What Is Group Policy Software Installation Extension?

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

What Is Group Policy Software Installation Extension?

In this section

  • Group Policy Software Installation Extension Scenarios

  • Group Policy Software Installation Extension Dependencies

  • Comparing Microsoft Software Management Solutions

This section provides a high-level overview of the Group Policy Software installation extension and compares it with other Microsoft software-management technologies.

Microsoft offers several key technologies to aid organizations with deploying new software and software upgrades or updates. One of the key reasons for implementing the Group Policy Software installation extension, a Group Policy-based technology, is to lower the company’s total cost of ownership of its computers. Because installing, upgrading, and updating applications are critical business processes, companies can leverage the built-in Group Policy software distribution technology to increase users' productivity as changes occur.

The following table describes the capabilities of the Group Policy Software installation extension.

Group Policy-Based Software Installation Capabilities

Capability Description

Central location to create distribution instructions

Windows Server 2003 administrators create the packages and configure the details of the packages that are published to Active Directory.

Central location to initiate delivery of software

By using Group Policy configurations, software is made available to computers and users that are part of the Active Directory hierarchy.

Scheduling

Software is made available to users immediately in Add or Remove Programs in Control Panel, or is automatically installed at computer startup or user logon.

Distribution targeting

Software deployment uses the Active Directory and Group Policy infrastructure services that are built into Windows Server 2003 to perform its targeting.

Installation and configuration status

Group Policy Results (formerly known as RSoP) provides detailed information on the client about what has been installed and why.

Distribution reporting

Group Policy provides interfaces for collecting data on individual software installations, but provides no such network-wide data collection mechanisms.

Disaster recovery for applications

With Group Policy, assigned applications automatically reinstall after system loss, and published applications are available for users to reinstall on-demand or by choosing the software in Add or Remove Programs.

Group Policy Software Installation Extension Scenarios

The Group Policy Software installation extension enables the administrator to create a controlled environment, providing on-demand software installation and automatic repair of applications. Users benefit from reliable access to the applications that they need to perform their jobs on any computer they use on their network.

Scenarios where organizations might use Group Policy-based software distribution include the following:

  • Publish applications that are nonessential for the users. When software is published for a user, it does not initially appear to be installed on the computer. There is no Windows Installer advertisement information about the software on the computer in the registry, on the desktop, or on Start menu as a shortcut. On an as-needed basis, the user installs the published software by using Add or Remove Programs in Control Panel. Users can also install the published application by selecting a file that has a file name extension for an application.

  • Assign software to users or computers for either of the following reasons:

    • To make a particular application available to all users of a computer, assign the application to the computer.

    • To make mission-critical software available to users or computers at all times, assign the application to the users.

Group Policy Software Installation Extension Dependencies

The Microsoft Windows 2000, Windows XP Professional, and Windows Server 2003 operating systems provide software distribution by using Group Policy, which is built on the management infrastructure services in the operating system. Group Policy requires Active Directory directory service. Windows Server 2003 provides a robust and feature-laden software distribution mechanism for organizations by using Active Directory. The Group Policy Software installation extension also depends on Windows Installer.

For detailed information about Group Policy dependencies, see “Core Group Policy Technical Reference."

Comparing Microsoft Software Management Solutions

Microsoft offers several software solutions for networked users. An organization might already have objectives and requirements for a software installation and management product. This section compares Microsoft technologies for software deployment.

Group Policy, which is built-in to the Windows 2000, Windows XP Professional, and Windows Server 2003 operating systems, offers a convenient method for distributing software in an Active Directory environment, especially if it already uses Group Policy for other purposes, such as securing client and server computers. However, a Group Policy-based software installation has some basic limitations, including difficulties with scheduling installation, consistently managing network bandwidth, and providing feedback on the status of the installation.

To carefully schedule installations, manage network use, perform hardware and software inventory, or monitor installation status, consider using Microsoft Systems Management Server (SMS). For more information about SMS, see the Microsoft Systems Management Server Product Information page.

Using the right solutions can benefit an organization by providing a centralized, efficient means to perform routine tasks such as updating software. The following table compares the various software management technologies.

