Windows Server 2003 : Managing Software Deployment with Group Policy (part 1) - Software Installation Extension

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

1. Understanding Software Deployment with Group Policy

You use the Software Installation And Maintenance feature of IntelliMirror to create a managed software environment with the following characteristics:

  • Users have access to the applications they need to do their jobs, no matter which computer they log on to.

  • Computers have the required applications, without intervention from a technical support representative.

  • Applications can be updated, maintained, or removed to meet the needs of the organization.

The Software Installation And Maintenance feature of IntelliMirror works in conjunction with Group Policy and Active Directory, establishing a Group Policy–based software management system. To deploy software by using Group Policy, an organization must be running an Active Directory domain, and client computers must be running Windows 2000 Professional or later.

The following tools are provided for software deployment with Group Policy:

  • Software Installation extension Located in the Group Policy Object Editor console on the server, this extension is used by administrators to manage software.

  • Add Or Remove Programs Located in Control Panel on the client machine, this option is used by users to manage software on their own computers.

2. Software Installation Extension

The Software Installation extension in the Group Policy Object Editor console, seen as the first node under the Computer Configuration and User Configuration nodes, is the key administrative tool for deploying software, allowing administrators to centrally manage

  • Initial deployment of software

  • Upgrades, patches, and quick fixes for software

  • Removal of software

By using the Software Installation extension, you can centrally manage the installation of software on a client computer by assigning applications to users or computers or by publishing applications for users. You assign required or mandatory software to users or to computers. You publish software that users might find useful to perform their jobs. Both assigned and published software is stored in a software distribution point (SDP), a network location from which users are able to get the software that they need. In Windows Server 2003, the network location can include SDPs located in other forests in which two-way forests trusts have been established.

Assigning Applications

When you assign an application to a user, the application’s local registry settings, including filename extensions, are updated and its shortcuts are created on the Start menu or desktop, thus advertising the availability of the application. The application advertisement follows the user regardless of which physical computer he or she logs on to. This application is installed the first time the user activates the application on the computer, either by selecting the application on the Start menu or by opening a document associated with the application.

When you assign an application to the computer, the application is advertised, and the installation is performed when it is safe to do so—the installation does not wait for a user to invoke the application. Typically, applications assigned to a computer are fully installed when the computer starts up so that there are no processes running on the computer that might interfere with installation.

Publishing Applications

When you publish an application to users, the application does not appear installed on the users’ computers. No shortcuts are visible on the desktop or Start menu, and no updates are made to the local registry on the users’ computers. Instead, published applications store their advertisement attributes in Active Directory. Then, information such as the application’s name and file associations is exposed to the users in the Active Directory container. The application is available for the user to install by using Add Or Remove Programs in Control Panel or by clicking a file associated with the application (such as an .xls file for Microsoft Excel).

The Windows Installer Service

The Software Installation extension uses the Windows Installer service to systematically maintain software. The Windows Installer service runs in the background and allows the operating system to manage the installation process in accordance with the information in the Windows Installer package. The Windows Installer package is a file containing information that describes the installed state of the application.

Because the Windows Installer service manages the state of the installation, it always knows the state of the software. If there is a problem during software installation, Windows Installer can return the computer to its last known good state. If you need to modify features after software installation, Windows Installer allows you to do so. Because the Software Installation extension uses Windows Installer, users can take advantage of self-repairing applications. Windows Installer notes when a program file is missing and immediately reinstalls the damaged or missing files, thereby fixing the application. Finally, Windows Installer enables you to remove the software when it is no longer needed.

The Windows Installer service itself is affected by settings in Group Policy. You can find these settings in the Windows Installer node, which is located in the Windows Components node in the Administrative Templates node, for both the Computer Configuration and User Configuration nodes.

Windows Installer Packages

A Windows Installer package is a file that contains explicit instructions on the installation and removal of specific applications. You can deploy software using the Software Installation extension by using a Windows Installer package. There are two types of Windows Installer packages:

  • Native Windows Installer package (.msi) files These files have been developed as a part of the application and take full advantage of Windows Installer. The author or publisher of the software can supply a natively authored Windows Installer package.

  • Repackaged application (.msi) files These files are used to repackage applications that do not have a native Windows Installer package. Although repackaged Windows Installer packages work the same as native Windows Installer packages, a repackaged Windows Installer package contains a single product with all the components and applications associated with that product installed as a single feature. A native Windows Installer package contains a single product with many features that can be individually installed as separate features.

Customizing Windows Installer Packages

You can customize Windows Installer packages by using modifications, also called transforms. The Windows Installer package format provides for customization by allowing you to transform the original package by using authoring and repackaging tools. Some applications also provide wizards or templates that permit a user to create modifications.

For example, Microsoft Office XP supplies a Custom Installation Wizard that builds modifications. Using the Office XP Custom Installation Wizard, you can create a modification that allows you to manage the configuration of Office XP that is deployed to users. A modification might be designed to accommodate Microsoft Word as a key feature, installing it during the first installation. Less popular features, such as revision support or document translators, could install on first usage; other features, such as clip art, might not install at all. You might have another modification that provides all the features of Word and Excel but does not install Microsoft PowerPoint. In addition, you can make modifications to customize the installation of a Windows Installer package at the time of assignment or publication. The exact mix of which features to install and when to install them varies based on the audience for the application and how they use the software. You can use the following file types to modify an existing Windows Installer package:

  • Transform (.mst) files These files provide a means for customizing the installation of an application.

  • Patch (.msp) files These files are used to update an existing .msi file for software patches, service packs, and some software update files, including bug fixes. An .msp file provides instructions about applying the updated files and registry keys in the software patch, service pack, or software update.


You cannot deploy .mst or .msp files alone. They must modify an existing Windows Installer package.

Application (.zap) Files

You can also deploy software using the Software Installation extension by using an application file. Application files are text files that contain instructions about how to publish an application, taken from an existing setup program (Setup.exe or Install.exe). Application files use the .zap extension.

Use .zap files when you can’t justify developing a native Windows Installer package or repackaging the application to create a repackaged Windows Installer package. A .zap file does not support the features of Windows Installer. When you deploy an application by using a .zap file, the application is installed by using its original Setup.exe or Install.exe program. The software can only be published and users can only select it by using Add Or Remove Programs in Control Panel. It is recommended that you use .msi files to deploy software with Group Policy whenever possible.


For more information on creating .zap files, see Microsoft Knowledge Base article 231747 titled “HOW TO: Publish non-MSI Programs with .zap Files.”

  •  Windows Server 2003 : Managing Special Folders with Group Policy (part 3) - Folder Redirection Best Practices
  •  Windows Server 2003 : Managing Special Folders with Group Policy (part 2) - Policy Removal Considerations, Folder Redirection and Offline Files
  •  Windows Server 2003 : Managing Special Folders with Group Policy (part 1) - Folder Redirection, Setting Up Folder Redirection
  •  Windows 7 : Computer Management (part 2) - Shared Folders,Services
  •  Windows 7 : Computer Management (part 1) - Task Scheduler, Event Viewer
  •  Windows Server 2012 : Active Directory Domain Services Primer - Understanding Domain Trusts
  •  Windows Server 2012 : Active Directory Domain Services Primer - Outlining AD DS Components
  •  Windows Server 2012 : Active Directory Domain Services Primer - AD DS Structure - Describing AD DS Domain Trees
  •  Windows Server 2012 : Active Directory Domain Services Primer - AD DS Structure - Understanding the AD DS Domain
  •  Tips Against Data Collectors
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us