Learn AD in 15 Minutes a Week: Windows 2000 GPO Software Deployment
July 24, 2002
by Jason Zandri
Welcome to the 11th installment of Learn Active Directory Design and Administration in 15 Minutes a Week, a weekly series aimed at current IT professionals preparing to write the new Windows Active Directory Design and Administration exams (70-219 and 70-217 respectively), as well as newcomers to the field who are trying to get a solid grasp on this new and emerging directory service from Microsoft. This installment is going to cover some of the Windows 2000 Server Software Management Tools for handling the deployment and management of software through Group Policy. This week is going to focus on Deploying Software and Software Maintenance.
There are different approaches to deploying software and there is no one set standard that is going to fit all the needs of every organization and enterprise. There are a few guidelines and default behaviors that the different methods employ.
The reference chart below shows some of the differences between the different methods.
You want to PUBLISH an application when you want the application to be available to people. When applications are published, users are able to decide whether or not to install the published application. Applications can only be published to users, not to computers.
The application is available for users to install either by using Add/Remove Programs in Control Panel or by attempting to access a file with a file extension that has been associated with the application.
You need to determine which application will install when a user attempts to access a file. This is done by selecting the specific file extensions on the File Extensions tab of the Software Installation Properties page.
Click to Enlarge
The application that is the highest in the Application Precedence list box is the application installed when a document with the selected file name extension is accessed before the application has been installed on a given system or to a specific user. For example, if you attempt to access FILENAME.xls and both Excel and Lotus 1-2-3 are listed in the box and neither is installed, Excel is the program that will be installed.
File extension associations and which applications are installed upon file access are managed individually in each Group Policy Object.
Application Categories can be created to make it easier for users to locate the appropriate application from within Add/Remove Programs in Control Panel. Application Categories that Administrators define are set on a domain-wide basis.
This is done on the Categories tab of the Software Installation Properties page by clicking on the Add button at the bottom of the property sheet and then entering a name for the new category in the "Enter New Category" dialog box.
After software has been deployed throughout the enterprise, it will often need to be updated due to the release of a service pack, service update, a version upgrade, or any number of other reasons.
Upgrades will usually involve some level of change to the base software install on the systems. You can use Group Policy to upgrade an existing application to a new release.
In order to upgrade applications through Group Policy you need to select the Software Installation node in the Software Settings under either Computer or User Configuration (depending on where it is being installed from) in the Group Policy Object.
In the details pane (the right hand side), you would right-click the new Windows Installer package that will deploy the upgrade (not the original MSI package that has already been deployed throughout the enterprise), then select Properties.
In the Upgrades tab of the application's Properties dialog box, click Add to add to the list of packages that are to be upgraded by the current package.
In the Add Upgrade Package dialog box (shown below) you would specify either "Current Group Policy Object" or "A Specific GPO" as the source of the package to be upgraded in the "Choose a Package From" section of the property page.
A list of all the other packages assigned to be published within the selected GPO appears under the heading "Package To Upgrade" if there are any others available.
In the "Package To Upgrade" section you would highlight the package to upgrade, and you can then choose to either "Uninstall The Existing Package, Then Install The Upgrade Package" or "Package Can Upgrade Over The Existing Package".
Once you have made your selection and returned to the Upgrades tab you can enable the "Required Upgrade For Existing Packages" check box if you want the upgrade to be mandatory, then click OK to close out of the page.
You will notice that if you are making the upgrade on the Computer Configuration node of the Group Policy snap-in, the "Required Upgrade For Existing Packages" check box is selected and grayed out because packages can only be assigned to computers, not published.
There will be times when software is totally retired from use in the enterprise or a specific application or suite of applications are replace by another vendors brand.
This can be done through Group Policy by selecting the Software Installation node in the Software Settings under either Computer or User Configuration, (depending on where it is being installed from) in the Group Policy Object.
In the details pane, right-click the application you want to remove, click All Tasks, then click Remove.
Click to Enlarge
The Remove Software Dialog box appears and allows you to select one of the following removal options:
Immediately Uninstall The Software From Users And Computers -- Removes the application the next time a user logs on or restarts the computer.
Allow Users To Continue To Use The Software, But Prevent New Installations -- Allows users that already have the software installed to continue to use it. If they remove it, it will not be redeployed through the Group Policy.
Well, that wraps up this section of Learn Active Directory Design and Administration in 15 Minutes a Week covering some of the Windows 2000 Server Software Management Tools for Deploying Software and Software Maintenance. I hope you found it informative and will return for the next installment.
If you have any questions, comments or even constructive criticism, please feel free to drop me a note.
I want to write good, solid technical articles that appeal to a large range of readers and skill levels and I can only be sure of that through your feedback.
Until then, best of luck in your studies and remember,
"I still yet have to figure out why don't they just make mouse-flavored cat food."