Presentation is loading. Please wait.

Presentation is loading. Please wait.

MANAGING SOFTWARE Chapter 9

Published byByron Norris Modified over 6 years ago

Similar presentations

Presentation on theme: "MANAGING SOFTWARE Chapter 9"— Presentation transcript:

1 MANAGING SOFTWARE Chapter 9
Briefly describe the topics covered in the chapter. Refer to the objective list at the beginning of Chapter 9, “Managing Software.”

2 Chapter 9: MANAGING SOFTWARE
SOFTWARE LIFECYCLE Developed from the System Development Life Cycle (SDLC).

3 Chapter 9: MANAGING SOFTWARE
WINDOWS INSTALLER Can be used with Group Policy in order to implement, maintain, and remove software Windows Installer service (client-side) Group Policy Software Installation Package (server-side) Overview of the major components; more details are coming up in future slides.

4 WINDOWS INSTALLER SERVICE
Chapter 9: MANAGING SOFTWARE WINDOWS INSTALLER SERVICE The description of the Windows Installer service in the interface is: Adds, Modifies, And Removes Applications Provided As A Windows Installer (*.msi) Package. If this service is disabled, any services that explicitly depend on it fail to start.

5 SOFTWARE INSTALLATION PACKAGES
Chapter 9: MANAGING SOFTWARE SOFTWARE INSTALLATION PACKAGES Obtain or create an .msi file for the application Place that file in a network share Determine if you want a computer-based or user-based installation Configure and link a GPO with the appropriate settings Software is deployed when users log on or when the computer restarts (depending on the package deployment option) This slide summarizes how software can be deployed using Windows Installer. The textbook chapters separate the concepts from the application of those concepts. The slides merge the concepts and application together in an effort to make your presentation efficient and entertaining. The students have the opportunity to practice software deployment to both users and computers in the lab.

6 MICROSOFT INSTALLER (.MSI) FILES
Chapter 9: MANAGING SOFTWARE MICROSOFT INSTALLER (.MSI) FILES Explain the purpose of Microsoft Installer files. Point out that these Microsoft Installer files are located in a shared folder named Packages as shown in the slide. A shared folder holding applications for deployment is sometimes referred to as a software distribution point or distribution share. Placing the Microsoft Installer files in a network share is an important part of preparing them for distribution through Group Policy. For more information about the information covered in this slide see “Windows Installer” and “Creating a Distribution Share” in the textbook.

7 Chapter 9: MANAGING SOFTWARE
DEPLOYING SOFTWARE Software can be deployed under Computer Configuration or User Configuration. When you deploy software to a computer, that software is assigned and installs the next time the computer restarts. When you deploy software to a user, that software can be either assigned or published. These concepts are covered in greater detail in future slides.

8 ASSIGNING SOFTWARE TO COMPUTERS
Chapter 9: MANAGING SOFTWARE ASSIGNING SOFTWARE TO COMPUTERS This animated slide demonstrates creating a software deployment package for Active Directory Administration Tools. Points to make: Assign or Advanced are the only options when deploying software to computers. The Publish option is not available. Software categories can be assigned through Group Policy and will organize applications into categories in the Add Or Remove Programs applet in the Control Panel. The next slide illustrates how software categories are created as well as how they appear in Add Or Remove Programs. You can only upgrade previously created software packages. Transform (.mst) files are demonstrated later.

9 SOFTWARE INSTALLATION PROPERTIES
Chapter 9: MANAGING SOFTWARE SOFTWARE INSTALLATION PROPERTIES This animated slide walks through the Software Installation properties in Group Policy. These properties can be configured from either the Computer Configuration Software Installation node or User Configuration Software Installation node. These properties allow you to modify the default behavior for new software packages and their options. You can also create file associations in the File Extensions tab. The one shown was automatically added by the Microsoft Office XP Professional package. These associations indicate that the application should be installed if any files of this type are clicked. For example, Microsoft Office XP can add more than 30 different file extensions, which may include .doc, .csv, .xls, and .bmp. In the Software Categories tab, the administrator can decide which software categories to create. As previously mentioned, these software categories appear on the client computer after they are created.

10 DEPLOYING SOFTWARE TO USERS
Chapter 9: MANAGING SOFTWARE DEPLOYING SOFTWARE TO USERS This animated slide walks through the options of deploying software to users through Group Policy. You can publish or assign software to users. Also, if you choose to assign the application, you can enable the Install This Application At Logon setting, which can never be enabled in a software deployment to computers. By default, even an assigned application is not installed when the user logs on; it is just advertised in the Start Menu and installs the first time the user attempts to use that application, or when the user attempts to access a file type associated with that application. The students will see this during the lab. However, if you want to force the installation of the application when the user logs on, you can check the Install This Application At Logon option. Excepting the above differences, the deployment options for software packages to users and computers are the same.

