 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
| HOME & HOME OFFICE |  |
SMALL & MEDIUM BUSINESS | |
ENTERPRISE | |
PARTNERS |
|
|
|
|||||||
|
|||||||||
|
|||||||||
|
|||||||||
While numerous applications come with their own mechanism for deployment, such as the PerfectDisk Command Center, many organizations prefer to deploy all applications with Microsoft’s Active Directory® Group Policy. This provides a consistent method for this activity and reduces the learning curve for those involved with this aspect of enterprise system management. And while many organizations are “Active Directory shops,” there are still many others that have not yet begun using Active Directory and are just now in the planning stages.
As an introduction, Active Directory is a network operating system that functions as a single point of management for Windows®-based user accounts, clients, servers and applications. It serves as a secure system for sharing applications and services, and provides the ability to build applications that give a single point of access to multiple sources in a network. Active Directory also allows for any object on a network to be tracked and located, and allows administrators to deploy programs to many computers and apply critical updates to an entire organization.
A directory service is a place to store information about network-based entities such as applications, files, printers and people. It gives a consistent way to name, describe, locate access, manage and secure information about these resources and acts as a main switchboard of the network operating system.
Now, we’ll take a look at how to use Active Directory to deploy applications, even those that don’t come with a Windows installer package. Windows administrators know that one of the biggest chores they have is dealing with application lifecycle management. Even if there are only 20 machines in the network, it’s a laborious process – much more than that, and certainly when the number is in the thousands or tens of thousands, visiting each machine is not an option for updating an application.
It’s common today for applications to include a Windows installer package (an .MSI file) to help you deploy via Active Directory. And even if the application you want to deploy does not include a Windows Installer package, it is possible to make your own .MSI file for an existing application.
The reason that .MSI files are the preferred installer package for Windows is because of the file format’s capabilities. When you install or uninstall an .MSI file on a machine running Windows, Windows creates a system restore point. Furthermore, .MSI files allow the application to be “self-healing,” meaning that if part of the application is damaged or removed, Windows has enough information to replace the damaged or missing parts. And, .MSI files allow the system to automatically perform a rollback to its previous state if an installation should fail.
However, if an application does not have an.MSI file, you will need to rely on a third party .MSI creation tool, of which there are several. MSI files are actually database files with information pertaining to every file and setting that the application installs or modifies. Since they involve some level of complexity, most of the .MSI file creation utilities require you to do at least some scripting when you create an .MSI file.
Within Active Directory, group policies are the main component of network security. Group policy objects can be applied to either users or computers. Deploying applications through Active Directory is also done through the use of group policies, and therefore applications are deployed either on a per user basis or on a per computer basis.
There are two different ways that you can deploy an application through Active Directory. You can either publish the application or you can assign the application. You can only publish the application to users, but you can assign applications to either users or to computers. The application is deployed in a different manner depending on which of these methods you use.
Publishing an application doesn’t actually install the application, but rather makes it available to users. For example, if you were to publish PerfectDisk, since it is a group policy setting, it would not take effect until the next time that the user logs on. When the user does log in, however, they will not initially notice anything different. The user would be able to see PerfectDisk in the Control Panel and click on the Add/Remove Programs option and see it on the list. The user can then choose to install PerfectDisk on their machine.
Assigning an application to a user works differently than publishing an application. Again, assigning an application is a group policy action, so the assignment won’t take effect until the next time that the user logs in. When the user does log in, they will see that the new application has been added to the Start menu and/or to the desktop.
Although a menu option or an icon for the application exists, the software hasn’t actually been installed. To avoid overwhelming the server containing the installation package, the software is not actually installed until the user attempts to use it for the first time. This is also where the self-healing feature comes in to play. Whenever a user attempts to use the application, Windows always does a quick check to make sure that the application hasn’t been changed. If files or registry settings are missing, they are automatically replaced.
Assigning an application to a computer works similarly to assigning an application to a user. The main difference is that the assignment is linked to the computer rather than to the user, so it takes effect the next time that the computer is rebooted. Assigning an application to a computer also differs from the user assignments in that the deployment process actually installs the application rather than just the application’s icon.
Setting up the actual deployment is simple. The most important thing to remember is that the .MSI file and the corresponding package must exist within a network share, and everyone must have read permissions for that share.
To perform the deployment, open the Group Policy Editor. To publish or assign an application to a user, navigate through the group policy console to User Configuration / Software Settings / Software Installation. Now, right click on the Software Installation container and select the New / Package commands from the shortcut menu. Select the appropriate .MSI file and click Open. You are now asked whether you want to publish or assign the application. Make your selection and click OK.
The process for assigning an application to a computer is almost identical. The only real difference is that you would use the Software Settings / Software Installation container beneath the Computer Configuration container rather than beneath the User Configuration container.
|