PlayUKlottery.com - win up to 42 million Pounds
Lesson 2: Deploying Software

Cover
LOC Page
About This Book
Chapter and Appendix Overview
Getting Started
The Microsoft Certified Professional Program
Technical Support
Chapter 1 -- The Microsoft Windows 2000 Platform
Lesson 1: Overview of the Windows 2000 Platform
Lesson 2: Windows 2000 Professional
Lesson 3: Windows 2000 Server
Lesson 4: Windows 2000 Advanced Server and Windows 2000 Datacenter Server
Review
Chapter 2 -- Installing Windows 2000
Lesson 1: Preparing to Install
Lesson 2: Installing Windows 2000 from a CD-ROM
Lesson 3: Installing Windows 2000 over the Network
Lesson 4: Troubleshooting Windows 2000 Setup
Review
Chapter 3 -- Configuring the DNS Service
Lesson 1: Understanding DNS
Lesson 2: Resolving Names
Lesson 3: Installing the DNS Service
Lesson 4: Configuring the DNS Service
Lesson 5: Configuring a DNS Client
Lesson 6: Troubleshooting the DNS Service
Review
Chapter 4 -- Implementing Active Directory Directory Services
Lesson 1: Introduction to Active Directory Directory Services
Lesson 2: Active Directory Structure and Site Replication
Lesson 3: Active Directory Concepts
Lesson 4: Introduction to Planning
Lesson 5: Installing Active Directory Directory Services
Lesson 6: Configuring Active Directory Replication
Review
Chapter 5 -- Administering Active Directory Directory Services
Lesson 1: Creating Organizational Units
Lesson 2: Creating User and Computer Accounts
Lesson 3: Managing Groups
Lesson 4: Controlling Access to Active Directory Objects
Review
Chapter 6 -- Managing Desktop Environments with Group Policy
Lesson 1: Understanding Group Policy
Lesson 2: Applying Group Policy
Lesson 3: Configuring Group Policy
Review
Chapter 7 -- Managing Software by Using Group Policy
Lesson 1: Introducing the Software Installation and Maintenance Technology
Lesson 2: Deploying Software
Lesson 3: Upgrading Software
Lesson 4: Managing Software
Review
Chapter 8 -- Managing File Resources
Lesson 1: Sharing and Publishing File Resources
Lesson 2: Administering Shared Folders by Using Dfs
Lesson 3: Using NTFS Special Access Permissions
Lesson 4: Managing Disk Quotas on NTFS Volumes
Lesson 5: Increasing Security with EFS
Lesson 6: Using Disk Defragmenter
Review
Chapter 9 -- Configuring Remote Access
Lesson 1: Understanding the New Authentication Protocols in Windows 2000
Lesson 2: Configuring Inbound Connections
Lesson 3: Configuring Outbound Connections
Lesson 4: Examining Remote Access Policies
Lesson 5: Creating a Remote Access Policy
Review
Chapter 10 -- Supporting DHCP and WINS
Lesson 1: New DHCP Functionality
Lesson 2: New WINS Functionality
Review
Chapter 11 -- Managing Disks
Lesson 1: Introduction to Disk Management
Lesson 2: Common Disk Management Tasks
Review
Chapter 12 -- Implementing Disaster Protection
Lesson 1: Using Fault-Tolerant Volumes
Lesson 2: Using Advanced Startup Options
Lesson 3: Using the Recovery Console
Lesson 4: Using the Backup Utility
Lesson 5: Performing an Emergency Repair
Review
Chapter 13 -- Upgrading a Network to Windows 2000
Lesson 1: Planning a Network Upgrade
Lesson 2: Establishing the Root Domain
Lesson 3: Upgrading Domain Controllers and Member Servers
Lesson 4: Upgrading Client Operating Systems
Review
Chapter 14 -- Using Remote Installation Services
Lesson 1: Performing Remote Installations
Lesson 2: Creating Distribution Servers
Review
Appendix A -- Questions and Answers
Appendix B -- Creating Setup Disks
About This Electronic Book
About Microsoft Press


[Previous] [Next]

Lesson 2: Deploying Software

In the past, deploying software required considerable time and effort. A technician had to visit each computer and perform the installation. Whenever the organization changed its software policy or the job responsibilities for a user, a technician had to provide the user with a revised set of applications. If a user did something to render a program inoperable, a technician had to visit the computer to make repairs.

