Windows Group Policy deployment software implementation custom installation tutorial

BKJIA exclusive Article] This article introduces how to use Microsoft group policies to use BKJIA to easily deploy applications in batches ). The following is a senior system administrator's experience on using group policies.

When I was a freshman, I often thought that when I talked about installing the software, I had to remember two file names: setup.exeand install.exe, after learning some development knowledge, I learned that these files are called "Old-fashioned non-standard programs" for programmers ". All the components of the standard Microsoft Installer are independent of each other. We can choose not to install or only install a part of the program, which is called Windows Installer, microsoft Software Installer (MSI), also known as Microsoft Software installation package ).

Later, as a system administrator for a period of time, I found that in Windows Group policies, we can deploy and manage many applications with names suffixed with names, including the MSI Microsoft software installation package ); MSP Microsoft Software patch file; MST Microsoft software conversion file), and can modify some personalized MSI configurations, develop AAS installation scripts, and use ZAP files for "vintage non-standard program EXE) "Application of the Installation File Extension in Group Policy heavy.

Confusion in Group Policy deployment Software

When we deploy software based on the Group Policy of the Active Directory, we only have two methods for users or computers, which must be clear to everyone. However, in the past, there were always two concepts confusing: "release" and "assignment ". Some technical books are confusing enough. I think in the vernacular: publishing = good discussion, not installation, and assigning = listening to me.

In principle, if "publishing" is used, it is more user-friendly. It can be reflected in "Add/delete programs" and managed by specific users in a free way. In addition, this method is very automatic. For example, a user in the sales department has a PDF file, but he does not install Adobe Acrobat Reader ", when he double-click the reader, the system automatically installs the reader for him. Although this function is very useful, most administrators are scolded for doing so because users in the network cannot wait for the software to be installed. "Assignment" is a more mandatory deployment method than "release. When the software is assigned to the user, the next time the user logs on to a computer in any domain, the shortcut of the software is displayed on "Start → all programs" or on the desktop, at the same time, the computer's Registry will also record the associated files and function libraries of the software, and the assignment for users is called the software "Announcement ". Assigning to a computer is a more powerful technique. After the computer is restarted, it is automatically downloaded and installed, and all users can execute it without permission restrictions. I have summarized a comparison table of software deployment functions, hoping to help students:

No serial number of the application

Taking Office MSI as an example, it seems to be a simple MSI package, but it is actually a combination of multiple independent and associated component tools. After the Active Directory and organizational unit are arranged, move the clients preparing for software installation to the OU for software distribution. Then, set a shared folder on the server to save the location of the published Office file. The shared security permission is "Full Control" for the Administrator Group to verify the permissions read by the user group.

At this time, we are not on the client, but on the server using the Administrator identity for installation and extraction. Run the setup/a command on the server and add the/a parameter to eliminate the need for the client to enter the serial number when installing the Office. The use of the Office Installation Wizard is still very simple. The most important thing is that when you ask about the storage location, you must store it to the network location of the server. The installation process is complete, which will not affect the server. To put it bluntly, it is a process of file extraction and re-packaging.

Use of the custom installation wizard

We often encounter situations where different departments and user groups need to install different Office components. For example, colleagues in the finance department need to install Access, but the "Administrative Assistant group" does not need Access or PowerPoint, and different users will need different security settings; and the troublesome Outlook configuration. In the above considerations, administrators sometimes feel troublesome, so they only use the method of selecting all components for deployment. In fact, Microsoft has long considered this point for us.

Microsoft released the Custom Installation Wizard (CIW). The Custom Installation Wizard allows you to create a Windows Installation and conversion file (MST file) for the Office ). These files run together with the original MSI installation package, so we do not need to modify the client one by one. It is called a conversion file because it "converts" the original MSI into the installation package you need. Office provides custom deployment support methods for modifying Direct Office MSI or associated MSP and MST files.

To obtain the Microsoft Office 2003 Resource Kit, visit the following Microsoft Website:

Http://www.microsoft.com/office/ork/2003/default.htm

To obtain the 2007 Microsoft Office Resource Kit, visit the following Microsoft Website:

Http://technet.microsoft.com/en-us/library/cc303401.aspx

With the customized Installation Wizard of Office as an example, double-click ork.exe to run the installation program. The installation process is very simple and similar to that of office. After the security is complete, it is troublesome to find the Startup Program: "Start \ Program \ Microsoft Office Tools \ Microsoft Office 2003 Resource Kit \ Custom Installation Wizard ". After running, you need to set the location of the MSI file to be converted. If there is no special description in this article, you should use the network path in UNC mode 1), select the MSI file that was just created as an administrator.

Figure 1 custom MSI location

In the "Open the MST File" configuration, we can choose whether to generate a new MST file or change the File. Here, we certainly choose "Create a new MST file" to continue the next step. "Select the MST File to Save" makes it very important to Save the location of the MST File. As mentioned above, it must be saved in a network location, at the same time, give the MST a name related to the purpose. (2 Save the location of the MST file)

Figure 2 Location of the stored MST File

All the way down, let's take a look at the "drop-down page number" in the upper right corner, which can jump to the current configuration link at any time. When we run to the installation location of the specified Office, because I only want to select the default location for the experiment here, no administrator in the real deployment will install the Office on the C disk, at least I will not do this. In the last step, we will select different Office components. we can select the components they need for special departments.

Here are two interesting examples. Our organization or company will have their own document templates, and every update or change will be notified to every user. Select "Microsoft Office 2003 (user) --> Shared Paths" from the Control Project on the left, select "Workgroup templates path" on the right, and double-click the path to the Shared template: \ Msiserver \ templates3)

Figure 3 network template Definition

In Figure 4, we can choose to change the existing Outlook profile. When deploying a network environment based on the Microsoft platform, we often use Exchange to deploy our email system or develop internal work workflows. Making every user prepare outlook as a configuration file within the enterprise is indeed very troublesome. Here we can prepare clients for enterprise exchange deployment in advance. (See defining Outlook configuration files)

Figure 4 define the Outlook configuration file

Click Next, Exchange settings) Add to the DNS resolution address of Exchange or enter an IP address.

Figure 5 Exchange settings

There are also some parameter adjustment wizard. After you click Finish, The Wizard will prompt us that if we do not use this conversion file operation, we will complete the custom Wizard here, if you are interested, you can download and test it.

ZAP file deployment

I remember one time, I made the CRM software user manual into a PDF document and delivered it to the same hand. It was very simple and complicated. Adobe Acrobat Reader must be installed on each client, and no group policy can be used at the time. It's just a dark place.

In fact, this work is easy to implement. Do you still remember the ZAP file mentioned at the beginning of this article? The ZAP file is actually a simple text file. Just like a txt file, Microsoft can use the Windows Installer function as early as Windows 2000.

Note that ZAP files cannot be assigned, upgraded, or redeployed. However, you can publish installation files of any form. Flexibility is the most popular method. We need to write it by using notepad. The following is an example. Note that writing methods with the ZAP extension can be used for reference for other software deployment methods.

 
 

  
  
[Application]
  
  
FriendlyName = "symantec norton client"
  
  
SetupCommand = "setup.exe"
  
  
DisplayVersion = "10.0"
  
  
Publisher = SYMANTEC
 
 

The above content syntax is very simple and there is no need to explain it to you, but note that After configuring the distribution policy, do not move the ZAP file location, if there is any change, you must move the entire folder containing the program security file.

BKJIA exclusive Article. For details about the cooperation site, please indicate the original author and source .]