Deploying applications using Group Policy has the
advantage of requiring no special infrastructure beyond that of AD DS,
which most enterprise networks already have. When compared to a manual
installation of an application on a workstation, Group Policy
deployment provides users with quick access to the software they need,
with a minimum of interaction. Administrators might not trust end
users to perform a manual installation of a complex application
unaided, but end users can usually complete a Group Policy
installation with no special assistance.
Group Policy application deployment is package-based. To deploy an
application in this manner, the application must be in the form of a
Windows Installer package file with an .msi extension. Some
application developers—and particularly Microsoft—supply their
products as package files or provide package files on the
application installation disks.
For applications that do not include package files, your only
recourse if you want to deploy them using Group Policy is to create
the packages yourself. This requires an external utility because
Microsoft does not include any package creation tools with Windows
or with its applications. A variety of third-party tools are
available, with varying capabilities, some of which are free and
some commercial. A few of these package creation tools are listed in
Table 1.
Table 1. Windows Installer Package Creation Utilities
Exam Tip
When preparing for the 70-686 exam, you should be
aware that the exam covers the process of deploying packages by
using Group Policy, but not the process of creating those
packages.
A Windows Installer package file is a relational database that
contains one or more products, with each product consisting of a
number of features and one or more components. The component is the
smallest unit that the Windows Installer engine can install. For
example, a single .msi file might contain two products: an
application in 32-bit and 64-bit versions. Each product might
contain several features, which are the different programs that make up the application, with
each feature having multiple components. The Windows Installer
wizard interface typically displays the various features, as shown
in Figure 1, enabling
the user to select which ones to install.
Windows Installer packages contain instructions that dictate
how the installation process proceeds on the target computer. A
package can include an interactive preinstallation phase, in which
the end user can select a location for the application and the
features to be installed, among other options. Packages can also be
configured to install the application with no interaction, either
because the optional parameters are specified on a command line—a
method called quiet mode—or because the default
installation parameters are preconfigured in the package
itself.
Note
DEPLOYING OTHER FILE
TYPES
In addition to MSI packages, there are other file
types you can deploy using Group Policy Software Installation,
such as patch files (with an MSP extension) that contain updates
or service packs and modification files (with an MST extension),
which alter the installation process of an existing MSI file. For
example, if you have an MSI package supplied by the manufacturer,
you can use a third-party tool to create an MST file that changes
the installation defaults, rather than modify the MSI file.
Understanding Group Policy Deployment Components
The process of deploying applications to Windows 7
workstations using Group Policy involves the following three main
components:
-
Software Installation
extension. Software Installation in an extension to the Group
Policy Management Editor snap-in, which appears by default
whenever you edit a Group Policy object. Administrators use
the extension to create Software Installation policies, which
specify the packages to be deployed and contain settings that
dictate how the workstations install the applications.
-
Windows
Installer. The Windows installation engine that reads the contents
of Windows Installer MSI files and follows the instructions
contained therein to install, maintain, or remove
applications. All Windows server and workstation versions
since Windows 2000 include Windows Installer, and associate
the engine with the .msi file name extension.
-
Get Programs control
panel. The Windows 7 and Windows Server 2008 R2 component on
which applications published using Group Policy appear. Users
can install applications deployed to this control panel as
needed. In Windows versions prior to Windows Server 2008 and
Windows Vista, this component was called the Add Or Remove
Programs control panel.
Understanding Group Policy Deployment Types
The Software Installation extension is a component that uses
Group Policy to associate packages with specific AD DS objects. AD
DS then functions as a delivery service that deploys advertisements
for the packages to specific computers and users on the network.
After it’s there, the Windows Installer engine on the receiving
computer processes the MSI package, executing the instructions it
contains to install the application.
Every Group Policy object has two Software Installation
policies, one under Computer Configuration and one under User
Configuration, as shown in Figure 2. Computers in
the AD DS domain apply Computer Configuration policies when they
start up, and User Configuration policies when a user logs on to the
domain.
The Software Installation extension supports two types
of package deployment, as follows:
-
Assign. The Software Installation policy creates an
advertisement that, in the case of a user policy, adds the
application to the target computer’s start menu, and can also
associate specific file name extensions with the application.
When the user launches the application for the first time or
opens a file associated with it, the system accesses the MSI
file from the network and uses Windows Installer to perform
the installation. The package advertisement follows the user
to whichever computer she uses to log on. You can also assign
packages to computers, in which case the installation occurs
automatically when the system starts.
-
Publish. The Software Installation policy creates an
advertisement, which it stores in AD DS, and which adds the
application to the Get Programs control panel in Windows 7 or
Windows Server 2008 R2 (or the Add Or Remove Programs control
panel in earlier versions). This enables the user to select
the program for installation or removal at any time. You can
publish a package only to users; the Computer Configuration
policy does not support the publish option.
Table 2
lists some of the questions you should ask when deciding the type of
deployment you should use.
Table 2. Software Installation Deployment Options
| |
Publish (User) |
Assign (User) |
Assign
(Computer) |
|---|
|
After the deployment, when is the
software available for installation? |
After the next
logon |
After the next
logon |
The next time the computer
starts. |
|
How does the user install the
software? |
By using the Get Programs control
panel |
By accessing the application from
the Start menu or a shortcut |
The software is installed
automatically when the computer reboots. |
|
If the software is not installed
and the user opens a file associated with the software, does
the software install? |
Yes (if auto-install is turned
on) |
Yes |
Not applicable; the software is
already installed. |
|
Can the user remove the software
by using the Get Programs control panel? |
Yes, and the user can choose to
install it again |
Yes, and the software is available
for reinstallation |
No. Only an administrator can
remove the software. |