The Software Installation and Maintenance technology helps to solve these problems by enabling software to be deployed and managed remotely. This is achieved by using the Software Installation node, which is an extension to Group Policy.

After this lesson, you will be able to

  • Explain how to deploy software using Software Installation group policies.

Estimated lesson time: 30 minutes

Deploying New Applications

Deploying a new application involves a number of steps. These steps include acquiring the Windows Installer package file and placing the package and any related installation files in a shared folder on your network. The package file will be the .MSI file used by the Windows Installer. The related installation files are the application files that will be installed on the local hard disk. Once you have set up a shared folder on your network that contains the package and the required installation files, use the Active Directory Users and Computers tool to specify deployment options in one or more GPOs. To deploy a new application, you would do the following:

  1. In Active Directory Users And Computers, right-click the OU and then click Properties.

  2. In the OU's Properties dialog box, click the Group Policy tab, select a policy, and then click Edit.

  3. In the new Group Policy window, double-click either Computer Configuration (if you want to deploy the application to a computer) or User Configuration (if you want to deploy the application to a user).

  4. Double-click Software Settings.

  5. Right-click Software Installation (see Figure 7.1), point to New, and then click Package.

    6. The Open dialog box appears.

  6. Locate the package file, and then click Open.

    7. The Deploy Software dialog box appears.

  7. Select a deployment method and then click OK.

Click to view at full size.

Figure 7.1 Displaying and selecting the Software Installation node in Group Policy

NOTE
You can assign, publish, or disable an application using Software Installation defaults. Or you can select Configure Package Properties to bring up the package file's Properties dialog box, which allows you to set additional options for deployment.

Using Gradual Deployment

As with any new software installation, it is a good idea to start off slowly and do some testing before you deploy the software to the entire organization. To reduce the risk of deploying package files that do not work or do not meet your organization's needs, it is a good idea to deploy them gradually. It is best to ensure that a package file will install properly before releasing an application to the entire organization. Because application deployments are GPOs, you can use Group Policy to limit your deployment to particular groups.

When you create an application deployment GPO, there are several things you should do:

  1. Remove the Apply Group Policy permission for the Authenticated User group; be sure to remove the permission, but do not deny permission. If you do not remove this permission, the GPO will automatically be applied to all authenticated users in the Active Directory container.

  2. Create a security group, for example Pilot Test1, and give this group the Read and Apply Group Policy permissions.

  3. Apply the group policy, and make sure the Pilot Test1 group can install the software without any problem.

  4. If they can, you can then reinstate the Apply Group Policy permission for the Authenticated User group. This will enable installation for all members of the Active Directory container.

Assigning Software Packages

Software is usually assigned when an application is required for a user to do his or her job. For example, you might assign Excel to the accounting group because accountants need this program to do their work. By assigning a software package to a user or group of users, you ensure that

  • The application will always be available to the user, even if he or she logs on from a different computer. If the user logs on to a computer that does not have Excel, Excel will be installed when the user activates the program.

  • The application will be resilient. If the software is deleted for any reason, it will be reinstalled the next time the user logs on and activates the program.

Assigning Software to Users

When you assign an application to a user, the program is advertised when the user logs on, but installation does not take place until the first time the user starts the application. The user can start the application and start the installation of the application by selecting it from the Start menu or by double-clicking an icon or a file type associated with the application (document invocation). If the user does not activate the program using one of these methods, the application will not be installed, which saves hard disk space and administrative load.

By initially only advertising applications, you can minimize the impact on the local hard disk while keeping applications available to the user at all times. For example, if a user logs on to another computer to briefly check her e-mail, you probably don't want all of the applications associated with her account to be installed on the computer that she is using just to check her e-mail. To assign an application to users, you would do the following:

  1. Log on as Administrator and start the Active Directory Users and Computers tool.

  2. Expand the domain containing the users to whom you want to assign an application.

  3. If no GPO exists, right-click the OU containing the users; click Properties; and on the Group Policy tab, click the New button, type the name for the GPO, and then press Enter.

    4. The new GPO will appear in the list of Group Policy Object Links.

  4. Select the appropriate GPO, and then click the Edit button.

  5. Expand User Configuration, expand the Software Settings node, and then click the Software Installation node.

  6. Right-click the Software Installation node, point to New, and then click Package.

  7. In the File Name box, type the appropriate path to the package, and then click Open.

  8. In the Deploy Software dialog box, click Assigned, and then click OK.

    9. The deployed application will appear in the list of deployed applications.

Assigning Software to Computers

By assigning a software package to a computer, you ensure that certain applications will be available on that computer regardless of who is using it. For example, a classroom used for Microsoft Office 2000 training would require Office 2000 installations on all of the computers. In cases like this, you would create the GPO under Computer Configuration rather than User Configuration.

