Applying Change and Configuration Management |
IT administrators need to install applications throughout their organizations based on how users perform their jobs. Because users vary in their software needs and in their levels of computing expertise, IT typically has to distribute a combination of:
At this point in your deployment planning, you should be able to identify:
Note
Try to avoid managing the same application, such as Microsoft Word, in different Group Policy objects that might apply to the same person.
To define your targets using Group Policy, you need to use the Group Policy and Software Installation snap-ins. With the Group Policy snap-in, you can create a new Group Policy object or edit an existing one, and assign or publish the software to either users or computers.
The Software Installation snap-in generates an application advertisement script and stores this script in the appropriate locations in Active Directory and the Group Policy object.
For more information about using Group Policy together with sites and OUs, see "Designing the Active Directory Structure" in this book. For more information about using Group Policy to implement client configuration standards, see "Defining Client Administration and Configuration Standards" in this book.
Group Policy–based software deployment is designed to simplify the process of managing software throughout its entire life cycle. You can use software installation and maintenance to assign or publish applications, to upgrade deployed applications, to install service packs, and to remove applications that are no longer needed. All of these tasks can be carried out without user intervention. Windows 2000 Group Policy allows you to distribute applications based on three criteria:
Assigning applications to users When you assign applications to users, the application always appears on the user's Start menu regardless of which computer the user logs on to. When a user starts an assigned application that is not installed on the local computer, the application will first install and then run. If a user removes an assigned application, its shortcut will reappear on the Start menu. In general, you should assign all mandatory (universal and job-specific) applications to users.
Assigning applications to computers Unlike applications that are assigned to users, applications that are assigned to computers install the next time the computer is started. If several people use a computer, and they all use the same application, then that application is a candidate for assignment to the computer. Site-licensed virus scanning software is an example of software that might be assigned to a computer. Also, assign applications to computers if the applications are required only when users use a certain computer, such as a computer in a library.
Publishing applications When you publish applications, they do not appear on the Start menu. Instead, they must be installed manually using Add/Remove Programs in Control Panel. Add/Remove Programs retrieves the list of published applications from Active Directory. Users can delete published applications from their computers and they will not be re-advertised on their computers. Publish an application when all users in a site, domain, or OU do not require the application, but it might be useful to some users. Older applications cannot be assigned to a user or computer; they can only be published.
Note
Assign software either to a user or to a computer if you want the application to always be installed, or able to be installed, no matter what the user does. Publishing connects an application less firmly to a user or computer than assigning an application.
Assigned or published applications can also be installed when the user double-clicks a document whose file name extension has been associated with that application. Table 24.5 provides additional information on the differences between assigning applications to users, assigning them to computers, and publishing them.
Table 24.5 Differences in Behavior Between Assigned and Published Applications
User assigned | Computer assigned | Published | |
---|---|---|---|
After deployment, when is the software available for installation? | After the next logon. | After the next time the computer is started or rebooted. | After the next logon. |
Where will the user typically install the software from? | The Start menu or a desktop shortcut. | The software is already installed. | Add/Remove Programs in Control Panel. |
If the software is not installed, and the user opens a file associated with the software, will the software install? | Yes. | The software is already installed. | Yes. |
Can the user remove the software using Add/Remove Programs in Control Panel? | Yes, and the software will immediately be available for installation again. | No. Only the local administrator can remove the software. | Yes, and they can choose to install it again from Add/Remove Programs in Control Panel. |
What installation files are supported? | Windows Installer packages. | Windows Installer packages. | Windows Installer packages and older applications. |
The actual steps involved in either assigning or publishing software are similar. The administrator does both from within the Software Installation snap-in. The specific tasks are described in the Help file for the snap-in.
Applications will more commonly be assigned in highly managed organizations, particularly where support costs are an issue, and where multiple users share computers. In less managed organizations, applications will more commonly be published than assigned.
In many organizations, certain people move from one location to another to perform their jobs, as in the case of a receptionist who regularly substitutes for another receptionist. Even though these employees log on to different computers, they always have high-speed or LAN connections.
Windows 2000 software installation and management can improve IT support for roaming users by installing any application they use on any computer they use as soon as they are needed by the user. Likewise, if an application that had previously been published is uninstalled, it will be removed when the user logs on again, no matter what computer they are using.
You might choose to assign software to these users. Then, when they move from one computer to another, they will see their applications. However, configure their Group Policy settings so that the application is installed only if the user actually attempts to run it.
In many organizations, people share computers. If you have computers on a factory floor, in a training facility, or in a laboratory, you probably support shared computers.
In these cases you might want to assign software to the computers rather than to users. This allows you to manage the software more effectively, and if a user uninstalls, reinstall the software as soon as the computer restarts.
Consider using Remote OS Installation in these shared computing environments. Then, if you have to rebuild the entire environment, you can do so in an efficient manner.
A growing percentage of employees, such as salespeople and consultants, travel extensively to perform their jobs. Although these users typically log on to the same computer, they sometimes connect to the network through a high-speed line, and sometimes through a low-speed dial-up connection. By default, software installation and maintenance policy is not applied over a slow link. This is true whether the intended action is a clean installation or an upgrade. For more information about configuring Group Policy for slow links, see "Defining Client Administration and Configuration Standards" in this book.
You might want to publish software to these users and ensure that any customization to the software installs locally on the user's computer (as opposed to leaving the feature to either install on first usage or run from the network).
You might also want to allow mobile workers to keep some software available on local media while they are traveling. For example, if a mobile professional makes frequent presentations, it is probably worthwhile to give them a Microsoft Office CD so that they can install or repair vital files at any time and location.