Additional Study Topics: Utilities | Groups | Migration Issues | RIS
I.
IntelliMirror
This is the
blanket name for several new technologies designed by Microsoft to decrease the total cost
of ownership of the network. All of the IntelliMirror concepts are based around desktop
management and also relate closely to the Microsoft ZAW initiative (Zero Administration
Workstations). IntelliMirror is based on three main concepts:
A. User data
management
1. My
Documents follow user
a. User
has access to My Documents wherever they are in the network.
b. Assigned
through AD and GPOs
2. Also
includes disk management features
a. Offline
folders
b. Synchronizations
Manager
c. Disk
quotas
B. Software
installation and maintenance
1. My
Applications follow user
2. Uses
Windows Installer service
a. Provides
for automatic recovery of deleted or overwritten files
b. Provides
active monitoring of all software packages to ensure availability
C. User and computer
settings management
1. My
Preferences follow user
2. Desktop
configuration and utilities follow user within the network
a. Roaming
profiles
b. Group
Policies
c. Active
Directory
II.
Deploying
software using Group Policy
A. Windows
Installer and .MSI files
1. Windows
Installer
a. Client
available for various client OS
i.
Windows 95
ii.
Windows 98
iii.
Windows 2000
iv.
NT 4.0
b. Most
users familiar with it due to MS Office 2000
i.
Provides for
installation of application
ii.
Provides for
automatic addition of needed services
iii.
Provides for
automatic repair of missing or corrupt files throughout after the installation process is
complete
2. .MSI
files
a. Replaced
the traditional setup.exe files, which required a great deal of user input
b. Come
from software vendor with some products
i.
Office 2000
is a good example.
ii.
This is
called native packages.
3. Repackaging
process
a. Other
software can be “repackaged” into .MSI files using third-party repackaging
applications. These applications will vary in ability and intent, but use and
configuration should be consistent.
b. Veritas
WinINSTALL LE is provided with Windows 2000 and is included on the Windows 2000 CD.
i.
Creates .MSI
installs using a four-step process
ii.
Very similar
to SYSDIFF used in NT 4.0 domains and SMS 2.0 software deployments
iii.
Must have a
clean system to proceed
4. Repackaging
process
a. MSI
files of “packages” can be modified at any time
b. Reconfigured
using the same software package that was used to create them
B. When to use
GPOs to deploy software, and why
1. Ensure
software consistency throughout the domain
a. All
systems running the same version and installation of software packages
b. Remote
installation without giving users administrative permissions to the systems
2. GPOs
can be applied to user accounts through filtering
a. Allows
for software to be added to user’s system in the same way users are assigned
permissions to network resources
b. Global
security groups can be created for each major software package, then configured so that
the application is automatically added to the system of anyone added to the group
C. Applying the
package to an OU
1. Once
the package itself has been created, it has to be assigned to a GPO at the site, domain,
or OU level. While it is possible to add the package to an existing GPO, it may be easier
to create a separate GPO for the sake of clarity.
2. Assigning
objects through Users and Computers
a. Select
the OU needed
b. Select
computer or User
c. Select
Assigned or Published
3. Assigning
packages to computers
a. Software
installed during computer’s next reboot, independent of user who is logged on to the
computer and independent of that user’s rights
b. Allows
for a consistent install of applications and configuration throughout an entire group of
computers. Ideal for groups of computers that are owned by users with similar needs, also
decreases the test time involved in larger software deployments, as systems look alike.
c. Application
becomes self-repairing
i.
Every time
system boots, all necessary files are checked for missing files.
ii.
All missing
files are replaced, and if a machine is reinstalled, the application is automatically
reinstalled on the machine during next reboot as well.
d. Computer
rights can be filtered away, so that certain systems within the OU do not receive the
software updates.
4. Assigning
packages to users
a. Software
is available to certain users, no matter where in the network they are located.
b. Software
is not installed until the user needs it.
i.
Application
icons are installed and added to the Start menu.
ii.
File
extensions associated with that application are configured on the system as well (for
example, .doc is associated with MS Word).
iii.
Application
is installed when the user calls the application in some way.
c. Software
is self-repairing, once installed.
d. Useful
in situations in which HDD space is a significant concern
5. Publishing
software to users
a. Users
are given permission and ability to install the application, but the application’s
icon and file extensions are not added to the system.
b. Application
is available for installation in one of two ways:
i.
The
application is added to Add/Remove Programs.
(i) Users who
want to add the program simply have to launch the application’s installation through
this field.
(ii) Only systems in which
the users specifically request the application will be bothered with the installation and
icon.
ii.
When an
unknown file type is double-clicked by the users, Active Directory is searched for a
published application that registers extensions of that type.
(i) The
application’s permissions are checked against that of the user and computer.
(ii) The application is
automatically installed when possible, and the unknown file type is automatically
registered for use by the application in question.
III.
Maintaining
software using Group Policy objects
Within the
ability to deploy software to the desktops comes a number of additional features and
issues which also have to be addressed—specifically, the upgrade of software from
systems that have been installed using .MSI installations, as well as software that was
not. You will also need to address the concerns involved in removing a software package
that has been published to the users and the choices that have to be made.
A. Software
upgrades: There are two types of upgrades that can be done, mandatory and optional.
