SolutionBase: Configure Windows Server 2003 group policy options

Among other things, group policies in Windows Server 2003 give you the ability to deploy software to your users. In this article, Diana Huggins gives you a close look at some of your group policy options.

Through the Microsoft Management Console (MMC) and group policies you can configure a Windows Server 2003 server to automatically distribute software to Windows clients by either assigning or publishing applications. Although the basics of this process are fairly straightforward, there are situations that will require you to use advanced publish and assign options.

For example, if you were installing Office 2003 onto a system that already had Office 2000, you would probably want Office 2003 to replace Office 2000 rather than keeping both versions. Advanced publish and assign options allow you to do this and more.

Getting started

To access the advanced publishing and assigning options, open the MMC, add the Group Policy snap-in, and navigate to the Software Installation container. Right-click on the Software Installation container to access the Software Installation properties sheet. Select the default location of the Windows installer package that you wish to push to your client machines, select the Advanced radio button and click OK (see Figure A). Doing so will return you to the main Group Policy screen.

Figure A

Select the Advanced Radio button.

Then, right-click on the Software Installation container and select New | Package from the resulting menu to display the Open dialog box which lists the contents of default locations that you selected. Next, select the exact Windows Installer (.msi) file you wish to push and click OK. The installation properties window for your chosen .msi file will then be displayed (see Figure B). You can then configure the advanced publish or assign options for your installation through the series of tabs at the top of the window.

Figure B

Information about your MSI installer file appears here.

The Deployment tab

On this properties sheet you will find the Deployment tab (Figure C), where you can select whether you want to assign or publish the application. There are also three check boxes that control auto installation by file extension activation, automatic uninstallation, and whether or not the package is visible in the Add/Remove Programs dialog box.

Figure C

Select Assign or Publish to push the application out to users.

At the bottom of the Deployment tab, you'll notice an Advanced button. If you click this button, you'll see a dialog box that contains some advanced diagnostic information, such as the name of the automatic installation script that you're creating. This dialog box also contains a check box you can select to ignore language options when deploying the package.

The Upgrades tab

The Upgrades tab (Figure D) contains Add and Remove buttons that you can use to build a list of applications that the new application should replace. Once you've created the list, select the check box to make the new package a mandatory upgrade to the previously existing package.

Figure D

Use this tab if you want to upgrade previous installations.

When you click the Add button you'll have the option to select a package from the current group policy object or from another specific group policy object. You can also decide whether Windows should uninstall the old package prior to installing the new package or if Windows can perform an upgrade by installing the new package on top of the previously existing application.

The Categories tab

The Categories tab (Figure E) allows you to select the categories in which the installation package should be included. By default, the Categories list will be empty because Windows doesn't come with any existing categories.

Figure E

Select categories that the applications should belong to.

You can create categories by right-clicking on the Software Installation container and selecting Properties from the resulting menu to open the container's Properties sheet. You can then select the Properties sheet's Categories tab and use the Add button to create categories.

The Modifications tab

The Modifications tab allows you to associate modification files with the installer package (Figure F). Modification files allow you to create different custom installations for the same application. For example, you could configure different Microsoft Office installations for different departments. Some installations would include the entire Office suite while others would exclude certain applications, such as Access or PowerPoint.

Figure F

You can use modifications to customize the installation.

Normally, you won't have to worry about modification packages because they are rarely used. However, if you do choose to use modification packages, it's absolutely critical that you apply them in the correct order. Windows tends to be very unforgiving when working with modification files. So it's essential that you use the Move Up and Move Down buttons to arrange any modification files into the correct order before clicking OK.

The Security tab

The Security tab (Figure G) is where you can build a list of users and/or groups from the present domain and trusted domains.

Figure G

You can use the Security tab to set rights to the package.

You may then assign specific rights to each user or group based on which permissions you want them to have pertaining to the installer package. For example, by default, Authenticated Users have Read permissions to the package. Likewise, Domain Admins and the System have full rights to the package. These are usually all the permissions that you need, unless, of course, you wanted to deny permission to a user or group.