11 CREATING MICROSOFT TRANSFORM (.MST) FILES
Chapter 9: MANAGING SOFTWARE CREATING MICROSOFT TRANSFORM (.MST) FILES Explain the purpose of a Microsoft transform file. This animated slide demonstrates the creation of a transform file for Office XP using the Microsoft Office XP Resource Kit tools. First, the transform file is created using the Custom Installation Wizard. Once the file is created, it is displayed in the MST File Viewer. The following slide demonstrates how to actually apply the transform file to the software package.

12 DEPLOYING A TRANSFORMED SOFTWARE PACKAGE
Chapter 9: MANAGING SOFTWARE DEPLOYING A TRANSFORMED SOFTWARE PACKAGE This animated slide demonstrates the creation of a software package using an .mst file. This slide works with the previous slide to demonstrate how to create a modified distribution of Microsoft Office XP. Explain that .mst files can only be inserted into the Modification tab if the Advanced option is used for deploying the application.

13 Chapter 9: MANAGING SOFTWARE
REPACKAGING SOFTWARE Allows you to create Windows Installer .msi files for distribution of applications that do not ship with such files Produced by third party, non-Microsoft, companies May be capable of converting existing installer packages to the Windows Installer format May have to take before and after snapshots of system to create Windows Installer packages Wise Solutions, Inc. ( produces Windows Installer repackaging software.

14 Chapter 9: MANAGING SOFTWARE
USING .ZAP FILES Used for older applications that do not have .msi files. Can only be published to users, not assigned to computers or users. Does not support rollback of an unsuccessful installation, modification, repair, or removal. Need to be a local administrator in order to install the application. .zap files do not take advantage of elevated privileges. These files are rarely used because of their many limitations. For more information, see Microsoft Knowledge Base article Q231747, “HOW TO: Publish non-MSI Programs with .zap files.” The article contains an example .zap file. Furthermore, the article explains how to create and publish a .zap file.

15 Chapter 9: MANAGING SOFTWARE
REDEPLOYING PACKAGES You might need to redeploy an application if you make a change to that application. If there is a patch file for the application, and if you want to redeploy the application with the patch, you must update the .msi file. For example, if you deploy Microsoft Office XP Professional, and want to apply the Microsoft Outlook administration patch, you first need to update the .msi file with the Microsoft installer program command similar to: msiexec /a c:\package\proplus.msi /p  c:\OLK1004a\outlook_admin.msp After updating the .msi file, you should redeploy the application, as shown in the slide. For more information, see Microsoft Knowledge Base article Q300551, “OL2002: Overview of the Outlook 2002 Public Update: October 4, 2001,” and Microsoft Knowledge Base article Q301348, “HOW TO: Install a Public Update to Administrative Installations of Office XP.”

16 SOFTWARE RESTRICTION POLICIES
Chapter 9: MANAGING SOFTWARE SOFTWARE RESTRICTION POLICIES New in Windows Server 2003 Provides methods to control the use of software applications through Group Policy Can be used to restrict the use of any software Introduce Software Restriction Policies as a new feature for Windows Server 2003. This new feature can be used to control any applications that might be installed on the client computer, regardless of how those applications were installed.

17 CONFIGURATION OPTIONS
Chapter 9: MANAGING SOFTWARE CONFIGURATION OPTIONS This animated slide illustrates the different configuration options that are available for Software Restriction Policies. The options are: Enforcement, Designated File Types, and Trusted Publishers. Discuss the options for each setting. For more information see “Software Restriction Policies” and “Additional Options” in the textbook.

18 Chapter 9: MANAGING SOFTWARE
SECURITY LEVELS This animated slide shows that there are Software Restriction Policies available under both User Configuration and Computer Configuration. Computer Configuration is already expanded and active. The User Configuration Software Restriction Policies are activated during the animated presentation. The last two frames in this animated slide show the Security Settings and provide an opportunity to discuss the Security Level Default Setting options: Unrestricted or Disallowed.

19 ADDITIONAL RULES—HASH RULE
Chapter 9: MANAGING SOFTWARE ADDITIONAL RULES—HASH RULE Briefly discuss the four types of additional rules. Then, move on to the hash rule. This animated slide demonstrates how to create a hash rule for the Netdiag tool. Mention these two limitations to hash rules: If the file is altered in any way, the rules in the Software Restriction Policy can be bypassed. Only file types listed in the Designated File Types list are affected by hash rules.

