LAN 1 Chapter 7

Chapter 7
Lecture Outline
V.      IntelliMirror
This is the blanket name for several new technologies designed by
Microsoft to decrease the total cost of ownership of the network. All
of the IntelliMirror concepts are based around desktop management and
also relate closely to the Microsoft ZAW initiative (Zero
Administration Workstations). IntelliMirror is based on three main
concepts:
A.      User data management
1.      My Documents follow user
a.      User has access to My Documents wherever they are in the network.
b.      Assigned through AD and GPOs
2.      Also includes disk management features
a.      Offline folders
b.      Synchronizations Manager
c.      Disk quotas
B.      Software installation and maintenance
1.      My Applications follow user 
2.      Uses Windows Installer service
a.      Provides for automatic recovery of deleted or overwritten files
b.      Provides active monitoring of all software packages to ensure
availability
C.      User and computer settings management
1.      My Preferences follow user 
2.      Desktop configuration and utilities follow user within the network
a.      Roaming profiles
b.      Group Policies
c.      Active Directory
VI.     Deploying software using Group Policy
A.      Windows Installer and .MSI files
1.      Windows Installer
a.      Client available for various client OS
i.      Windows 95
ii.     Windows 98
iii.    Windows 2000
iv.     NT 4.0

b.      Most users familiar with it due to MS Office 2000
i.      Provides for installation of application
ii.     Provides for automatic addition of needed services
iii.    Provides for automatic repair of missing or corrupt files
throughout after the installation process is complete

2.      .MSI files
a.      Replaced the traditional setup.exe files, which required a great
deal of user input
b.      Come from software vendor with some products
i.      Office 2000 is a good example.
ii.     This is called native packages.

3.      Repackaging process
a.      Other software can be "repackaged" into .MSI files using
third-party repackaging applications. These applications will vary in
ability and intent, but use and configuration should be consistent.
b.      Veritas WinINSTALL LE is provided with Windows 2000 and is included
on the Windows 2000 CD.
i.      Creates .MSI installs using a four-step process
ii.     Very similar to SYSDIFF used in NT 4.0 domains and SMS 2.0
software deployments
iii.    Must have a clean system to proceed

4.      Repackaging process
a.      MSI files of "packages" can be modified at any time
b.      Reconfigured using the same software package that was used to
create them
B.      When to use GPOs to deploy software, and why 

1.      Ensure software consistency throughout the domain
a.      All systems running the same version and installation of software
packages
b.      Remote installation without giving users administrative permissions
to the systems

2.      GPOs can be applied to user accounts through filtering
a.      Allows for software to be added to user's system in the same way
users are assigned permissions to network resources
b.      Global security groups can be created for each major software
package, then configured so that the application is automatically
added to the system of anyone added to the group
C.      Applying the package to an OU

1.      Once the package itself has been created, it has to be assigned to
a GPO at the site, domain, or OU level. While it is possible to add
the package to an existing GPO, it may be easier to create a separate
GPO for the sake of clarity.

2.      Assigning objects through Users and Computers
a.      Select the OU needed
b.      Select computer or User
c.      Select Assigned or Published
3.      Assigning packages to computers
a.      Software installed during computer's next reboot, independent of
user who is logged on to the computer and independent of that user's
rights
b.      Allows for a consistent install of applications and configuration
throughout an entire group of computers. Ideal for groups of computers
that are owned by users with similar needs, also decreases the test
time involved in larger software deployments, as systems look alike.
c.      Application becomes self-repairing
i.      Every time system boots, all necessary files are checked for
missing files.
ii.     All missing files are replaced, and if a machine is reinstalled,
the application is automatically reinstalled on the machine during
next reboot as well.
d.      Computer rights can be filtered away, so that certain systems
within the OU do not receive the software updates.
4.      Assigning packages to users
a.      Software is available to certain users, no matter where in the
network they are located.
b.      Software is not installed until the user needs it.
i.      Application icons are installed and added to the Start menu.
ii.     File extensions associated with that application are configured on
the system as well (for example, .doc is associated with MS Word).
iii.    Application is installed when the user calls the application in
some way.
c.      Software is self-repairing, once installed.
d.      Useful in situations in which HDD space is a significant concern
5.      Publishing software to users
a.      Users are given permission and ability to install the application,
but the application's icon and file extensions are not added to the
system.
b.      Application is available for installation in one of two ways:
i.      The application is added to Add/Remove Programs.
(i)     Users who want to add the program simply have to launch the
application's installation through this field.
(ii)    Only systems in which the users specifically request the
application will be bothered with the installation and icon.
ii.     When an unknown file type is double-clicked by the users, Active
Directory is searched for a published application that registers
extensions of that type.
(i)     The application's permissions are checked against that of the user
and computer.
(ii)    The application is automatically installed when possible, and the
unknown file type is automatically registered for use by the
application in question.

