PlayUKlottery.com - win up to 42 million Pounds
Lesson 4: Managing Software

Cover
LOC Page
About This Book
Chapter and Appendix Overview
Getting Started
The Microsoft Certified Professional Program
Technical Support
Chapter 1 -- The Microsoft Windows 2000 Platform
Lesson 1: Overview of the Windows 2000 Platform
Lesson 2: Windows 2000 Professional
Lesson 3: Windows 2000 Server
Lesson 4: Windows 2000 Advanced Server and Windows 2000 Datacenter Server
Review
Chapter 2 -- Installing Windows 2000
Lesson 1: Preparing to Install
Lesson 2: Installing Windows 2000 from a CD-ROM
Lesson 3: Installing Windows 2000 over the Network
Lesson 4: Troubleshooting Windows 2000 Setup
Review
Chapter 3 -- Configuring the DNS Service
Lesson 1: Understanding DNS
Lesson 2: Resolving Names
Lesson 3: Installing the DNS Service
Lesson 4: Configuring the DNS Service
Lesson 5: Configuring a DNS Client
Lesson 6: Troubleshooting the DNS Service
Review
Chapter 4 -- Implementing Active Directory Directory Services
Lesson 1: Introduction to Active Directory Directory Services
Lesson 2: Active Directory Structure and Site Replication
Lesson 3: Active Directory Concepts
Lesson 4: Introduction to Planning
Lesson 5: Installing Active Directory Directory Services
Lesson 6: Configuring Active Directory Replication
Review
Chapter 5 -- Administering Active Directory Directory Services
Lesson 1: Creating Organizational Units
Lesson 2: Creating User and Computer Accounts
Lesson 3: Managing Groups
Lesson 4: Controlling Access to Active Directory Objects
Review
Chapter 6 -- Managing Desktop Environments with Group Policy
Lesson 1: Understanding Group Policy
Lesson 2: Applying Group Policy
Lesson 3: Configuring Group Policy
Review
Chapter 7 -- Managing Software by Using Group Policy
Lesson 1: Introducing the Software Installation and Maintenance Technology
Lesson 2: Deploying Software
Lesson 3: Upgrading Software
Lesson 4: Managing Software
Review
Chapter 8 -- Managing File Resources
Lesson 1: Sharing and Publishing File Resources
Lesson 2: Administering Shared Folders by Using Dfs
Lesson 3: Using NTFS Special Access Permissions
Lesson 4: Managing Disk Quotas on NTFS Volumes
Lesson 5: Increasing Security with EFS
Lesson 6: Using Disk Defragmenter
Review
Chapter 9 -- Configuring Remote Access
Lesson 1: Understanding the New Authentication Protocols in Windows 2000
Lesson 2: Configuring Inbound Connections
Lesson 3: Configuring Outbound Connections
Lesson 4: Examining Remote Access Policies
Lesson 5: Creating a Remote Access Policy
Review
Chapter 10 -- Supporting DHCP and WINS
Lesson 1: New DHCP Functionality
Lesson 2: New WINS Functionality
Review
Chapter 11 -- Managing Disks
Lesson 1: Introduction to Disk Management
Lesson 2: Common Disk Management Tasks
Review
Chapter 12 -- Implementing Disaster Protection
Lesson 1: Using Fault-Tolerant Volumes
Lesson 2: Using Advanced Startup Options
Lesson 3: Using the Recovery Console
Lesson 4: Using the Backup Utility
Lesson 5: Performing an Emergency Repair
Review
Chapter 13 -- Upgrading a Network to Windows 2000
Lesson 1: Planning a Network Upgrade
Lesson 2: Establishing the Root Domain
Lesson 3: Upgrading Domain Controllers and Member Servers
Lesson 4: Upgrading Client Operating Systems
Review
Chapter 14 -- Using Remote Installation Services
Lesson 1: Performing Remote Installations
Lesson 2: Creating Distribution Servers
Review
Appendix A -- Questions and Answers
Appendix B -- Creating Setup Disks
About This Electronic Book
About Microsoft Press


[Previous] [Next]

Lesson 4: Managing Software

Without the management controls built into Software Installation, the value of having users automatically install software would have to be weighed against potential software installation hazards. Those hazards could include the following:

  • Users encountering new file extensions (such as .GIF) that could install a number of different applications (such as Adobe Photoshop or Microsoft Internet Explorer)

  • Users installing every program listed in Add/Remove Programs, whether they actually needed the programs or not

  • Users being reassigned to positions that precluded the use of software that was installed for use only in their previous positions

To address these problems, Software Installation includes a number of options for managing software after it has been deployed. In particular, administrators have the ability to do the following:

  • Associate file extensions with applications

  • Prevent software from being installed through document invocation

  • Control the programs listed in Add/Remove Programs in Control Panel

  • Categorize programs listed in Add/Remove Programs in Control Panel

  • Automatically uninstall software whenever a GPO no longer applies to an individual user

After this lesson, you will be able to

  • Explain how to manage software using Software Installation group policies by configuring deployment options, managing file extension associations, and assigning software categories.

Estimated lesson time: 30 minutes

Associating File Extensions with Applications

Active Directory directory services include a list of file extensions and the applications associated with those extensions. This is the list used by the Windows Installer whenever a user double-clicks an unknown file type. System administrators cannot dictate the contents of this list, but they can determine the priority for installing applications upon document invocation.

For example, your organization could deploy Word 97, Word 2000, and Lotus Word Pro. Each word processor might be preferred in a different department, but all three of these programs use the .DOC file extension. You need to adjust the file extension priorities for each department so that users always receive the correct word processor.

