Configure Software Deployment GPOs
The Group Policy Software Installation (GPSI) feature allows you to deploy software to multiple users. The software can be made available in two ways: One of the ways is that as soon as the software is deployed the users can access the software from any computer and the other way is to deploy the application to computers. The users logged in can use the applications. With the use of GPSI the applications can be deployed without the use of any technical support representative. The applications can be updated, maintained and deleted through the GPO as per the needs of the organization.
The applications can be deployed using Windows Installer Packages. These files are available with .msi extension. The .msi files contain explicit instructions regarding the installation and removal of the application. To update the applications the patch files called .msp files are used.
As mentioned above, the applications can be deployed in two ways, these ways are:
- Assigning Application: When an application is assigned to users through GPSI, the assignment takes effect as soon as the users log on to any of the systems the next time after the assignment. When the users log in, they can see that the new application added to the Start menu and / or to the desktop. However, the application they see on their computer is not actually been installed to their systems. The software is not actually installed until the user attempts to use it for the first time. When the application is assigned to the computer then the application is installed as soon as the computer boots up the next time.
- Publishing Application: Publishing an application doesn’t actually install the application, but rather makes it available to users. As soon as the user logs in, they cannot find the applications on their start menu or the desktop. Instead the application appears as an available application for the users to install using the Add Remove Programs from the Control Panel on a Windows XP system or in Programs and Features on a Windows Server 2008 and Vista systems.
Deploying an Application through GPSI
To deploy an application through GPSI, you need to:
- Create a First level OU called Applications and then create a Global security group under it called grp_Notepad using Active Directory Users and Computers snap-in, as shown in Figure 5-15. The users of only this group will be able to get the deployed application.
- Ensure that you have the application available to you on your hard disk that you want to deploy. For testing purpose, you can download XML_Notepad application from the URL www.microsoft.com\downloads.
- Provide Read and Execute permission on the folder in which you have kept the installation package for the software to be installed to the grp_Notepad group.
- Open the Group Policy Management snap-in and then create a new group policy object called App_to_deploy_notepad.
- Right_click the App_to_deploy_notepad GPO and then select Edit from the menu that appears, as shown in Figure 5-16:
- Expand the Software Settings node under the User Configuration node in the Group Policy Management Editor that appears, as shown in Figure 5-17
- Right_click the Software Installation node and then select New->Package
- Provide the path of the software installation folder in the Name field of the Open dialog box that appears and click Open. In this example provide the path for the XML_Notepad that you have downloaded.
- Select Advanced in the Deploy Software dialog box that appears.The Properties window of the deployment package appears, as shown in Figure 5-18.
- Click Deployment tab and then select Assigned.
- Select Install this application at logon and then select Uninstall this application when it fails out of the scope of management options.
- Click OK and then close the Properties window and the Group Policy Management Editor window
- Select the App_to_deploy_notepad GPO from the Group Policy Objects container in the Group Policy Management console, as shown in Figure.
- Click on the Scope tab and remove Authenticated users from the Security Filtering list.
- Add grp_Notepad group that you have created to the Security Filtering list, as shown in Figure 5-19:
The GPO is now ready to be implemented. It cannot function until it is linked to a domain. So you now need to link it to a domain
- Right-click the domain name and then select Link an Existing GPO option from the menu that appears, as shown in Figure 5-20:
- Select the App_to_deploy_notepad GPO from the Select GPO dialog box that appears, as shown in Figure 5-21:
The linked GPO appears in the list of Linked Group Policy Objects for the domain as shown in Figure 5-22.
The software application is now assigned to the user of group grp_Notepad. As soon as the users of this group will logon to any of the computers in the domain the application will be installed when the users will try to use it.