Guy recommends :
Free Solarwinds
VM Console

Find out which of your VMs are a waste of space and which VMs need more resources.

Custom Search

Solarwinds' free monitor makes it easy to check the performance and health of a router or firewall.

Download your free Network Device Monitor

1) FreePing
2) Wake-on-LAN
3) Xobni
4) PuTTY
5) WMI Monitor
6) BgInfo
7) Net-SNMP
8) IP Address Tracker
9) DNS Stuff
10) WinDiff Compare

User Group Policy - Software Installation

Microsoft Group Policy - Software Installation

With software installation policies you get the best of both worlds; the ability to roll-out programs like Microsoft Word, Access and Excel to local machines, while retaining central control of all such desktop applications. For example, you could assign a program to a group of secretaries, but when they get a promotion, you could assign them additional accountancy software. This avoids running programs across the network and saves you running around to each machine in the building every time a setting needs changing.

While it is possible to assign software to computers, I prefer to assign packages here in the User Configuration section of the Windows Server 2003 GPO (Group Policy Object).

‡

Getting Started - Assign your .msi package

As a pre-requisite you must obtain the programme in .MSI format. Then you share out the folder containing that .MSI package.

To create the policy, launch the GPMC in Windows Server 2003, then right click 'Software Installation', choose, New, Package, and simply browse for the UNC name of the server \\ alan\Cosmo 1.

Trap 1: Instead of choosing a UNC path (correct), you use a local path. To see what I mean, check the picture opposite and compare Cosmo (correct - UNC) with MSN Messenger (wrong - e:\download)

When you configure your package Microsoft give you two options, Assign (best) or Publish. With Assign, an icon appears on the Start Menu and when the user clicks, the program is installed. Contrast that with Publish, where the user would have to go to the Control Panel, Add or Remove Programs before they could install the program. Now, you can see that 'Assign' is easy for the users, whereas 'Publish' has many more steps. Also 'Assign' is able to take advantage of elevated rights, so that ordinary users in effect can install the programs that you assign to them.

Guy Recommends: Permissions Analyzer - Free Active Directory Tool

I like the Permissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.

Download Permissions Analyser - Free Active Directory Tool

Product life-cycle

With a Software Installation Policy, the real savings come when you analyse the full life cycle of a software package. When you first install a new program you cannot believe that one day it will be out of date, you also put to the back of your mind that it may need a service pack. Providing you assign software through Group Policies, upgrade and removal are just a matter of a few clicks. You certainly do not have to visit every desktop. Unfortunately, you cannot remove or upgrade software that was installed manually, out side the scope of the Group Policy. So the message is, plan for the software life-cycle and use this smart software installation technology.

Software Group Policy - Upgrades

If you need to update your software package, right click, properties and note the selection of tabs opposite.

Trap 2: Be careful when you right click and select properties. The blue and white box called 'Software Installation' has its own properties; these are in addition to each .MSI package which has its own properties. My message is, be careful where you right click.

When the time comes to upgrade, go back to the server and add the .MSI to the network share and select 'Assign', just as you did with the first package. Now comes the crucial step, select the Upgrades tab and add the name of the second program. Make sure that you get the logic right, you do not want to replace the new program with the old one!

Deployment

There are options for fine-tuning your deployment strategy. I particularly like the ability to remove the application when the user move out of scope, for instance, if they move to a new OU.

Categories

These are only used if you are publishing. Guy says avoid publishing!

Summary Group Policy Software Installation

By assigning software you can distribute packages to users, or to computers and potentially anyone who logs on. If you assign the program to a user, the operating system install the executable when the user logs on to that machine

If you assign the program to a computer, then it is available to all users who log on to the computer. When a user first runs the program, the installation completes.

Group Policy ebook Windows 2003 Download my 'Master Group Policies' ebook only $6.25

The extra features you get in your eBook include: Spreadsheet with over 850 policies. Printer friendly version over Word A4 pages in Word.

See more security Group Policies

• Group Policies • Troubleshooting Group Policies • Security Options

• Group Policy Overview • Group Policy Tactics • Security Restricted Groups

• Security System Services • Security Audit • Security Event Log

If you like this page then please share it with your friends

Custom Search

Guy Recommends:
Orion's NPM - Network Performance Monitor

Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.

This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.

Download a free trial of Network Performance Monitor

Please report a broken link, or an error.