When you assign an application to a computer, the software is installed automatically; typically software installation occurs when the computer is turned on.

NOTE
When in doubt as to whether to assign an application to users or to computers, assign it to users. For example, sometimes you are hesitant about installing an application because you don't know if the user will actually use the program. In this case, it would be best to assign the application to the user. The application is advertised, but no files are copied and hard disk space is not wasted. If the user never starts the program, the adaptive menus in Windows 2000 will eventually hide the Start menu shortcuts, helping to reduce Start menu clutter and complexity.

The steps for assigning an application to computers is almost identical to the steps for assigning an application to users. To assign an application to computers, perform the steps for assigning an application to users and in step 5 expand Computer Configuration instead of expanding User Configuration.

Publishing Software Packages

When an application is published to a user, it is not installed. The advertisement is stored in Active Directory directory services, so the software is readily available. A user can install the application in one of two ways: by using Add/Remove Programs or by using document invocation.

Using Add/Remove Programs

As in previous versions of Windows, you start Control Panel and double-click the Add/Remove Programs icon. When you click Add New Programs, the set of programs available to you is displayed. You can then select the desired program and install the software. Many organizations set up shared folders, place the Setup files there, and allow users to connect to the network to install software themselves.

The new version of Add/Remove Programs includes the following improvements:

  • Provides friendly names for installation. Users see names like Microsoft Office 97 rather than names like \\Server1\Msofc97\Setup.exe.

  • Centralizes distribution. Users can install all of their software using Add/Remove Programs without having to know the network locations for each Setup file.

  • Uses Windows Installer package files. Windows Installer allows setup to be done with minimal user intervention.

  • Respects the access permissions placed on a package file. If a user has permission to install Word and Excel, but not Microsoft PowerPoint, then only Word and Excel will appear in Add/Remove Programs.

Using Document Invocation

In Windows 2000, if a user double-clicks an unknown file type, the following steps take place:

  1. The computer sends a query to Active Directory directory services to see if there are any applications associated with the file extension.

  2. If Active Directory directory services contain such an application, the computer then checks to see if this application has either been published or assigned to the user.

  3. If the application has been published or assigned to the user, the computer then checks to see if the application is set for Auto-Install This Application By File Extension Activation (which allows it to be installed automatically through document invocation).

  4. If the administrator has set the application to Auto-Install, the application is installed.

Publishing Applications vs. Assigning Applications

In order to use Software Installation properly, it is important to understand the differences between publishing and assigning an application. The differences between published and assigned applications are as follows:

  • Published applications are not advertised. There is no obvious way of knowing that a published application is available without starting Add/Remove Programs or double-clicking an unknown file type.

  • Published applications are not resilient. If a published application is deleted, it will not automatically reinstall itself the next time a user logs on.

  • Applications can only be published to users, not computers.

Using .ZAP Files

Software Installation normally works only with Windows Installer package files. However, you can get around this requirement by creating a text file, known as a .ZAP file, that provides instructions for deploying the application. You should only use .ZAP files to publish applications when it is not feasible to use repackaging software to repackage an application and when a Windows Installer package file from a software vendor is unavailable.

A .ZAP file is a text file that can be parsed and executed by Software Installation. These files allow you to publish non-Windows Installer applications with the following limitations:

  • The applications cannot be assigned to either users or computers. They can only be published.

  • The applications do not automatically repair themselves when key files have been deleted or become corrupted. Instead, the application will invoke and rerun its setup program any time it is unable to start.

  • The applications are rarely able to install without user intervention. These applications run the software's original setup program, and few of these programs support an unattended installation.

  • The applications do not have the ability to install with elevated privileges. If you intend to deploy .ZAP files, users must have permission to install software on their local computers. Native package files install using the privileges assigned to the Windows Installer. This allows package files to be installed on computers regardless of the user's privileges. In other words, security is based on the GPO that deployed the application rather than on the individual user's security rights.

A .ZAP file can be created with Notepad or any other text editor. The file itself has two primary sections: the Application section [Application] and the File Extensions section [Ext].