1. Mandatory
upgrades
a. Software
installed automatically
b. Removal
of old version is optional.
c. Linked
through the Upgrades tab of the GPO software object (shown in Figure 7-3 on page 357 of
the text)
d. Selecting
Required Upgrade For Existing Packages ensures package will be a mandatory upgrade.
e. Upgrades
do not have to be the same products or even functions. For example, Excel can be used as
an upgrade for Lotus Notes or Space Cadet Pinball.
2. Optional
upgrades
a. Users
choose to install new product or leave existing one intact
b. Configured
exactly like mandatory upgrades except the box for Required Upgrade For Existing Packages
is cleared
c. Users
must choose to upgrade using the Add/Remove Programs options within the Control Panel.
B. Redeploying
software
1. Allows
for redeployment of software when there have been slight changes made to the installation
of the software.
a. Service
pack installations
b. Installation
configuration changes
2. Add
new files and configuration parameters to the original package and then select Redeploy
from the All Tasks menu under the GPO.
3. A
warning message pops up, but should be ignored to allow the process to finish.
C. Removing software
1. From
within the GPO used to install the software package, select Package.
2. Select
Remove from the All Tasks pop-up menu.
3. Two
removal options are available:
a. Forced
removal: Chosen through the Immediately Uninstall The Software From Users And Computers
option. Will send removal request to all systems with the software package installed.
b. Optional
removal: Chosen through the Allow Users To Continue To Use The Software, But Prevent
Further Installations option. The software will no longer be added to users’ systems,
and will not be available for installation in the Add/Remove Programs Control Panel
utility, but the software will not be removed from the users’ computers.
Additionally, all installations will no longer be self-repairing.
IV.
Configuration
deployment options
A. Filtering
the package: In most network installations, the OU structure will not match the exact
software deployment needs of the organization. For this reason, the ability to filter
specific users and computers within an OU for certain application installations is
normally a requirement.
1. Filter
process of software installation relates to filtering of the GPO itself.
2. Read
and Apply permissions have to be granted to anyone who is going to be using the GPO.
3. Removing
a user’s or computer’s permissions from the GPO will also prevent any software
packages destined for that system from being installed by the GPO.
4. Also
possible to affect GPO placement with inheritance filters and No Override options
B. Miscellaneous deployment options: Various other
(and somewhat random) deployment options can also be assigned to the package.
1. Configured
through the Properties tab of the software package within the application
2. General
tab
a. Allows
for the modification of the display name
b. Affects
how the package shows up in the Add/Remove Programs entries
3. Deployment
tab
a. Deployment
type: Published or Assigned
b. Deployment
options: Auto-install this application by file extension activation
c. Advanced
i.
Ignore
language: Ignores the warning messages that pop up when a software package is installed on
a machine with a different default language configured
ii.
Remove
previous install of software installations: Allows for the deployment of software to
users’ systems that may already have the software installed manually on their
machines
C. Using transforms
1. Within
OEM-built .MSI files, there will be options for configuration of the installation process
for different groups of users.
a. Office
2000 already comes with this configuration option.
b. Not
all OEM packages will support this feature.
2. Customizations
are stored in .MST files and are then associated with the main package.
3. Transforms
can only be added to packages before they are deployed.
4. Each
transform is assigned separately, along with separate package files to each unique OU
requiring it.
V.
Troubleshooting
during software deployment
A. Common
deployment problems
1. Package
fails to install
a. Normally
occurs when there is something wrong with the assignment of the GPO to the user or
computer.
b. Check
the permissions assigned to the GPO to be sure the necessary rights have been assigned.
c. Check
for policy inheritance filters blocking the assignment of the GPO to the user.
2. Network
path could not be found
a. Normally
caused by connectivity issues, such as:
i.
Name
resolution
ii.
IP gateway or
other routing issues
iii.
Invalid share
name associated with the package
iv.
Sharing
server could be unavailable or the share could have been removed.
3. Package
installs incompletely
a. Normally
indicates a problem in the initial repackaging process
b. Package
may have been created on a computer that already contained some of the necessary
application files.
c. Those
files would not show up as different in the snapshot and would not be included with the
package.
4. Package
does not install itself, but appears on the Add/Remove Programs Control Panel item
a. Normally
means package is configured incorrectly
b. Package
needs to be assigned if it is to be installed on all computers, and published if the users
need only the right to install the package.
B. Event
Viewer: The traditional troubleshooting tool for Windows 2000, the Event Viewer will also
host error messages during the installation of software packages. There are two types
posted in the event logs:
1. Application
management: Shows the events related to software installation and maintenance
2. MSInstaller:
Shows the status of package installation; the success or failure of .MSI files to properly
install
VI.
Managing
network configuration using Group Policy
There are
various other configuration settings and management abilities provided through the use of
GPOs which can’t be assigned to the other sections of this class, so they are covered
at this point.
A. Configuring
Internet Explorer
1. Similar
to configurations offered through the use of IEAK with previous version of NT and Win9x,
but does not require a custom-built IE installation. GPOs allow for configuration of
various IE installations, including:
a. Browser
user interface
b. Connections
c. URLs
d. Security
e. Programs
i.
Default
e-mail reader
ii.
Default
newsreader
B. Other
configurable options
1. Logon
scripts
a. Startup
and shutdown scripts for both computer and user objects
i.
Assigned
through the LSDOU process described earlier in the class
2. Printers
a. Configure
how users search for and install printers
b. Allow
or disallow users to search the network for network printers
3. Offline
files
4. Network
and dial-up connection