by Michael Day
Group Policies contain
many valuable features. In this article I am going to discuss
how we can use them to install and maintain software remotely and in
a Just In Time method.
Group Policies contain many valuable features.& In this article I am going to discuss how we can use them to install and maintain software remotely and in a Just In Time method.
The first issue in Deploying
software remotely whether it is through Group Policies, Microsoft
SMS, or any other deployment program is creating the Install
Package. This package contains the answers to all the
questions that you would get if you were sitting in front of the
computer. The nice part of the Installation Package you create
for Group Policy Object (GPO) deployment is that they are not just
limited to GPO. The packaging program (WinInstall LE) creates
the package as a MSI or Microsoft Installer program. That
style of program can be deployed via GPO, Microsoft SMS, or
Creating the Initial Package is very easy to do as
long as you follow these points.
Create your package on a clean install of Windows
2000. Just install the OS and WinInstall LE (found in the
valueadd3rdpartymgmtwinstle directory on the Windows 2000
One program per package. Do not try to create
a package that will install every piece of software your company
uses because that is just asking for trouble.
Once you have your clean machine setup run the
WinInstall program (DISCOZ.EXE) and select create a
Type the name of the application as you want it to
appear up to 40 Characters.
Type the name and path of a Windows Installer
package (without the .msi extension) to store information about
the installation. The path should be on your file server.
- Enter a drive letter where WinInstall can store its temporary
work files, preferably a local drive. You need a minimum of 250 megabytes of space available. WinInstall creates a
temporary working directory, DISCOVER.WRK, and will delete it
after the process is completed.
- Select a drive that Discover will scan for changes. This is
the drive containing the application you want to package. You must
choose one drive, but it is important to select only the drive(s)
where actual changes will occur as it will take longer the more
stuff there is to scan. The Windows directory will automatically
be scanned for the WIN INI and System INI changes, even if it is
not located on the drive selected.
- Click next at the screen that asks you about file and
You will then run through the programs installation.
Once the Installation is finished and you have
rebooted if necessary (depends on the program), run the program to
make sure it is installed correctly and make any layout changes
Run DISCOZ.EXE again and select complete the
WinInstall will again scan your computer and record
what has changed since your previous run (before the install) and
create your MSI Package.
Once that is finished find another Windows 2000
Computer and install your newly created MSI package and test it to
make sure there were no problems
Assuming there are no problems found above you are
ready to continue on and deploy your program to the end
There are Two different
methods for Deploying your MSI package via GPO’s, and there are Two
different places you can deploy them. I am assuming you
know how to create GPO’s otherwise check out the following article:
Group Policy Structures.
The first place you can deploy your programs
to is the User section of the GPO under Software Settings/Software
Installation. These programs will be deployed to the users in
the selected Organization Unit or Domain, regardless of what
computer they are logged on to. These packages are available
to the user immediately as long as you are using an existing
GPO. If you are creating a new GPO then the user need to log
off before the program will be available to them.
The Second Place is the Computer section of
the GPO under Software Settings/Software Installation. These
programs are deployed to the computers in that OU/Domain and are
applied only at bootup.
The First method of Installation is
Assigned. Assigned packages create an Icon in the start
menu which will install the program when you click on it. They
also will install the application when you open a document with the
correct extension that requires the new program. For Example
if you are Assigning Adobe Acrobat Reader and the user clicks on a
.PDF file it will install Adobe and then open that file.
The Second method is Published.
Published packages show up in Add/Remove Programs under Add New
program and are installed from there. You can also let it be
installed when the user opens a document with the correct extension
like Assigned Programs. You can only publish applications to
Users and not to Computers.
Microsoft’s Definition of the two Installation Methods.
- Publish. Administrators publish applications that users
may find useful, allowing users to decide whether to install the
application. You can only publish to users, not computers.
- Assign. Administrators assign applications that users
require to perform their jobs. Assigned applications are available
on users’ desktops automatically.
Obviously it depends on what you are installing as to where and
how you should do the installation. I will provide some
examples in Practical
To set up a package right click on Software Installation
and select new/package. You will then have to find the MSI
File to you want to install.
The next question is whether you want to publish or assign the
application. I usually select the advanced tab so I can
customize the installation. NOTE: if you are working in the
computer section Publish is greyed out.
In the Advanced Tab you can decide whether to publish or assign,
whether or not to autoinstall based on file extension, What existing
package this upgrades, and if it is a mandatory upgrade, and what to
do if you remove the install package.
Once you click on OK the package is done and ready for use.
The last step I do is logging on and applying the package to test it
I hope this helps you in using Windows 2000 Group Policies to
deploy and upgrade your software. For Upgrades, when you get a
new program just create a new package and define it as a mandatory
upgrade for the existing package.
One other major point in favor of using Group Policies to deploy
software is that if any file used by your program gets deleted or is
corrupt it will be repaired the next time you run the program which
will save on calls to the HelpDesk.