Comparing Software Management Technologies

Management Function Group Policy Microsoft Systems Management Server (SMS) Terminal Services Microsoft Software Update Services (SUS)

Patch and upgrade Windows XP, Windows Server 2003, and Windows 2000

N/A

Yes

When using SMS for software management, also use it to patch Windows-based computers instead of SUS.

Although Terminal Services does not automate patching, it can be used it to remotely log on and apply patches.

Windows patches only (no upgrade)

Create consistent user environment (persistence of data, software, and settings)

Yes

Software only

Yes

N/A

Perform disaster recovery for applications in Windows 2000, Windows XP, and Windows Server 2003

Yes

Yes

N/A

N/A

Perform inventory, advanced deployment, troubleshooting, and diagnostic tools

Limited

Yes

Limited

None

Manage environments that are not Active Directory-based

No

Yes

Yes

Yes (Windows patches only)

Although all these Microsoft management technologies provide important software distribution capabilities, SMS is the preferred Microsoft software distribution solution for medium-sized, and especially for enterprise-sized, organizations. SMS provides advanced features for deploying and managing software, Windows patches, and critical updates. For organizations that use SMS as a software management solution, the Microsoft Software Update Services (SUS) SMS Feature Pack for SMS 2.0 provides the features of SUS for users of SMS 2.0 for distributing patches and critical updates to clients. However, SUS used with the Automatic Updates client is the recommended solution for distributing Windows patches in conjunction with Group Policy–based software distribution.

Although there are specific instances where an administrator might choose one software deployment method over another, many of these Microsoft technologies can be used together, depending on an organization’s needs.

The following sections describe each of these solutions.

Group Policy Software Installation Extension

The Group Policy Software installation extension is well-suited to deploy and manage software if the organization is small or medium in size, and the following conditions exist:

  • The administrator has deployed Active Directory.

  • The administrator has determined that Group Policy provides the management features the organization requires.

  • The administrator has a base of client computers running Windows 2000 Professional or Windows XP Professional and member servers running Windows 2000 Server and Windows Server 2003. Note that the servers do not have to run Windows Server 2003 to use Group Policy–based software deployment.

Group Policy can also serve the needs of large enterprises that use other software installation solutions, such as SMS, across the organization. In conjunction with SMS or other solutions, Group Policy can be useful for distributing software within various groups, such as individual divisions, where the advanced capabilities of SMS might not be needed.

The following figure shows the Group Policy Object Editor interface after a new package has been added to a GPO by using the Group Policy Software installation extension.

Group Policy Software Installation Extension

Group Policy Software Installation Extension

This topic details the Group Policy Software installation extension for providing application management.

Systems Management Server

SMS is appropriate for organizations if any of the following conditions exist:

  • The organization is medium or large in size.

  • Its users are running operating systems earlier than Windows 2000 Professional.

  • The organization requires more advanced capabilities for planning, scheduling, distributing, and tracking software.

The advanced capabilities of SMS include such features as inventory-based targeting, status reporting, server-side and client-side scheduling, support for multisite facilities, centralized hardware and software inventorying, remote diagnostic tools, software metering, software distribution-point population and maintenance, and other enhanced software deployment features. SMS also provides support for Microsoft Windows 95, Windows 98, Windows NT 4.0, Windows 2000, and Windows XP clients. Additionally, SMS does not require Active Directory. For more information about SMS, see the Microsoft Systems Management Server Product Information page.

Terminal Services

Terminal Services can be very useful if an organization has Windows-based desktop applications that require frequent updates, and the users who require those applications are in remote locations and have low bandwidth. When used as a terminal server, a server becomes a Windows application server. This allows the user to run Windows-based applications remotely on the server while only the mouse, keyboard, and display data are transmitted to the local computer. Terminal Services allows an administrator to offer users software as a remote service instead of as a local installation package, as with Group Policy-based software distribution. For more information about Microsoft Terminal Services, see the Terminal Services topic.

Microsoft Software Update Services

Microsoft Software Update Services (SUS) can be used to quickly acquire and distribute critical Windows patches to computers in an organization. By using SUS, an administrator can choose which of the latest critical or security patches to download, test them in a company-standard operating environment, and then efficiently deploy the patches to the appropriate computers running the Automatic Updates client.