The Windows Installer (msiexec.exe) is a new specification which
manages the installation of software, the maintaince of software, and the
complete removal of software. It reads the instructions and specifications
in a Windows Installer package and then either installs, maintains,
or removes Microsoft and other compliant third party software packages.
When using client operating systems such as Windows 2000 Professional,
installing most applications require administrative rights due to file system
and registry changes. The Windows Installer system solves the problem of
having an administrator login to the system by providing temporarily elevated
privileges to install applications.
The Windows Installer supports a function known as advertising. Advertising
makes applications appear to be available under the Start Menu. The programs
themselves are not actually installed on the system, when a user attempts to
use the application, the Windows Installer automatically downloads the
necessary files from a server and installs the program. The usual
installation prompts can be supressed to make the installation seamless.
Windows Installer File Types
- Windows Installer Packages (MSI) - These packages are normally created by third-party application vendors and software developers and include the information required to install and configure the application and any supporting files.
- Transformation Files (MST) - These files are useful when customizing the details of how applications are installed. When an administrator chooses to assign or publish an application, they may want to specify additional options for the package. For example if an administrator only wants Microsoft Word and Excel components of Microsoft Office 2000 to be installed, she can specify these options with an MST file. The users would then only see the options for these applications.
- Patches (MSP) - Patches may make Registry and/or file system changes. Patch files are used for minor system changes and are subject to certain limitations. A patch file cannot remove any installed program components and cannot delete or modify any shortcuts created by the user.
- Initialization Files (ZAP) - In order to publish non-Windows Installer applications, initialization files can be used. These files provide links to a standard executable file that is used to install an application. An example: \server\share\programx\setup.exe. These files can be published and advertised, and users can install them through the add/remove programs icon.
- Application Assignment Scripts (AAS) - These files store information regarding the assignment of programs and any settings that are made by the administrator. These files are created when Group Policy is used to create software package assignments for users and computers.
Deploying Applications
There are two main methods of making programs available to end users using
the Active Directory, assigning and publishing. The various
setting for assigned or published applications are managed through the use
of Group Policy.
Assigning Applications
Software application can be assigned to users and computers. Assigning
software makes the program available for automatic installation. The
assigned applications advertise their availability to the affected users or
computers by placing icons within the Programs group of the Start Menu.
When an application will be required by a large number of users, it should
be assigned to the computer to prevent users from having to install them
often.
Publishing Applications
Software applications can only be published to users (not computers). When
applications are published, the programs are advertised, but no icons are
automatically created. The applications must be installed using the
Add/Remove Programs icon in the Control Panel. For ease of organization,
applications can be grouped into catagories.
To assign or publish a software package, go into the Group Policy tab in the
properties of an AD object or OU. Create a new GPO named something like
"Software Deployment". Edit the GPO. Expand either "Computer Configuration"
or "User Configuration" and then expand "Software Settings". Right-click the
"Software Installation" item and choose New->Package. Navigate to the MSI
file, etc and choose open. Note that if you are under the "Computer
Configuration" tree, you will not have the option to publish the application.
This is because you cannot publish software to a computer object.
You must create a Software Distribution Point for the MSI package
before deploying the application. You should name it something like
'packages$' to hide it from user browsing.
Windows Installer Settings
You can configure the settings for Windows Installer through Group Policy.
Located under "User Configuration -> Administrative Templates -> Windows
Components -> Windows Installer". Among the settings are the ability to
always install with elevated privileges, define a search order when located
MSI files, disable rollback feature which logs system changes during MSI
installation, and disable media source for any install which prevents
users from installing unapproved MSI applications.
Publishing makes an application available for automatic installation. File
extension settings can be used to specify the applications that are
installed when specific file types are accessed. This requires minimal user
intervention because it occurs in the background.
If a user should have access to an application regardless of which computer
they logon, you should assign the application to the user.
assign to user:
next logon, advertised on desktop
advertised = startmenu and desktop shortcuts
installs with document activation (*.XLS)
assign to computer:
no advertising, installs during bootstrap
can't assign software to a domain controller
publish to user:
no advertising, installs via Add/Remove Software (optional)
installs with document activation (*.XLS) (optional)