1. Understanding Software Deployment with Group Policy
You
use the Software Installation And Maintenance feature of IntelliMirror
to create a managed software environment with the following
characteristics:
Users have access to the applications they need to do their jobs, no matter which computer they log on to.
Computers have the required applications, without intervention from a technical support representative.
Applications can be updated, maintained, or removed to meet the needs of the organization.
The
Software Installation And Maintenance feature of IntelliMirror works in
conjunction with Group Policy and Active Directory, establishing a
Group Policy–based software management system. To deploy software by
using Group Policy, an organization must be running an Active Directory
domain, and client computers must be running Windows 2000 Professional
or later.
The following tools are provided for software deployment with Group Policy:
Software Installation extension Located in the Group Policy Object Editor console on the server, this extension is used by administrators to manage software.
Add Or Remove Programs Located in Control Panel on the client machine, this option is used by users to manage software on their own computers.
2. Software Installation Extension
The Software Installation
extension in the Group Policy Object Editor console, seen as the first
node under the Computer Configuration and User Configuration nodes, is
the key administrative tool for deploying software, allowing
administrators to centrally manage
Initial deployment of software
Upgrades, patches, and quick fixes for software
Removal of software
By
using the Software Installation extension, you can centrally manage the
installation of software on a client computer by assigning applications
to users or computers or by publishing applications for users. You assign required or mandatory software to users or to computers. You publish software that users might find useful to perform their jobs. Both assigned and published software is stored in a software distribution point (SDP),
a network location from which users are able to get the software that
they need. In Windows Server 2003, the network location can include
SDPs located in other forests in which two-way forests trusts have been
established.
Assigning Applications
When
you assign an application to a user, the application’s local registry
settings, including filename extensions, are updated and its shortcuts
are created on the Start menu or desktop, thus advertising the
availability of the application. The application advertisement follows
the user regardless of which physical computer he or she logs on to.
This application is installed the first time the user activates the
application on the computer, either by selecting the application on the
Start menu or by opening a document associated with the application.
When
you assign an application to the computer, the application is
advertised, and the installation is performed when it is safe to do
so—the installation does not wait for a user to invoke the application.
Typically, applications assigned to a computer are fully installed when
the computer starts up so that there are no processes running on the
computer that might interfere with installation.
Publishing Applications
When
you publish an application to users, the application does not appear
installed on the users’ computers. No shortcuts are visible on the
desktop or Start menu, and no updates are made to the local registry on
the users’ computers. Instead, published applications store their
advertisement attributes in Active Directory. Then, information such as
the application’s name and file associations is exposed to the users in
the Active Directory container. The application is available for the
user to install by using Add Or Remove Programs in Control Panel or by
clicking a file associated with the application (such as an .xls file
for Microsoft Excel).
The Windows Installer Service
The Software Installation extension uses the Windows Installer service
to systematically maintain software. The Windows Installer service runs
in the background and allows the operating system to manage the
installation process in accordance with the information in the Windows
Installer package. The Windows Installer package is a file containing information that describes the installed state of the application.
Because
the Windows Installer service manages the state of the installation, it
always knows the state of the software. If there is a problem during
software installation, Windows Installer can return the computer to its
last known good state. If you need to modify features after software
installation, Windows Installer allows you to do so. Because the
Software Installation extension uses Windows Installer, users can take
advantage of self-repairing applications. Windows Installer notes when
a program file is missing and immediately reinstalls the damaged or
missing files, thereby fixing the application. Finally, Windows
Installer enables you to remove the software when it is no longer
needed.
The Windows Installer service
itself is affected by settings in Group Policy. You can find these
settings in the Windows Installer node, which is located in the Windows
Components node in the Administrative Templates node, for both the
Computer Configuration and User Configuration nodes.
Windows Installer Packages
A
Windows Installer package is a file that contains explicit instructions
on the installation and removal of specific applications. You can
deploy software using the Software Installation extension by using a
Windows Installer package. There are two types of Windows Installer
packages:
Native Windows Installer package (.msi) files
These files have been developed as a part of the application and take
full advantage of Windows Installer. The author or publisher of the
software can supply a natively authored Windows Installer package.
Repackaged application (.msi) files These
files are used to repackage applications that do not have a native
Windows Installer package. Although repackaged Windows Installer
packages work the same as native Windows Installer packages, a
repackaged Windows Installer package contains a single product with all
the components and applications associated with that product installed
as a single feature. A native Windows Installer package contains a
single product with many features that can be individually installed as
separate features.
Customizing Windows Installer Packages
You can customize Windows Installer packages by using modifications, also called transforms.
The Windows Installer package format provides for customization by
allowing you to transform the original package by using authoring and
repackaging tools. Some applications also provide wizards or templates
that permit a user to create modifications.
For
example, Microsoft Office XP supplies a Custom Installation Wizard that
builds modifications. Using the Office XP Custom Installation Wizard,
you can create a modification that allows you to manage the
configuration of Office XP that is deployed to users. A modification
might be designed to accommodate Microsoft Word as a key feature,
installing it during the first installation. Less popular features,
such as revision support or document translators, could install on
first usage; other features, such as clip art, might not install at
all. You might have another modification that provides all the features
of Word and Excel but does not install Microsoft PowerPoint. In
addition, you can make modifications to customize the installation of a
Windows Installer package at the time of assignment or publication. The
exact mix of which features to install and when to install them varies
based on the audience for the application and how they use the
software. You can use the following file types to modify an existing
Windows Installer package:
Transform (.mst) files These files provide a means for customizing the installation of an application.
Patch (.msp) files
These files are used to update an existing .msi file for software
patches, service packs, and some software update files, including bug
fixes. An .msp file provides instructions about applying the updated
files and registry keys in the software patch, service pack, or
software update.
Note
You cannot deploy .mst or .msp files alone. They must modify an existing Windows Installer package. |
Application (.zap) Files
You can also deploy software using the Software Installation extension by using an application file.
Application files are text files that contain instructions about how to
publish an application, taken from an existing setup program (Setup.exe
or Install.exe). Application files use the .zap extension.
Use
.zap files when you can’t justify developing a native Windows Installer
package or repackaging the application to create a repackaged Windows
Installer package. A .zap file does not support the features of Windows
Installer. When you deploy an application by using a .zap file, the
application is installed by using its original Setup.exe or Install.exe
program. The software can only be published and users can only select
it by using Add Or Remove Programs in Control Panel. It is recommended
that you use .msi files to deploy software with Group Policy whenever
possible.
Note
For
more information on creating .zap files, see Microsoft Knowledge Base
article 231747 titled “HOW TO: Publish non-MSI Programs with .zap
Files.” |
