Before We Begin
The technique that I’m about to show you will allow you to deploy applications through the Active Directory. One of the major limitations behind this type of application deployment is that you can only use this technique to deploy certain types of applications. Specifically, you can install Windows Installer packages (.MSI files), Transform Files (.MST files), and patch files (.MSP files).
Creating MSI Files
Windows does not natively contain the necessary tools for you to create your own MSI files. Instead, you will have to rely on a third party MSI creation tool. There are several good tools available for free. Two of the more popular choices are MAKEMSI (http://dennisbareis.com/makemsi.htm) and WinInstall LE 2003 (http://www.ondemandsoftware.com/freele.asp).
Being that I’ve never been a big fan of script writing, I prefer to use the WinInstall LE tool to create MSI files. It doesn’t require any scripting, but it is a little time consuming to use. WinInstall LE requires you to have a machine with a clean Windows installation and network connectivity. The software then takes a snapshot of this machine and saves the configuration image. You would then install the application that you want to create the MSI file for and take another snap shot. WinInstall would then compare the snapshots and use the differences between the two images to create an MSI file and the corresponding installation package.
This method is a little time consuming, but is far less tedious than writing scripts. Another advantage to using this method is that it is possible to install multiple applications on to the clean machine prior to taking the second snap shot. This means that you can create a single MSI file and installation package that deploys multiple applications.
Publishing and Assigning Applications
Now that you know how to create an MSI file, there is one last concept that I need to talk about before I show you how to deploy an application thorough the Active Directory.
As you may already know, in an Active Directory environment, group policies are the main component of network security. Group policy objects can be applied either to users or to computers. Deploying applications through the Active Directory is also done through the use of group policies, and therefore applications are deployed either on a per user basis or on a per computer basis.
There are two different ways that you can deploy an application through the Active Directory. You can either publish the application or you can assign the application. You can only publish applications to users, but you can assign applications to either users or to computers. The application is deployed in a different manner depending on which of these methods you use.
Publishing an application doesn’t actually install the application, but rather makes it available to users. For example, suppose that you were to publish Microsoft Office. Publishing is a group policy setting, so it would not take effect until the next time that the user logs in. When the user does log in though, they will not initially notice anything different. However, if the user were to open the Control Panel and click on the Add / Remove Programs option, they will find that Microsoft Office is now on the list. A user can then choose to install Microsoft office on their machine.
One thing to keep in mind is that regardless of which deployment method you use, Windows does not perform any sort of software metering. Therefore, it will be up to you to make sure that you have enough licenses for the software that you are installing.
Assigning an application to a user works differently than publishing an application. Again, assigning an application is a group policy action, so the assignment won’t take effect until the next time that the user logs in. When the user does log in, they will see that the new application has been added to the Start menu and / or to the desktop.
Although a menu option or an icon for the application exists, the software hasn’t actually been installed though. To avoid overwhelming the server containing the installation package, the software is not actually installed until the user attempts to use it for the first time.
This is also where the self healing feature comes in. When ever a user attempts to use the application, Windows always does a quick check to make sure that the application hasn’t been damaged. If files or registry settings are missing, they are automatically replaced.
Assigning an application to a computer works similarly to assigning an application to a user. The main difference is that the assignment is linked to the computer rather than to the user, so it takes effect the next time that the computer is rebooted. Assigning an application to a computer also differs from user assignments in that the deployment process actually installs the application rather than just the application’s icon.
Deploying Applications
Setting up the actual deployment is simple. The biggest thing that you must remember is that the MSI file and the corresponding package must exist within a network share, and everyone must have read permissions for that share.
To perform the deployment, open the Group Policy Editor. To publish or assign an application to a user, navigate through the group policy console to User Configuration Software Settings Software Installation. Now, right click on the Software Installation container and select the New Package commands from the shortcut menu. Select the appropriate MSI file and click Open. You are now asked whether you want to publish or assign the application. Make your selection and click OK.
The process for assigning an application to a computer is almost identical. The only real difference is that you would use the Software Settings Software Installation container beneath the Computer Configuration container rather than beneath the User Configuration container.
See also (for unatended installation):
http://unattended.sourceforge.net/installers.php
No comments:
Post a Comment