20 ADDITIONAL RULES—CERTIFICATE RULES
Chapter 9: MANAGING SOFTWARE ADDITIONAL RULES—CERTIFICATE RULES This animated slide describes how certificate rules work. Mention the following limitations: Only file types listed in the Designated File Types list will be affected by certificate rules. For the certificate rule to function, you must enable the System Settings: Use Certificate Rules On Windows Executables for Software Restriction Policies located in \Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. Certificate rules do not apply to files with an extension of .exe or .dll. Instead, they can be applied to scripts and Windows Installer packages.

21 ADDITIONAL RULES—INTERNET ZONE RULES
Chapter 9: MANAGING SOFTWARE ADDITIONAL RULES—INTERNET ZONE RULES This animated slide illustrates the creation of a single Internet Zone Rule, but provides the opportunity to discuss all types of Internet Zone Rules.

22 ADDITIONAL RULES—PATH RULES
Chapter 9: MANAGING SOFTWARE ADDITIONAL RULES—PATH RULES This animated slide demonstrates the creation of a Path Rule that prevents users from running applications from the Support Tools folder. However, if the tools are moved or copied to another location, the users would again be able to use them. Mention the default Path Rules (Unrestricted) that appear under the Computer Configuration section of every GPO created by default, as shown in the last frame of this animated slide.

23 PRIORITY ORDER FOR MULTIPLE RULES
Chapter 9: MANAGING SOFTWARE PRIORITY ORDER FOR MULTIPLE RULES Hash Rules Certificate Rules Internet Zone Rules Path Rules When multiple rules exist, they are applied in a hierarchical order. When there are conflicts between rules, the highest priority rule type takes precedence. The hierarchy is as shown in the slides. The hash rules have the highest priority and path rules have the lowest. If two rules at the same level are in conflict, the most restrictive rule takes priority.

24 IMPLEMENTING SOFTWARE RESTRICTION POLICIES
Chapter 9: MANAGING SOFTWARE IMPLEMENTING SOFTWARE RESTRICTION POLICIES Use in conjunction with standard access control methods. Use the Disallowed By Default setting cautiously, because only approved applications run when it is enabled. Reboot in Safe mode to troubleshoot client-specific issues with Software Restriction Policies. Do not configure Software Restriction Policies on the Default Domain Policy. Instead, use a separate GPO so that you can easily remove them if necessary. Software Restriction Policies do not take effect in Safe mode, so you can use that for troubleshooting. The typical Group Policy administration advice applies double for Software Restriction Policies: Disable GPOs when you are working on them so partial changes are not applied to your client computers. Always test settings before applying them to your production clients and servers.

25 Chapter 9: MANAGING SOFTWARE
CHAPTER SUMMARY GPOs can be used to deploy, maintain, and remove software. Typical Windows Installer file types are .msi, .mst, and .msp. How are they used? What are .zap files? What is a limitation of their deployment? What software deployment option is available for computers? Users? What are the four Software Restriction Policy additional rule types? What is their hierarchy of priority?

26 Chapter 9: MANAGING SOFTWARE
REVIEW .msi (used when deploying applications), .mst (transforming and modifying msi files), and .msp (patching and repairing issues with .msi packaged applications). .zap files are used for non-Windows Installer distributions. They can be published but not assigned. Software can be assigned to computers. Software can be either assigned or published to users. Software Restriction Policy additional rule types include Hash Rules, Certificate Rules, Internet Zone Rules, and Path Rules. These rules are listed in priority order. Hash rules have the highest priority. Answers to the questions in the summary slide

Download ppt "MANAGING SOFTWARE Chapter 9"

Similar presentations

Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Microsoft Windows Server 2008 Software Deployment Chris Rutherford EKU Technology: CEN/CET.

Microsoft Windows Server 2008 Software Deployment Chris Rutherford EKU Technology: CEN/CET.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
11.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Performing Software Installation with Group Policy

Performing Software Installation with Group Policy
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
Deploying and Managing Software by Using Group Policy.

Deploying and Managing Software by Using Group Policy.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
© 2008 The McGraw-Hill Companies, Inc. All rights reserved. M I C R O S O F T ® Preparing for Electronic Distribution Lesson 14.

© 2008 The McGraw-Hill Companies, Inc. All rights reserved. M I C R O S O F T ® Preparing for Electronic Distribution Lesson 14.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

Similar presentations

Ads by Google