Group Policy and Software Management

Group Policy and Software Management
One of the more popular gee-whiz features that Microsoft showcases at Windows 2000 events is automated software installations, updates, and removals using IntelliMirror technology. Group Policy makes this software management possible. This week, I discuss Group Policy and software management, including its configuration, its capabilities, and its limitations.

You can manage software with the Software Installation snap-in, which you can find in the Group Policy Editor's (GPE's) Software Settings folder. The Software Installation snap-in is the same snap-in that you can find in both User Configuration and Computer Configuration, tools that let you distribute software to either users or computers depending on your needs. Using this Group Policy component, you can implement initial application deployment, perform upgrades, apply patches and service packs, and remove previously distributed applications.

Obtaining the Software Package
Before you can use Group Policy to distribute software, you must obtain a Windows Installer package, which, with the Windows Installer service, manages software installation, modification, and removal. A Windows Installer package consists of an .msi file, which is essentially a database that contains information about installing an application. An .msi file is like a setup.exe file, but it provides more control and consistency when installing applications on Win2K and other Microsoft OSs. Recent versions of most applications ship with .msi files that work with the Windows Installer service.

If the application that you want to distribute with Group Policy doesn’t have an .msi file, you might be able to create a suitable Windows Installer package using a repackaging program such as the Veritas WinINSTALL Limited Edition repackaging tool, which you can find in the W2K Server CD-ROM's Valueadd directory. The Microsoft Web site lists other repackaging tools that you can use.

If you can't get or create an .msi file, you can use a .zap file, which is basically a text file that contains instructions for deploying an application. Applications that you deploy using a .zap file typically require user intervention, and you can only publish them—you can't assign them.

Publishing vs. Assigning Applications
When distributing software, you must choose whether to publish applications to users or assign applications to users or computers. When you publish an application, you add it to the list of applications that users can install with the Add/Remove Programs applet in Control Panel. Publishing applications is a good technique to use when you want to make applications available to some—but not all—users.

You can assign applications to users or computers. When you assign an application to a user, you add it to a user's Programs menu. The first time the user attempts to run the program, it installs—no matter which machine that user is logged on to. When you assign an application to a computer, it installs the next time the machine restarts, regardless of which user logs on.

When to Use Group Policy
Distributing software with Group Policy is extremely useful when you do it correctly. If you don't do it correctly, you can create more problems than you solve. For example, you want your users to use Outlook as their default mail client, so you use the Default Domain Policy to assign the application to all Win2K computers on your network. On Monday morning, everyone arrives at 9:00 A.M. and starts up their computers, triggering a simultaneous network install to all computers in the company. Odds are, your network bandwidth quickly becomes overwhelmed, and most installations hang. To avoid such calamities, understand the processes you implement and plan your distributions thoroughly.

You can use Group Policy to install Outlook on your organization's computers, but you'd be wise to phase in the installation over time by making the changes to Group Policy Objects (GPOs) at the Organizational Unit (OU) level. If that's not possible, consider using Systems Management Server (SMS) for the deployment. SMS lets you perform bandwidth throttling and load balancing, and you can use it to distribute software to non-Win2K clients.

For More Information
To learn more about Group Policy and software management, check out the following articles on the Windows 2000 Magazine Network:

Software Installation in Windows 2000

Group Policy
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.