Whilst GPSI allows administrators to use the GPO Editor to centrally manage the installation of software on client computers within an organisation, there are areas of software installation that GPSI should not or cannot be used for.
5.7.3.1 Active Directory
A fundamental requirement to use GPSI is Active Directory. Applications cannot be deployed to any client machines that are not part of an Active Directory directory services implementation.
Therefore all machines that are required to have software installed using this mechanism must become members of the domain where Group Policy is being deployed.
5.7.3.2 Installation Status
GPSI is able to deploy, update, or remove applications on a per-user or per-computer basis but should be viewed as a tool based primarily around a software delivery mechanism. Deploying an application through GPSI delivers the package to the destination computer and/or user, however once delivered relies completely upon the Windows Installer Service to actually install the delivered package. With this in mind, it does not provide any detailed feedback on the status of an installation or help toward troubleshooting.
5.7.3.3 Dependencies
Applications cannot be deployed where a dependency lies between them. The reason for this is because there is no way of specifying any order in which the applications are installed from within GPSI.
5.7.3.4 Scheduling
When an application is made available through the GPSI, for example assigned to a user, that application is installed when the user next logs on. It is not possible to schedule the installation of this application and as such this could potentially result in a large number of requests for the new application at the same time, (usually when users start work in the morning), causing additional pressure on the network resources.
5.7.3.5 Network Bandwidth
When deploying applications to either users or computers, the available network bandwidth should be taken into account, especially when deploying applications which are fairly large in size.
Deploying applications using GPSI does not involve any bandwidth-aware technology, for example it cannot use just 50% of the available bandwidth allowing the user to use the other 50%.
By default, only those users connected at a greater speed than 500Kbps will receive new
assignments. This setting can be configured to a lower or higher figure as appropriate by enabling the following Group Policy setting and specifying an alternate connection speed:
Figure 8: Group Policy Slow Link Detection
This setting can be found under Computer Configuration > Administrative Templates > System
> Group Policy.
Page 32
Another Group Policy setting can be used if applications should always be installed:
Figure 9: Software Installation Policy Processing
This setting can be found under Computer Configuration > Administrative Templates > System
> Group Policy.
Enabling the Software Installation policy processing option provides a check box to ‘Allow processing across a slow network connection’ which if checked will process any GPO containing an assigned application even across a 56Kbps modem connection.
Recommendation
Whilst it is possible to assign applications across a slow network connection, this is not a recommended practice and should be avoided. Utilising this can cause significant delays for the user involved.
5.7.3.6 Software Usage Monitoring
When publishing an application to a user, the operating system allows the user to install using either the Add/Remove Programs Control Panel applet or through document invocation (when a user clicks on a document which must open in the application to be installed). Whilst the application is available to that user, it does not mean the user will necessarily install it. Therefore accurate software usage cannot be provided using GPSI.
Note
If an application has been published to a user but the user did not install it and the application is subsequently removed from the published list of applications available, the application will still appear in the Add/Remove Programs list until the user selects to install it. At the point when the installation is initiated, it will discover that the application is no longer available and remove the link to it.
5.7.3.7 Application Packages
For full application life cycle management, Installations of applications rely on the software being packaged as a Microsoft Installer (MSI). Whilst it is possible to install applications without them being in this format using a Zero Administration Package (ZAP) file, all the benefits of using MSI are lost.
The benefits of using an MSI package are:
Applications can be self-repairing
Applications are installed using elevated privileges (ZAP files install using the credentials of the current user)
Applications can be published or assigned (ZAP files can only be published) The user is in full control of the installation
Applications can be removed if no longer required (Installations through a ZAP cannot be removed using GPSI)
Recommendation
Application installs within a managed environment should use the MSI format.
With the above in mind, applications that are not currently in a MSI format will require a resource to repackage the application. This can be accomplished using various tools, such as WinINSTALL LE, which is a free tool although aimed at light usage; others include InstallShield and Wise for
Windows Installer, which whilst not free are aimed at providing a more robust solution. This is especially useful when, for example, there is potential for DLL conflicts during deployment of a larger number of applications.