To modify file extension priorities, open the GPO used to deploy the application. Expand User Configuration, right-click Software Installation, and then click Properties. In the Software Installation Properties dialog box, select the File Extensions tab and use the Up button and the Down button to set the priority order. The first application listed will be the first application installed. Application associations are managed on a per-GPO basis. Changing the priority order in a GPO affects only those users who have that GPO applied to them.

NOTE
You can only associate document types with applications that have been deployed using Group Policy. For example, you cannot associate the .DOC file extension with WordPad unless you create a package file for deploying WordPad.

Creating Software Categories

Administrators can categorize the software deployed in their organizations. This allows users to choose from categories in Add/Remove Programs such as "Graphics" or "Microsoft Office" (see Figure 7.2) rather than from a long and arbitrary list of applications (see Figure 7.3).

Click to view at full size.

Figure 7.2 Add/Remove Programs listing a category of applications

Click to view at full size.

Figure 7.3 Add/Remove Programs listing all published applications

Software categories function on an Active Directory-wide basis. You can gain access to the Categories tab from within any OU. However, any changes you make will be reflected throughout Active Directory directory services.

You create a category by editing the GPO for any OU. Expand Software Settings, for either Computer Configuration or User Configuration. Right-click Software Installation, and select Properties. In the Software Installation Properties dialog box, click the Categories tab. Click the Add button, the Modify button, or the Remove button to create, edit, or remove a category.

You can assign a software package to a category at the time you deploy the application, or you can assign it anytime thereafter. Packages can also be listed under more than one category. You assign a package to a category from the Categories tab in the package's Properties dialog box.

Modifying Deployment Options

To change the deployment options for an application, right-click the package file-name in Software Installation, and then click Properties. When the Properties dialog box appears, click the Deployment tab and set any combination of the options listed in Table 7.3.

Table 7.3 Deployment Tab Options

Option Description
Deployment Type You can change the deployment type for an application, changing an application from assigned to published, or vice-versa. This will affect new installations of the application, but will not affect users who have already installed the program.
Auto-Install This Application By File Extension Activation Normally, applications are installed upon document invocation. There might be times, however, when you don't want applications to automatically install. If so, you can turn off Auto-Install, but only for published applications.
Uninstall This Application When It Falls Out Of The Scope Of Management Administrators can choose to have applications uninstall when the deployment's GPO no longer applies to a particular user or group of users. For example, suppose Mary is a member of the Accounting OU, and accounting has been assigned Excel. If Mary is moved to the Human Resources OU, the Excel GPO will no longer apply to her. Administrators can decide whether to leave Excel on her computer or have it automatically uninstalled after she changes OUs.
Do Not Display This Package In The Add/Remove Programs Control Panel One way to restrict the ability of users to install software is to prevent the application from being displayed in Add/Remove Programs in Control Panel. Users can still install software by document invocation or by accessing an advertised shortcut. However, they won't be able to install the software unless they actually need to use it.
Installation User Interface Options Native Windows Installer packages often come with two different setup interfaces. The basic interface installs the software using default values. The maximum interface prompts the user to enter values. Administrators can choose which interface to expose to users during setup. Repackaged applications generally offer only a basic interface.

Resolving Common Problems

You might encounter problems when deploying software with Group Policy. Here are some suggested strategies for resolving some of the more common problems you might encounter.

  • Verify that the application appears in Add/Remove Programs. If applications do not appear as expected, this is likely because of a problem in how those applications were deployed. To determine whether an application has been assigned or published to a user, log on as that user and start Add/Remove Programs. If the application appears in Add/Remove Programs but there is no Start menu shortcut, it means the application has been published rather than assigned. If the application does not appear in Add/Remove Programs, the application was never deployed, it was deployed in the wrong OU, or the user is a member of a security group that is being filtered out from the effects of this GPO.

  • Verify that the user has access to the network distribution point. Sometimes an application cannot be installed because a user cannot gain access to the network distribution point (for example, the server hosting that network might be unavailable). You can verify access to the network distribution point by clicking Start, clicking Run, and then typing in the Universal Naming Convention (UNC) name of the shared folder and clicking OK. For example, to verify access to a folder called Software located on a server named Server1, type the following: \\Server1\Software.

  • Check for group policy conflicts. It's possible to assign a user an application at one level of the Active Directory directory services (for example, the domain) and then deny them access to that application at a lower level (for example, an OU). If applications are not showing up as expected, it might be due to a group policy conflict. In addition, applications can also be assigned to computers, and computer policy always overrides user policy. If a user has been assigned Word, but Word has been marked for mandatory removal from a computer, that user will not get Word if he or she logs on from that computer.

Lesson Summary

Active Directory directory services include a list of file extensions and the applications associated with those extensions. This is the list used by the Windows Installer whenever a user double-clicks an unknown file type. System administrators cannot dictate the contents of this list, but you can determine the priority for installing applications upon document invocation. In the Software Installation Properties dialog box, select the File Extensions tab and use the Up button and the Down button to set the priority order. The first application listed will be the first application installed. Application associations are managed on a per-GPO basis. Changing the priority order in a GPO affects only those users who have that GPO applied to them.

You can categorize the software deployed in your organization. This allows users to choose from categories in Add/Remove Programs such as "Graphics" or "Microsoft Office" rather than from a long and arbitrary list of applications. You can also change the deployment options for an application. The options you can change include changing the deployment type for an application from assigned to published, or vice-versa. You can also restrict the ability of users to install software by preventing the application from being displayed in Add/Remove Programs in Control Panel. Users can still install software by document invocation or by accessing an advertised shortcut. However, they won't be able to install the software unless they actually need to use it.