VII.    Maintaining software using Group Policy objects
Within the ability to deploy software to the desktops comes a number
of additional features and issues which also have to be
addressed—specifically, the upgrade of software from systems that have
been installed using .MSI installations, as well as software that was
not. You will also need to address the concerns involved in removing a
software package that has been published to the users and the choices
that have to be made.
A.      Software upgrades: There are two types of upgrades that can be
done, mandatory and optional.
1.      Mandatory upgrades
a.      Software installed automatically
b.      Removal of old version is optional.
c.      Linked through the Upgrades tab of the GPO software object (shown
in Figure 7-3 on page 357 of the text)
d.      Selecting Required Upgrade For Existing Packages ensures package
will be a mandatory upgrade.
e.      Upgrades do not have to be the same products or even functions. For
example, Excel can be used as an upgrade for Lotus Notes or Space
Cadet Pinball.
2.      Optional upgrades
a.      Users choose to install new product or leave existing one intact
b.      Configured exactly like mandatory upgrades except the box for
Required Upgrade For Existing Packages is cleared
c.      Users must choose to upgrade using the Add/Remove Programs options
within the Control Panel.
B.      Redeploying software
1.      Allows for redeployment of software when there have been slight
changes made to the installation of the software.
a.      Service pack installations
b.      Installation configuration changes
2.      Add new files and configuration parameters to the original package
and then select Redeploy from the All Tasks menu under the GPO.
3.      A warning message pops up, but should be ignored to allow the
process to finish.
C.      Removing software
1.      From within the GPO used to install the software package, select
Package.
2.      Select Remove from the All Tasks pop-up menu.
3.      Two removal options are available:
a.      Forced removal: Chosen through the Immediately Uninstall The
Software From Users And Computers option. Will send removal request to
all systems with the software package installed.
b.      Optional removal: Chosen through the Allow Users To Continue To Use
The Software, But Prevent Further Installations option. The software
will no longer be added to users' systems, and will not be available
for installation in the Add/Remove Programs Control Panel utility, but
the software will not be removed from the users' computers.
Additionally, all installations will no longer be self-repairing.
VIII.   Configuration deployment options
A.      Filtering the package: In most network installations, the OU
structure will not match the exact software deployment needs of the
organization. For this reason, the ability to filter specific users
and computers within an OU for certain application installations is
normally a requirement.

1.      Filter process of software installation relates to filtering of the
GPO itself.

2.      Read and Apply permissions have to be granted to anyone who is
going to be using the GPO.

3.      Removing a user's or computer's permissions from the GPO will also 
prevent any software packages destined for that system from being
installed by the GPO.

4.      Also possible to affect GPO placement with inheritance filters and
No Override options
B.       Miscellaneous deployment options: Various other (and somewhat
random) deployment options can also be assigned to the package.
1.      Configured through the Properties tab of the software package
within the application
2.      General tab
a.      Allows for the modification of the display name
b.      Affects how the package shows up in the Add/Remove Programs entries
3.      Deployment tab
a.      Deployment type: Published or Assigned
b.      Deployment options: Auto-install this application by file extension
activation
c.      Advanced
i.      Ignore language: Ignores the warning messages that pop up when a
software package is installed on a machine with a different default
language configured
ii.     Remove previous install of software installations: Allows for the
deployment of software to users' systems that may already have the
software installed manually on their machines
C.      Using transforms
1.      Within OEM-built .MSI files, there will be options for
configuration of the installation process for different groups of
users.
a.      Office 2000 already comes with this configuration option.
b.      Not all OEM packages will support this feature.
2.      Customizations are stored in .MST files and are then associated
with the main package.

3.      Transforms can only be added to packages before they are deployed.

4.      Each transform is assigned separately, along with separate package
files to each unique OU requiring it.
IX.     Troubleshooting during software deployment
A.      Common deployment problems

1.      Package fails to install
a.      Normally occurs when there is something wrong with the assignment
of the GPO to the user or computer.
b.      Check the permissions assigned to the GPO to be sure the necessary
rights have been assigned.
c.      Check for policy inheritance filters blocking the assignment of the
GPO to the user.

2.      Network path could not be found
a.      Normally caused by connectivity issues, such as:
i.      Name resolution
ii.     IP gateway or other routing issues
iii.    Invalid share name associated with the package
iv.     Sharing server could be unavailable or the share could have been
removed.

3.      Package installs incompletely
a.      Normally indicates a problem in the initial repackaging process
b.      Package may have been created on a computer that already contained
some of the necessary application files.
c.      Those files would not show up as different in the snapshot and
would not be included with the package.

