Group Policies contain many valuable features. In this article I am going to discuss how we can use them to install and maintain software remotely and in a Just In Time method.
The first issue in Deploying software remotely whether it is through Group Policies, Microsoft SMS, or any other deployment program is creating the Install Package. This package contains the answers to all the questions that you would get if you were sitting in front of the computer. The nice part of the Installation Package you create for Group Policy Object (GPO) deployment is that they are not just limited to GPO. The packaging program (WinInstall LE) creates the package as a MSI or Microsoft Installer program. That style of program can be deployed via GPO, Microsoft SMS, or via "SneakerNet".
Creating the Initial Package is very easy to do as long as you follow these points.
Create your package on a clean install of Windows 2000. Just install the OS and WinInstall LE (found in the valueadd\3rdparty\mgmt\winstle directory on the Windows 2000 Server CD).
One program per package. Do not try to create a package that will install every piece of software your company uses because that is just asking for trouble.
Once you have your clean machine setup run the WinInstall program (DISCOZ.EXE) and select create a new image.
Type the name of the application as you want it to appear up to 40 Characters.
Type the name and path of a Windows Installer package (without the .msi extension) to store information about the installation. The path should be on your file server.
- Enter a drive letter where WinInstall can store its temporary work files, preferably a local drive. You need a minimum of 250 megabytes of space available. WinInstall creates a temporary working directory, \DISCOVER.WRK, and will delete it after the process is completed.
- Select a drive that Discover will scan for changes. This is the drive containing the application you want to package. You must choose one drive, but it is important to select only the drive(s) where actual changes will occur as it will take longer the more stuff there is to scan. The Windows directory will automatically be scanned for the WIN INI and System INI changes, even if it is not located on the drive selected.
- Click next at the screen that asks you about file and directory exclusions.
You will then run through the programs installation.
Once the Installation is finished and you have rebooted if necessary (depends on the program), run the program to make sure it is installed correctly and make any layout changes you want.
Run DISCOZ.EXE again and select complete the previous image.
WinInstall will again scan your computer and record what has changed since your previous run (before the install) and create your MSI Package.
Once that is finished find another Windows 2000 Computer and install your newly created MSI package and test it to make sure there were no problems
Assuming there are no problems found above you are
ready to continue on and deploy your program to the end
There are Two different methods for Deploying your MSI package via GPO's, and there are Two different places you can deploy them. I am assuming you know how to create GPO's otherwise check out the following article: Group Policy Structures.
The first place you can deploy your programs to is the User section of the GPO under Software Settings/Software Installation. These programs will be deployed to the users in the selected Organization Unit or Domain, regardless of what computer they are logged on to. These packages are available to the user immediately as long as you are using an existing GPO. If you are creating a new GPO then the user need to log off before the program will be available to them.
The Second Place is the Computer section of the GPO under Software Settings/Software Installation. These programs are deployed to the computers in that OU/Domain and are applied only at bootup.
The First method of Installation is Assigned. Assigned packages create an Icon in the start menu which will install the program when you click on it. They also will install the application when you open a document with the correct extension that requires the new program. For Example if you are Assigning Adobe Acrobat Reader and the user clicks on a .PDF file it will install Adobe and then open that file.
The Second method is Published. Published packages show up in Add/Remove Programs under Add New program and are installed from there. You can also let it be installed when the user opens a document with the correct extension like Assigned Programs. You can only publish applications to Users and not to Computers.
Microsoft's Definition of the two Installation Methods.
- Publish. Administrators publish applications that users may find useful, allowing users to decide whether to install the application. You can only publish to users, not computers.
- Assign. Administrators assign applications that users require to perform their jobs. Assigned applications are available on users' desktops automatically.
Obviously it depends on what you are installing as to where and how you should do the installation. I will provide some examples in Practical Deployments.
To set up a package right click on Software Installation and select new/package. You will then have to find the MSI File to you want to install.
The next question is whether you want to publish or assign the application. I usually select the advanced tab so I can customize the installation. NOTE: if you are working in the computer section Publish is greyed out.
In the Advanced Tab you can decide whether to publish or assign, whether or not to autoinstall based on file extension, What existing package this upgrades, and if it is a mandatory upgrade, and what to do if you remove the install package.
Once you click on OK the package is done and ready for use. The last step I do is logging on and applying the package to test it out.
I hope this helps you in using Windows 2000 Group Policies to deploy and upgrade your software. For Upgrades, when you get a new program just create a new package and define it as a mandatory upgrade for the existing package.
One other major point in favor of using Group Policies to deploy software is that if any file used by your program gets deleted or is corrupt it will be repaired the next time you run the program which will save on calls to the HelpDesk.