With software installation policies you get the best of both worlds; the
ability to roll-out programs like Microsoft Word, Access and Excel to local machines,
while retaining central control of all such desktop applications. For
example, you could assign a program to a group of secretaries, but when they
get a promotion, you could assign them additional accountancy software.
This avoids running programs across the network and saves you running around
to each machine in the building every time a setting needs changing.
While it is possible to assign software to computers, I prefer to
assign packages here in the User Configuration section of the Windows Server 2003 GPO (Group
Policy Object).
As a pre-requisite you must obtain the programme in .MSI format.
Then you share out the folder containing that .MSI
package.
To create the policy, launch the GPMC in Windows Server 2003, then right click 'Software Installation', choose, New,
Package, and simply browse for the UNC name of the server \\ alan\Cosmo 1.
Trap 1: Instead of choosing a UNC path (correct), you use a local path.
To see what I mean, check the
picture opposite and compare Cosmo (correct - UNC) with MSN Messenger (wrong -
e:\download)
When you configure your package Microsoft give you two options,
Assign (best) or Publish. With Assign, an icon
appears on the Start Menu and when the user clicks, the program is
installed. Contrast that with Publish, where the user would have to go to the
Control Panel, Add or Remove Programs before they could install the program.
Now, you can see that 'Assign' is easy for the users, whereas 'Publish' has
many more steps. Also 'Assign' is able to take advantage of elevated
rights, so that ordinary users in effect can install the programs that you
assign to them.
Troubleshooting
Group Policies is tricky
As an MCT trainer, I can thoroughly recommend TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Group Policy or go for
a combination of modules.
See more about Group Policy training here
With a Software Installation Policy, the
real savings come when you analyse the full life cycle of a software
package.
When you first install a new program you cannot believe that one day it will
be out of date, you also put to the back of your mind that it may need a
service pack. Providing you assign software through Group Policies, upgrade and removal are just a matter of a few clicks. You
certainly do not have to visit every desktop. Unfortunately, you
cannot remove or upgrade software that was installed manually, out side the
scope of the Group Policy. So the message is, plan for the software
life-cycle and use this smart software installation technology.
If you need to update your software package, right click, properties and
note the selection of tabs opposite.
Trap 2: Be careful when you right click and select properties.
The blue and white box called 'Software Installation' has its own properties;
these are in
addition to each .MSI package which has its own properties. My
message is, be careful where you right click.
When the time comes to upgrade, go back to the server and add the .MSI to the network share
and select 'Assign', just as you did with the first package. Now comes the crucial step,
select the Upgrades tab and add the name of the second program. Make
sure that you get the logic right, you do not want to replace the new
program with the old one!
There are options for fine-tuning your deployment strategy. I
particularly like the ability to
remove the application when the user move out of scope, for instance, if they
move to a new OU.