4.      Package does not install itself, but appears on the Add/Remove
Programs Control Panel item
a.      Normally means package is configured incorrectly
b.      Package needs to be assigned if it is to be installed on all
computers, and published if the users need only the right to install
the package.
B.      Event Viewer: The traditional troubleshooting tool for Windows
2000, the Event Viewer will also host error messages during the
installation of software packages. There are two types posted in the
event logs:

1.      Application management: Shows the events related to software
installation and maintenance

2.      MSInstaller: Shows the status of package installation; the success
or failure of .MSI files to properly install
X.      Managing network configuration using Group Policy 
There are various other configuration settings and management
abilities provided through the use of GPOs which can't be assigned to
the other sections of this class, so they are covered at this point.
A.      Configuring Internet Explorer

1.      Similar to configurations offered through the use of IEAK with
previous version of NT and Win9x, but does not require a custom-built
IE installation. GPOs allow for configuration of various IE
installations, including:
a.      Browser user interface
b.      Connections
c.      URLs
d.      Security
e.      Programs
i.      Default e-mail reader
ii.     Default newsreader
B.      Other configurable options
1.      Logon scripts
a.      Startup and shutdown scripts for both computer and user objects
i.      Assigned through the LSDOU process described earlier in the class
2.      Printers
a.      Configure how users search for and install printers
b.      Allow or disallow users to search the network for network printers
3.      Offline files

4.      Network and dial-up connection
Assessment Quiz

1.      Custom-built application installation packages used in software
installations by GPOs are associated with what file extension?
A.      .MST 
B.      .MSI 
C.      .MIS 
D.      .MIT 

2.      When creating a transform installation for deployment of GPO
software packages, the transform files should be stored with what
extension?
A.      .MST 
B.      .MSI 
C.      .MIS 
D.      .MIT 

3.      True/False: The Veritas software package, WinInstall LE, is used to
create custom application packages known as transforms.

4.      You should apply packages to an organizational unit in all but the
following way. (Choose one.)
A.      Assigning packages to computers 
B.      Assigning packages to users 
C.      Publishing packages to computers 
D.      Publishing packages to users 

5.      True/False: Software deployment with a GPO can be filtered at the
user level, but since it requires the use of a security group, it
cannot be filtered at the computer level.

6.      When applying a GPO to an OU, all users within the OU need which of
the following permissions assigned? (Select all that apply.)
A.      Apply 
B.      Write 
C.      Copy 
D.      Read 
E.      List 

7.      If all the computers within a group need to have a certain
application installed and available at all times to all users, which
method of applying the GPO to the OU should be implemented? (Choose
one.)
A.      Assigning packages to computers 
B.      Assigning packages to users 
C.      Publishing packages to computers 
D.      Publishing packages to users 

8.      If only certain users within a group need to have access to an
application, and they would like to choose when the application is
installed, the package can be assigned in which of the following ways?
(Select the best answer.)
A.      Assigning packages to computers 
B.      Assigning packages to users 
C.      Publishing packages to computers 
D.      Publishing packages to users 

9.      When an application has been published to a user, it is available
for installation through the ___________ icon in the Control Panel.

10.     True/False: When an application is being upgraded, it can be
upgraded with any other software package, even one that does not
contain the same features or functions.
Assessment Quiz Answers

1.      Custom-built application installation packages used in software
installations by GPOs are associated with what file extension?
B. MSI 

2.      When creating a transform installation for deployment of GPO
software packages, the transform files should be stored with what
extension?
A. MST 

3.      True/False: The Veritas software package, WinInstall LE, is used to
create custom application packages known as transforms.
False 

4.      You should apply packages to an organizational unit in all but the
following way. (Choose one.)
C. Publishing packages to computers 

5.      True/False: Software deployment with a GPO can be filtered at the
user level, but since it requires the use of a security group, it
cannot be filtered at the computer level.
False 

6.      When applying a GPO to an OU, all users within the OU need which of
the following permissions assigned? (Select all that apply.)
A. Apply, D. Read 

7.      If all computers within a group need to have a certain application
installed and available at all times to all users, which method of
applying the GPO to the OU should be implemented? (Choose the best
answer.)
A. Assigning packages to computers 

8.      If only certain users within a group need to have access to an
application, and they would like to choose when the application is
installed, the package can be assigned in which of the following ways?
(Select the best answer.)
D. Publishing packages to users 

9.      When an application has been published to a user, it is available
for installation through the ___________ icon in the Control Panel.
Add/Remove Programs 

10.     True/False: When an application is being upgraded, it can be
upgraded with any other software package, even one that does not
contain the same features or functions.
True