1 / 34

MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY

Chapter 5. MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY. OVERVIEW. Understand how to distribute software by using Group Policy Describe how to maintain software distributed with Group Policy Troubleshoot software deployed by using Group Policy

kellie-gross
Télécharger la présentation

MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 5 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY

  2. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY OVERVIEW • Understand how to distribute software by using Group Policy • Describe how to maintain software distributed with Group Policy • Troubleshoot software deployed by using Group Policy • Explain how to restrict the use of particular applications by using Group Policy

  3. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY MANAGING SOFTWARE DEPLOYMENT BY USING GROUP POLICY • Distribution, installation, and management of software are onerous tasks in large environments. • Microsoft IntelliMirror provides a mechanism to distribute software quickly and easily to large groups of computers. • Applications can also be updated, maintained, or removed without the intervention of support personnel.

  4. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY UNDERSTANDING SOFTWARE DEPLOYMENT WITH GROUP POLICY • The Software Installation And Maintenance feature of IntelliMirror works in conjunction with Group Policy. • Using Group Policy, software can be added and removed from computer systems as required. • Client computers must be running Microsoft Windows 2000 Professional or later.

  5. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SOFTWARE INSTALLATION EXTENSION Assigned applications: • Are installed automatically on the computer that the user is using • Cannot be removed by the user after they are installed Published applications: • Are available to the user for installation • Can be removed by the user if necessary

  6. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SOFTWARE DEPLOYMENT APPROACHES

  7. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SOFTWARE DEPLOYMENT PROCESSES • Software deployment process for published applications • Software deployment process for applications assigned to users • Software deployment process for automatically installed applications

  8. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SOFTWARE DEPLOYMENT THROUGH SYSTEMS MANAGEMENT SERVER • Provides desktop management and software distribution features that significantly automate the task of upgrading software on client computers • Allows you to control and synchronize software deployments over multiple sites • Supports pre–Windows 2000 operating systems for software distribution • Enables software licensing and metering

  9. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY DISTRIBUTING SOFTWARE BY USING GROUP POLICY • Plan and prepare the software deployment. • Set up a software distribution point (SDP). • Create a Group Policy Object (GPO) and a GPO console for software deployment. • Specify the software deployment properties for the GPO. • Add Microsoft Windows Installer packages to the GPO, and select a package deployment method. • Set Windows Installer package properties.

  10. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY PLANNING AND PREPARING A SOFTWARE DEPLOYMENT • Review your organization’s software requirements. • Determine how you want to deploy your applications. • Create a pilot to test how you want to assign or publish software. • Prepare your software using a format that allows you to manage it based on what your organization requires, and test all packages. • Gather the Windows Installer packages (.msi files) for the software. Perform any necessary modifications to the packages.

  11. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SETTING UP AN SDP • Create the folders for the software on the file server that will be the SDP, and make the folders network shares. • Copy the software, packages, modifications, necessary files, and components to a folder on the SDP. • Set the appropriate permissions on the folders hosting the SDP. • Use Group Policy to manage the software within the appropriate GPO.

  12. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SPECIFYING SOFTWARE DEPLOYMENT PROPERTIES FOR THE GPO

  13. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY ADDING WINDOWS INSTALLER PACKAGES TO THE GPO AND SELECTING THE PACKAGE DEPLOYMENT METHOD • Specify the software applications you want to deploy by adding Windows Installer packages to the appropriate node of the GPO. • Modifications must be associated with the Windows Installer package at deployment time. • Transforms and patch files are applied to the Windows Installer package in the order you specify.

  14. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SETTING WINDOWS INSTALLER PACKAGE PROPERTIES

  15. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SOFTWARE DEPLOYMENT BEST PRACTICES • Assign or publish just once per GPO. • Assign or publish close to the root in the Active Directory hierarchy. • Make sure Windows Installer packages include modifications. • Specify application categories for your organization. • Take advantage of authoring tools. • Repackage existing software. • Know when to use Group Policy Software Installation and SMS.

  16. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY MAINTAINING SOFTWARE DEPLOYED WITH GROUP POLICY Software deployed with Group Policy can subsequently be • Redeployed • Upgraded • Removed

  17. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY REDEPLOYING APPLICATIONS DEPLOYED WITH GROUP POLICY Redeployment can be necessary if the following conditions exist: • Service packs or patches must be applied. • Features must be enabled or disabled. • Configurations must be updated.