Application Section

The Application section includes information on how to install the program in addition to information that will be displayed to users in Software Installation and in Add/Remove Programs. Your .ZAP file must include the FriendlyName and SetupCommand tags. All other tags within this section are optional. Optional tags add information about the program to Software Installation and Add/ Remove Programs. The tags in the following example are explained in Table 7.1.

[Application]
FriendlyName = Microsoft Office 97
SetupCommand = setup.exe /unattend
DisplayVersion = 8.0
Publisher = Microsoft
URL = http://www.microsoft.com/office

Table 7.1 Application Section Tags

Tag Comment
FriendlyName The name that will be used in Software Installation and in Add/Remove Programs. Friendly names should be in the format of Microsoft Office 97, not executable file names like Setup.exe.
SetupCommand The command used to install the application. The path should be relative to the .ZAP file. If the setup command is in the same folder as the .ZAP file, you only need to list the setup executable file name (for example, Setup.exe).
DisplayVersion The version number of the program, as shown in Software Installation and in Add/Remove Programs.
Publisher The publisher of the application, as shown in Software Installation and in Add/Remove Programs.
URL The URL shown in Software Installation and in Add/Remove Programs. This should be a Web page that contains additional information about the application.

File Extension Section

The File Extensions section is optional. Include this section to associate the application with the file extensions saved in Active Directory directory services. To add this section, type the [Ext] heading, followed by a list of file extensions associated with the application (you do not have to type the period before the extension):

     [Ext]
     DOC=
     DOT=

When an application is deployed with the .ZAP file, the contents of the .ZAP file will be parsed, and the application and its associated file extensions will be added to Active Directory directory services.

Performing Software Modifications

The various departments in your organization will use applications in different ways, and they might need customizations or options available when the application is deployed. For example, an international organization would like to deploy Word 2000 but there are large segments of the organization that require localized dictionaries. Rather than requiring local administrators to manually configure their users' computers with the local dictionary, you can use software modifications, or .MST files, to simultaneously deploy several different configurations of one application.

You create a separate GPO for each OU needing a different modification of the application. For example, you would create a Software Installation GPO in the Paris OU and apply a modification to it that installs the French dictionary. You would also create a GPO in the Bonn OU and apply the .MST file that installs the German dictionary.

NOTE
You can add and remove modifications only during deployment of a package, not after the deployment has occurred.

To add modifications to an application package, you would do the following:

  1. While you are adding a new package to a GPO or before the package has been deployed, click the Modifications tab in the application package's Properties dialog box.

  2. On the Modifications tab, click Add and in the Open dialog box, select the path and filename of the modification file (.MST).

  3. To complete the process, click Open, and then click OK.

You can add multiple modifications. The modifications are applied according to the order you specify in the Modifications list. You can arrange the order of the modifications in the list by selecting a modification from the list and using the Move Up button or the Move Down button.

Lesson Summary

The Software Installation and Maintenance technology helps reduce your total cost of ownership (TCO) by enabling software to be deployed and managed remotely. This is achieved by using Software Installation, which is an extension to Group Policy. To deploy a new application you must acquire the Windows Installer package file, and place the package and any related installation files in a shared folder on your network. The package file will be the .MSI file used by the Windows Installer. After you set up a shared folder containing the package and the required installation files, you use the Active Directory Users and Computers tool to specify deployment options in one or more GPOs.

When you deploy an application, you can assign it or publish it. Software is usually assigned when an application is required for a user to do his or her job. By assigning a software package to a user or group of users, you ensure that the application will always be available to the user, even if he or she logs on from a different computer. The application will also be resilient, so that if the software is deleted for any reason, it will be reinstalled the next time the user logs on and activates the program.

When you assign an application to a user, the program is advertised when the user logs on, but installation does not take place until the first time the user starts the application. The user can start the application from the Start menu or by double-clicking an icon or a file type associated with the application (document invocation). If the user does not activate the program using one of these methods, the application will not be installed, which saves hard disk space and administrative load. By assigning a software package to a computer, you ensure that certain applications will be available on that computer regardless of who is using it. When you assign an application to a computer, no advertising takes place. Instead, when the computer is turned on, the software is installed automatically.

Software Installation normally works only with Windows Installer package files. However, you can create a text file (known as a .ZAP file) that provides instructions for deploying the application. You should only use .ZAP files to publish applications when it is not feasible to use repackaging software to repackage an application and when a Windows Installer package file from a software vendor is unavailable. A .ZAP file cannot be assigned to either users or computers. A .ZAP file can only be published.