even totally remove it from systems using Software Installation and Active Directory Group Policy.


Assigning Applications

Software Installation settings allow you to ASSIGN software to users or to computers. When applications are assigned to users they are advertised to the user the next time he or she logs on to a workstation, regardless of which workstation that user logs in to because the software is assigned to their account. The assigned application is installed on the system the first time the user activates the application on the computer (e.g. selecting the ICON from the Start Menu, desktop or Quick Launch Menu) or by attempting to access a file associated with the application to be installed by assignment (e.g. double clicking on a spreadsheet would cause Excel to be installed due to assignment if it wasnt present on the system).

When you ASSIGN an application to a computer, the application is advertised to the local system, and the installation begins when the computer is first powered up by default.


Publishing Applications

Software Installation settings allow you to PUBLISH applications to users only. Computers cannot have applications published to them. When applications are published to users, the application shortcuts are not available on the Start Menu, desktop or Quick Launch Menu by default. The published application is available for users to install using Add/Remove Programs in Control Panel or by attempting to access a file associated with the application (e.g. double clicking on a spreadsheet would cause Excel to be installed if it wasnt present on the system.)


Software Installation Mechanics

Software Installation uses the Windows Installer, an operating system service that installs, modifies, and removes system software using information in the Windows Installer package.  Windows Installer packages are information databases that describe the installed state of a given application.

It is the Windows Installer that uses the information in those packages to detect and self-repair applications when certain program files are deleted or damaged.  

Developers and Software writers produce the Windows Installer packages (.MSI files) to work in conjunction with their software. Some applications, mostly older, but a few more recent ones as well, are not shipped with Windows Installer packages, which can be an issue because you can only deploy software using the Software Installation extension if:

  • Native Windows Installer packages (.MSI files) are developed as a part of the application.
  • Repackaged applications (.MSI files) can be used in the situation where you do not have a native Windows Installer package.
  • An existing setup (SETUP.EXE) program packaged as part of .ZAP files installs the application by using the original SETUP.EXE program.  

Customization of software installations (transforms) allow you to add or subtract options and configurations for a software installation. When modifications are made to customize the installation of a Windows Installer package, they are saved with the .MST file extension. Other files you may encounter during Software Installation are:

  • Patch (.MSP) files are used for bug fixes, service packs, service releases, etc.
  • Application assignment scripts (.AAS files) hold the advertisement information about the application configuration.

When planning a software installation, some of the key things you are going to want to remember and consider are that you are going to want to look over your networks software requirements and create OUs based on software management needs to assist you in figuring out how you want to deploy your applications using Group Policy.

Run a series of tests on all of the Windows Installer packages, transform files and patch files to root out as many bugs in the process and as many issues as possible before putting together a pilot test.

Once your testing is done, you can create a pilot deployment to test how you want to assign or publish software to users or computers and then assemble key people from across your rollout area (the entire Enterprise if you are going globally with it) so that they can provide feedback to you on your design, deployment, etc.

Whenever possible, deploy multiple applications with a single GPO. This allows the Administrators the ability to create and manage a single GPO rather than multiple GPOs. The logon process is faster because a single GPO deploying multiple applications processes faster than multiple GPOs each deploying a single application. This is executed best in situations where users share the same core set of applications; for example, Microsoft Office and an Anti-Virus suite.

Best practices dictate that you should publish or assign any single application only once in the same GPO or a series of GPOs that might apply to a single user or computer because it will make it easier it to determine which GPO is the mitigating instance of the software as it applies to the user or computer.

Software licensing is handled separately from this deployment process, and it is still up to the network Administration team to assess the number of users who have the software installed via Group Policy against the number of licenses you have available.


Software Distribution Points

Software Distribution Points are network locations where the software is located so that when users or systems have software published or assigned through group policy, they can access it from these locations.

Software Distribution Points are created when you set up distribution folders on a network file server and share them out (\\<SERVERNAME>\<SHARENAME>). Once this is done, you can copy all of the applicable software and software packages, any modifications, and any other necessary files, to the SDP.

The maximum permission needed so that users and computers can access and install the software is READ, and this is the maximum than should be set for regular users.


Setting Permissions

Permissions settings for software installation pertain only to the application installation process itself.

This is done by opening the GPO and going to either the Computer or User Configuration section, depending on where it is located. From here you would go to the Software Installation node under Software Settings and right-click the application in the details pane (right hand side) where you want to specify software installation permissions, and then click Properties to get to the property page.



In the Security tab of the application's Properties dialog box, click on whichever security group you need to in order to set permissions.

The maximum permission needed so that users and computers can access and install the software is READ/ALLOW, and this is the maximum than should be set for authenticated users.




Software Installation and Maintenance

GPOs can be configured from the General tab of the Software Installation Properties dialog box, with specific settings that affect the installation, maintenance and any subsequent removal of Group Policy deployed applications.

To do this the Administrator would open the Group Policy snap-in and open the Software Settings in Computer or User Configuration section. (This would depend on whether it was a Computer or User deployment.)



Then, you would right-click the Software Installation node and select Properties, which would bring you to the Software Installation Properties dialog box, shown below.



 

In the General tab of the Software Installation Properties dialog box, you would enter the path to the Software Distribution Point for any necessary MSI files in the Default Package Location box. If you don't know the full path, you can use the Browse button.

Directly below the Default Package Location field is the New Packages section of the Software installation Properties. Here you will need to select one of the following options:

  • Display The Deploy Software Dialog Box to specify that when you add a new package, the Deploy Software dialog box will display, allowing you to assign, publish, or configure package properties.

  • Publish is used to specify that when a new package is added it is to be published with standard package properties. Packages can only be published to users, not computers, and this is why under the Computer Configuration node of the Group Policy snap-in the Publish option is grayed out.

  • Assign is used to specify that when you add a new package it is to be assigned with standard package properties. Packages can be assigned to both users and computers.

  • Advanced Published Or Assigned is used to specify that when you add a new package, the Configure Package Properties form should appear.

In the Installation User Interface Options section you will need to select one of the following:

  • Basic to provide only a basic display of the install process.

  • Maximum to provide all installation messages and screens during the package installation.

Check the "Uninstall The Applications When They Fall Out Of The Scope Of Management" check box to specify that the software should be removed when the GPO no longer applies to users or computers.

Click OK to close out the properties sheet.


Well, that wraps up this section of Learn Active Directory Design and Administration in 15 Minutes a Week covering Windows 2000 Server Software Management Tools for handling the deployment and management of software through Group Policy. I hope you found it informative and will return for the next installment. Next week is going to focus on Deploying Software and Software Maintenance.

If you have any questions, comments or even constructive criticism, please feel free to drop me a note.

I want to write good, solid technical articles that appeal to a large range of readers and skill levels and I can only be sure of that through your feedback.

Until then, best of luck in your studies and remember,


"I still have yet to figure out what happened to Preparations A through G."


Jason Zandri
Jason@Zandri.net

www.2000trainers.com

Share:
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved