Welcome back to ITFreeTraining. In the last
video I looked at the terminology and concepts you need to understand in order to start using
Group Policy to deploy software. In this video I will go through all the steps
required in order to start deploying, upgrading and removing software centrally using Group
Policy. To start with, I will first look at how to setup a software share to store the
software that will be installed using Group Policy.
When a client attempts to install software using Group Policy, the client will need to
read the install files. When a Group Policy refresh is performed, the client will perform
a test to see how fast the network connection is. If the connection is determined to be
a slow link, that is under 500 kilobits per second by default, Group Policy will not install
any software. If software was installed over a slow link this would cause significant delays
while the user waits for the software to be installed.
If you want to change the value used for slow link detection, this can be done from the
following Group Policy location. If you are deploying large software it is a good idea
to configure this value higher than the default. This will prevent software being deployed
when the user connects to the office via a slow link for example when using a VPN connection.
I will now change to my Windows Server 2008 R2 Domain Controller to have a look at how
to setup and configure software deployment using Group Policy.
In order to start deploying software on the network using Group Policy, you will first
need to setup a file share to hold the install files. If I open Windows explorer and open
the folder software, notice that I have already downloaded two applications and saved them
here. These are Adobe Acrobat Reader and Chrome. In order to create a share, I will right click
on the software folder and select properties. In the properties I will select the sharing
tab and then press the button advanced sharing. This will give me some additional options
not available when using the basic sharing option.
Once I tick the box, “Share this folder,” the folder will be shared. Next I want to
check the permissions by pressing the permissions button. You will notice that everyone has
read access. This is all that is required to install software.
Now that the share is setup, I will exit out of here and close Windows Explorer. Next,
I will now run Group Policy Management, which I will open from the start menu.
In this case I want to deploy some software to the users and computers found under the
New York OU. To do this, I will expand down until I get to New York and edit the New York
Policy. In this example I will deploy Google Chrome
to all the computers in New York. Since I will be deploying software to computers, I
will expand down through Computer Configuration, Policies, and Software Settings and down to
Software Installation. To configure new software for deployment,
right click Software Installation and select the option new package. The first step is
to browse to the location of the install media. I will use double backslash followed by the
server then the share name. This will ensure the clients will be able to find the install
media. Once I navigate to the MSI package for chrome
and then select it, I will be given a screen asking the method of deployment. Notice that
since this software is being deployed at the computer level, the option for publish is
greyed out. If you are not sure which option to select,
select the advanced option. Notice that when I select this option the properties are opened.
This will allow you to select any options that you want. You can also change the options
later on if required. In some cases, if you select the published or assigned options from
the previous screen, some options in the properties will not be able to be changed later. For
this reason, I always select the advanced option and choose which options I want knowing
that I can change them later. If I select the deployment tab, there are
some additional options that can be configured. In this case, because the application is being
deployed at the computer level, most of the options are grayed out. I do however have
the option to “uninstall this application when it falls out of the scope of management.”
What this means is that if the Group Policy is no longer being applied to that computer,
for example it is deleted or the permissions are changed, the application will then be
removed from the computer. You should use this option carefully as a mistake in Group
Policy configuration will remove this software from all computers it has been installed on.
Accidentally removing mission critical software from your users computers will not make you
very popular in the work place. Once I exit out of here that is all that is
required for chrome to be installed on all New York Computers. The install will be performed
when each computer starts up next. Next I will expand down through to user Configuration
and create a new software deployment using the same procedure I used in Computer Configuration.
In this case I will deploy Adobe Acrobat Reader so I will browse to the MSI package for Adobe
Acrobat Reader. Once I select the package, I will be asked
for the deployment method, notice that published is available since this software is being
deployed at the user level. The published option is not available when deploying software
to computers. In this case I will be using the published
option, but I will select the advanced option so I can configure all the options later on
if I need to. If I select the deployment tab, notice that the published option is selected
by default. If I select the modifications tab, this tab will allow me to apply a transform
to the MSI package when it is installed. If I selected the option published from the first
prompt rather than advanced option, this option would not be available from the properties
later on. This is just one of the reasons I always select the advanced option.
Once I press add, I can browse to an MST file that I created for this MSI package. This
MST file will configure options in Acrobat Reader, such as automatically accepting the
license agreement so a user does not need to.
I have finished configuring this Group Policy Object so I will now close it. To see how
Group Policy deploys software to the client, I will now change to my Windows 8 computer.
Since there have been some settings made at the computer level, I will need to first restart
the computer. Once the computer has restarted, Group Policy will be applied from computer
configuration, this will be done before the user is asked to login. If you deploy software
like a service pack, this can greatly increase the startup time of the computer, something
to consider before deploying large software like this.
Once the computer has restarted and I have logged in, Google chrome has been installed
and is available. The software was installed with no input required from the user. If I
now go to the desktop, I can open the control panel by opening Charms by moving my mouse
to the top right, selecting options and then selecting the option control panel.
To see software that has been published on this computer I will open the Option Programs
and then select the option Programs and Features. Software that has been published to the user
will not be available until the user chooses to install it. To do this, select the option
on the left, “Install a program from the network. “
Notice that Acrobat Reader is available and all that is required to install it is to press
install. Once the setup starts, the user only needs to answer the setup questions asked.
No administrator credentials are required and the user does not need to know where the
setup media is. Now that we have seen how the software is
installed on the client computer, I will now change back to my Domain Controller to look
at the last few options available to software deployment in Group Policy.
To have a look at the options, I will once again open the New York Group Policy for editing.
The options I will look at are the Acrobat Reader options found under user configuration.
If I open the properties for acrobat reader, notice that if I select the tab upgrades,
I can add upgrades packages. For example, if an update for Acrobat Reader was released
I could add it here. When you add an upgrade package in here, you will get the option to
either uninstall the old package or leave the old package if the upgrading package upgrades
it. If you tick the option, “Required upgrade
for existing packages”, this will make sure the upgrade is installed if the previous package
was installed. This is a useful feature to select if you deploy an important security
update or your company requires the old versions of the software be upgraded.
I will now exit out of here, right click on the package and select the option, all Tasks
and then redeploy application, this will, as it suggests reinstall the application.
In some cases you may want to reinstall an application after it was installed, however
in most cases once the application has been installed you will not want to redeploy it.
The option above this allows you to remove the application. If I select this notice I
will be given two options. The first option uninstalls the application immediately. If
you no longer require the application this is the best option to select.
The second option does not remove the application and allows the user to continue to use it.
This effectively stops new installs but allows any current installs to be used.
This video has looked at how to deploy software using Group Policy. You can see that by using
Group Policy you can achieve a lot in the way of software deployment. Group Policy provides
basic software deployment options. If you want additional options you should consider
a commercial software deployment solution. Thanks for watching this video on Group Policy
software deployment. For more free videos please see our website or subscribe to us
on YouTube. See you next time.