We have been installing applications manually when we create ghost
images for our different types of PCs. This has worked fine so
far...but Im not sure its the correct way to do it. Should we be
creating a base ghost image with just Windows 2000, and then install
software using MSIs and GPOs?
You can use also RIS - Remote Installation Services (requires Active
Directory, DNS and DHCP) or Windows Setup Manager to deploy Windows
installations. It's similar to ghost, you only do not have to pay licences
for additional software you already have built in Windows 2000 Server
Family.
You can choose wether deploy only a clean Windows operating system or a full
installation (I mean including third party software). Depends on the
administrator's or company needs.
If you can rely on an Active Directory domain then you can use GPOs to
deploy software packages.
There are many reason to recommend the use un GPOs while deploying software,
here are a few:
- If you use full ghost images (OS + Applications) you are forced to rebuild
the entire image even if you need a single file updated, that's a waste of
time and a very poor flexible solution; plus you need a ghost image for each
harware configuration, if harware configurations vary in your organization
then the ghost image installation might fail on some machines. RIS or
SYSPREP Windows installations can accomodate any supported hardware
configuration.
- GPOs can ASSIGN or PUBLISH software to computers or users. Briefly: an
assigned software package is installed on computer startup (computer
assigned) or at user logon (user assigned), a published package can be
installed manually by users (note that users don't need administrative
privileges in this case) via the Add/Remove Programs applet in control panel
or is automatically installed through document invocation (say, the first
time a user attempts to open a .DOC file then Word is installed).
- Using either of these methods gives you maximum and granular control over
any piece of software in use, you can add or remove any software without
affecting other applications or the system. As a result, if any application
should cause problems, they will be limited to the scope of the GPO and not
the entire organization.
- You can filter packages so they will be installed only on a group of
computers or users and that means lowering licences costs (the software is
available only to those machine and/or users you want) and a cleaner user
environment (if a group of users are not allowed to use a software on a
machine then they won't even see it in the programs list, just like it's
never been there).
- Installations require no user intervention (no click ok, no serial number,
not a single click) and again do not require administrative privileges which
makes the use of GPOs for software distribution far more secure.
The reason that Im asking is that we
have some older software that we want to update to the latest and
greatest version using MSIs and GPOs. Will the MSI handle upgades
like this?
MSI packages are more efficient than normal EXEcutable packages, they
support complete removal of applications including registry entries and self
repair (MSI detects if an installtion has been modified or corrupted and
automatically reinstalls it as you made it up).
Yes, MSI package deployment supports upgrades to previously deployed
software, you can have them mandatory (users or computers are forced to
upgrade) or not.
Should you ever need, such a solution supports also transformation packages,
for example you can deploy office in a stardard configuration for all domain
users and deploy unlimited transformations so to have different
configurations of the software applied to different users (an accountant
maybe only needs word, excel and outlook in his configuration) and all with
a single MSI package and GPO.
Finally you can build your own MSI packages very easily (in case third party
software does not come with an MSI package), read this NG for more
information about this.
Welcome... I hope it helped.
Giuseppe Pellegrino