  18. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY UPGRADING APPLICATIONS DEPLOYED WITH GROUP POLICY Two basic steps are required to upgrade a previously deployed application: • Create a Windows Installer package that contains the upgrade. • Configure the upgrade in the Upgrades tab in the Properties dialog box for the package.

  19. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY REMOVING APPLICATIONS DEPLOYED WITH GROUP POLICY • Choose the software removal method you want to implement. • Allow the software removal to be processed. • Delete the GPO.

  20. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY TROUBLESHOOTING SOFTWARE DEPLOYED BY GROUP POLICY • Troubleshooting can be complex. • It requires an understanding of the tools available and how to use them. • It can often require that you use more than one tool.

  21. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY TOOLS TO TROUBLESHOOT GROUP POLICY • Resultant Set Of Policy Wizard • Gpresult • Gpupdate • Event Viewer • Log files

  22. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY ADVANCED DIAGNOSTIC INFORMATION • This information is available only if verbose logging is enabled. • Information is provided in the Advanced Deployment Options dialog box. • Data provided includes Product Code, Deployment Count, and Script Name.

  23. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SOFTWARE DEPLOYMENT TROUBLESHOOTING SCENARIOS • Instructor-led discussion

  24. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SOFTWARE RESTRICTION POLICIES • Software restriction policies are security settings in a GPO provided to identify software and control its ability to run on a local computer, site, domain, or organizational unit (OU). • Software restriction policies protect your computer environment from unknown code by enabling you to identify and specify the applications allowed to run.

  25. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY UNDERSTANDING SOFTWARE RESTRICTION POLICIES Software restriction policies allow you to do the following: • Control the ability of programs to run on a system • Permit users to run only specific files on multiuser computers • Decide who can add trusted publishers to your computer • Control who is affected by software restriction policies • Prevent files from running on your local computer, OU, site, or domain

  26. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY DEFAULT SECURITY LEVELS • Software restriction policies run on one of two default security levels: • Unrestricted—Allows software to run with the full rights of the user who is logged on to the computer • Disallowed—Does not allow the software to run, regardless of the access rights of the user who is logged on to the computer

  27. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY HOW SOFTWARE RESTRICTION POLICIES WORK In software restriction policies, software can be identified by • Hash • Certificate • Path • Internet zone

  28. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY RULES • Software restriction policies identify and control the running of software by using rules. • There are four types of rules: • Hash rule • Certificate rule • Path rule • Internet zone rule

  29. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY RULE PRECEDENCE Rules are applied in the following order of precedence, from highest to lowest: • Hash rule • Certificate rule • Path rule • Internet zone rule

  30. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY IMPLEMENTING SOFTWARE RESTRICTION POLICIES • Set the default security level. • Create rules. • Designate file types.

  31. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY BEST PRACTICES FOR SOFTWARE RESTRICTION POLICIES • Create a separate GPO for software restriction policies so that you can disable them in an emergency without affecting the rest of your security settings. • Test a software restriction policy before applying it to other computers. • If you must edit a software restriction policy, first disable it. • If you experience problems with applied policies, reboot in Safe mode. • Use software restriction policies in conjunction with access control settings. • Use caution when defining a default setting of Disallowed.

  32. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SOFTWARE RESTRICTION POLICY TROUBLESHOOTING • The complexity of software restriction policies can necessitate frequent troubleshooting. • In some cases, correct operation can appear to be a problem when it is not. • Environments that use a disallowed default policy are inherently more difficult to troubleshoot.

  33. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SUMMARY • The Software Installation extension in the Group Policy Object Editor console enables administrators to manage the deployment of software from a central location. • When you assign an application to a user, the application is advertised to the user on the Start menu the next time the user logs on to a workstation. • When you publish an application to users, the application does not appear installed on the users’ computers; however, users can install it. • Modifications enable you to customize Windows Installer packages. Modifications can be transform (.mst) or patch (.msp) files.

  34. Chapter 5: MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY SUMMARY (CONTINUED) • You can redeploy an application previously deployed with Group Policy if there are small changes that must be made to the original configuration. • To upgrade software deployed with Group Policy, create a Windows Installer package that contains the upgrade and then configure the upgrade in the Upgrades tab in the Properties dialog box for the package. • Windows Server 2003 provides a range of tools to assist you in verifying and diagnosing problems related to deploying software with Group Policy. • Software restriction policies are security settings in a GPO provided to identify software and control its ability to run on a local computer, site, domain, or OU.

More Related