Ankush, please look in-line....
Ankush said:
OK first of all I am a linux user and this is my first
time using windows and working with Active Directory so I
am having a few problems, and i'll really appreciate if
anyone can help me out.
1)I want to install software on client machines, now the
users ofcourse and been restricted to do that, so how can
i install it from the server so that every user or the
users I want to use that software can get the software
installed on their machines.( i know softwares like
zenworks from Novell which can do that but agian thats at
extra cost!!)
There is something called Group Policy that is 'built-in' to Windows 2000 /
Windows 2003 that allows for deployment of software ( among other things! ).
Essentially, you need to have a 'distribution point' to which either the
computers or the users have the appropriate permissions ( usually just
'Read' ). GPOs ( Group Policy Objects ) are applied first to the computer
configuration side and then to the user configuration side. So, if you
wanted to install, say, Office 2000 to the computer configuration side you
would have to make sure that the computer accounts had the necessary
permissions to the distribution point ( you might use the 'domain computers'
group for applying permissions for this! ). If you wanted to install Office
2000 to the user configuration side you would have to make sure that the
user accounts had the necessary permissions to the distribution point ( you
might use the 'domain users' group for applying permissions for this ).
Why would you deploy Office 2000 to the computer configuration side of
things? Well, if you wanted everyone who might log on to computerA or
computerB or computerC to have Office 2000 available to them then you might
do it this way. This would be good if everyone in your company had the same
apps installed ( say, Word, Excel and Outlook ). This way, no matter where
someone might log on he/she would have these three applications - as every
computer would have the same deployment.
Why would you deploy Office 2000 to the user configuration side of things?
Well, if you had customized deployments of Office 2000 ( via use of the .mst
file - aka Transforms file ) and wanted that specific customized deployment
of Office 2000 to 'follow' your users then you might want to do it this way.
This would be good if your Finance Department had one set of apps ( Access,
Excel, Word and Outlook ) while your Maketing Department had another set of
apps ( PowerPoint, Excel, Word and Outlook ). This way, no matter where Joe
from the Marketing Department might log on his Office 2000 is going to
follow him.
You would need to make an administrative installation of Office 2000 to that
distribution point. To do this you would simply run 'setup.exe /a'. The
'/a' switch tells Windows that it is and administrative setup. You enter
the Product Code just once - during this part.
When using GPOs to deploy software you need to make sure that there is an
..msi file. Previously, everything used to be the old acme-style
'setup.exe'. Nowadays the .msi file is more common. To use our Office 2000
example, you would look for 'data1.msi'. The .msi file is necessary to
deploy software via GPO. Without this .msi file you can not use GPOs.
Granted, you can use third-party software to create an .msi file but we will
leave that discussion for another day.
You would need to organize your users into Organizational Units ( OUs ).
Simply go into the Active Directory Users and Computers MMC ( ADUC ) and
create an OU. Move the user account objects ( or computer account objects )
into that OU. Please note by default that the user account objects will be
located in the Users container and that the computer account objects will be
located in the Computers container. You can not apply GPOs to containers.
Thus, the need to create Organizational Units.
To follow from my example about the customized deployments of Office 2000
( Finance and Marketing ) you would most probably need to create at least
two OUs - one for the Finance people and one for the Marketing people ( and
possibly one for 'everyone else' ).
Next, right click on the OU in question and create the GPO. Please note
that when you supply the path to the .msi file ( as mentioned, in the case
of Office 2000 it would be 'data1.msi' ) you need to make use of the UNC
path A N D N O T a mapped network drive. What this means is that you would
use \\server\share\office\data1.msi instead of T:\Office\Data1.msi as the
path.
Once everything is in place you would simply have the users either log off
( if this was applied to the user configuration side ) or reboot their
computers ( if this was applied to the the computer configuration side ).
Assuming that everything else is in order ( read: DNS ) they should have a
nice installation of Office 2000.
Now a couple of extra pieces of information:
1) you can use GPOs on Windows 2000 and above. This means that GPOs do not
apply to WIN9x or WINNT systems.
2) you can either Assign or Publish GPOs. If you want the application to be
installed without any user intervention then you would assign it. If you
want the application to be installed with the aide of user intervention then
publish it. What do I mean by 'user intervention'? The application will
show up in the Add/Remove Programs and the user will have to click on that
to actually install the application. If you assign Office 2000 then it is
available and useable right now! If you publish it then the user needs to
manually go into the Control Panel, then to the Add/Remove Programs and
manually inistiate the installation.
3) you can apply the Office 2000 Service Packs and patches to the
Administrative Installation and have it 'automagically' redeploy. The first
link below give you some details.
4) you can use GPO to 'upgrade' one version with another ( a bit more
advanced ).
5) you users do not have to have Administrative access to their local
machine ( either via membership of the local computers Administrators group
or, to a lesser degree, to the Power Users group ). GPOs can be installed
'with elevated privileges'.
6) you can customize your deployment ( as mentioned in the Office 2000
example ). You would need to make use of either Advanced Assign or Advanced
Publish for this to be available and you would need to make use of .mst
files ( as mentioned ). You simply install the Microsoft Office Resouce Kit
( or ORKTools.exe ) for this to become available. The second link listed
below has more details.
Obviously, there is a lot of information here. The topic of Group Policy is
rather large and involved. Please take a look at the following links:
http://support.microsoft.com/default.aspx?scid=kb;en-us;284273
This link will show you how to deploy Office 2000 from a server with the way
to do the Administrative Installation. Essentially the lower third of this
MSKB Article comes into play.
http://www.microsoft.com/office/ork/2000/journ/IntelliMirror.htm
This link will walk / talk you through the process of using GPO to deploy
Office 2000 via GPO. The same concept applies to other software
applications.
2)I have users sharing a folders on one of the drives but
one user cannot access it at all?I have checked the
permissions of the share folder but everything looks fine
to me, but when that user tries to access that folder
gets a message "Access Denied" contact your Adminsitrator?
All other users can access it without any problem.Can
anyone help me with that too.
How have you granted the permissions to this folder - via individual user
accounts or via groups ( with the individual user account being members of
those groups )? If this one user logs onto another computer and tries to
access that folder can he/she?
Did you recently add that particular user?
These are a couple of problems I am having and will
really appreciate anyone helping me on that.Thanks in
advance.
cheers
ankush
HTH,
Cary
