System Center Configuration Manager 2007 : Creating Packages (part 2) - Comparing GPO-based Software Distribution to ConfigMgr Software Distribution

2. Comparing GPO-based Software Distribution to ConfigMgr Software Distribution

Active Directory provides a significant amount of functionality through group policy, including the ability to distribute software. A commonly asked question by organizations using group policy for software deployment is, What are the benefits in using ConfigMgr for software distribution versus using group policy?

Several functions are more robust with ConfigMgr software distribution:

• More granular targeting— Group policy enables targeting software distribution to specific sites, domains, and Organizational Units (OUs). You can further target this software by filtering it to Active Directory security groups.

  ConfigMgr can be even more granular in its targeting by using collections, which can also use queries.
  

Software Distribution with Collections Versus Group Policy It is easy to say using collections provides more granular targeting, but how specifically is targeting more granular with collections instead of using software distribution through group policy? For starters, what type of targeting can you do with group policy? Although you can define a group policy to apply to many different areas, in terms of software distribution and targeting, the policy typically is applied at an OU level. Software distributed through group policy can be either assigned (mandatory) or published (available for installation). An OU can contain either users or computers. This provides an effective way to distribute software to a specific targeted set of computers or users. Sounds powerful, doesn’t it? Okay, so what’s different from that with ConfigMgr? For starters, think about what a collection is and how it is used. A collection is a custom grouping of systems (or a grouping of users) based on criteria you define. To match group policy, you can actually create a collection based on an Organizational Unit. You can also define a collection based on the name of a server (or use wildcards), or a system that has a particular software package installed on it, or a system without a particular software package installed. You can define collections based on hardware—does it have adequate free disk space? Does it meet the processor or operating system requirements to allow installation of the program? The real power of ConfigMgr targeting is in the definition of a collection. You can define a collection based on just about any information gathered by ConfigMgr, which is extremely diverse. This includes software inventory, hardware inventory, information in Active Directory Users or Computers, and even custom information such as the existence of a particular Registry key! You can also use collections to schedule when software is deployed, based on maintenance windows defined for the collection. ConfigMgr can even control when to reboot systems after deploying software that requires a reboot. Consider a client environment with collections built based on a custom Registry key containing the criticality level (tier) of the server, which is then used to define a collection used as part of defining maintenance periods. This means that with a collection you can target anything you can target with a group policy object, and go far beyond that based on what is necessary for a particular environment.

• Better tracking— Although group policy allows you to check software distributed with a variety of tools, including the RSoP (Resultant Set of Policy), tracking deployed software is somewhat limited. Using ConfigMgr, you can easily track the status of the software being deployed using either the system status within the ConfigMgr console .
  

• Network impact— Group policy software distribution occurs at system startup or user logon, thus increasing the likelihood that multiple software packages are deployed within a site at the same time. ConfigMgr can schedule software for deployment in a variety of methods, and use BITS (Background Intelligent Transfer Service), fan-out distribution, and compression between sites. These capabilities minimize the impact of software distribution and reduce bandwidth requirements.

• Robust packaging options— Software distribution using group policy is generally restricted to MSI software packages. You can deploy non-MSI files with group policy, but they are deployed as voluntary applications—rather than mandatory software distributed to the user. ConfigMgr provides the ability to install any software format, including MSIs, EXE files, batch scripts, Visual Basic (VB) scripts, and others. You can even create a package that just executes a set of command lines.

If you currently use group policy to distribute software, how do you migrate to ConfigMgr for your software distribution requirements? The following steps are suggested:

1.	Package in ConfigMgr distribution format the software currently deployed through group policy. The majority of software deployed via GPOs uses an MSI file, which easily integrates with ConfigMgr .
2.	Target the software, pushing it only to those systems or users that were targets of the GPO software distribution.
3.	Once the functionality provided with GPO software distribution is available using ConfigMgr software distribution, shut down your GPO software distribution functionality.