Group Policy Software Deployment Background
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To deploy software using Group Policy, you must have an Active Directory–based domain and Windows 2000 or Windows Server 2003 domain controllers. Also, the clients must run Windows 2000 Professional or Windows XP Professional. By using other Windows Server 2003 features and technologies, such as those described in Table 8.2, you can take full advantage of Group Policy-based software deployment.
Table 8.2 Essential Tools and Components for Deploying Software in a Managed Environment
| Component or Tool | General Description | Combined with Group Policy Software Installation Extension |
|---|---|---|
Active Directory |
A hierarchical collection of objects including domains, sites, OUs, users, computers, and printers that allow an organization to manage these resources. |
Provides the scope of management mechanism to locate users and computers. Stores software deployment information through Group Policy. |
Group Policy |
An administrative tool for defining and controlling the way programs, network resources, and the operating system work for users and computers in an organization. In an Active Directory environment, you apply Group Policy to users or computers on the basis of their membership to sites, domains, or OUs. |
Enables you to deploy applications in a Group Policy object (GPO) associated with one or more Active Directory containers, such as sites, domains, or OUs. Use the software installation extension of the Group Policy Object Editor Microsoft Management Console (MMC) snap-in to deploy applications. |
Windows Installer |
A service based on an operating system, which provides software installation services using a standard package format. You can use Windows Installer to manage the installation, modification, upgrade, and removal of software applications. |
Installs, modifies, upgrades, and removes software applications. |
Software installation extension of the Group Policy Object Editor MMC snap-in |
An extension of the Group Policy Object Editor MMC snap-in that includes a user interface that allows administrators to deploy and manage software. |
Communicates with Active Directory, GPOs, and Windows Installer to assign or publish applications as follows:
|
Group Policy Management Console (GPMC) |
A new tool that consists of an MMC snap-in and command-line tools. This tool unifies management of all aspects of Group Policy across an enterprise. GPMC allows you to manage all GPOs, Windows Management Instrumentation (WMI) filters, and permissions on your network. |
Group Policy Modeling (formerly known as RSoP planning) allows you to run hypothetical scenarios to verify software configurations under various sites, domains, and OUs. Provides printable HTML reports. Group Policy Results(formerly known as RSoP logging)verifies which software applications are properly installed for a specific group of users or computers. It also pinpoints the causes of unintended removal or damage to software. Provides HTML printable reports. |
Add or Remove Programs |
A user interface in Control Panel of Windows XP Professional and Windows 2000 Professional. Add or RemovePrograms lets users manage software on their own computers. |
Lists both published and assigned applications so that users can install, modify, and remove software from their desktop computers. |
Command line and Graphical User Interface (GUI) tools or scripts |
These include GPResult.exe, GPOTool.exe, GPUpdate.exe, ReplMon.exe, NetDiag.exe, InstallShield, and the new Group Policy Management MMC snap-in. Some are installed by default; others must be installed manually. |
Helps you manage, optimize, or troubleshoot Group Policy-based software deployment. |
The software installation extension of Group Policy allows you to centrally manage the installation of software on all client computers in your organization. You do this either by assigning applications to users or computers, or by publishing applications for users.
Assign software on a per-user or per-computer basis when you do not want to give users the choice to install or remove the software. For example, if a user accidentally removes a user-assigned application by using Add or Remove Programs, the software installation extension of Group Policy automatically reapplies the advertisement information after the user logs on or the computer restarts, and the software is reinstalled the next time a user selects it. It is not possible for a user to delete a computer-assigned application. In most cases, packages that you assign to users or computers include applications that are essential but do not create congestion between the clients and the software distribution points.
If you use Group Policy-based software deployment, you can publish software for users only (not available for computers). When you publish software for users, you give them the opportunity to decide if and when they want to install it. They can install the software from a list of published applications in Add or Remove Programs in Control Panel. For example, not everyone in the organization requires software for project management. Therefore, a software administrator is likely to publish a project management package for only those users who require it. Managers who require the software can then choose to install it.
Users can always see both assigned and published applications in Addor Remove Programs.
For more information about assigning software to users and computers and publishing software for users, see "Assigning and Publishing Software" later in this chapter.