© 2024 SkillPoint IT. All rights reserved.
Module 9: Using Group Policy to Manage Software in Windows Server
Software management in enterprise networks can be complex, especially when done manually. Group Policy in Windows Server simplifies this process, enabling IT administrators to automate the deployment, updating, and removal of applications across multiple systems in an Active Directory environment.
Why Use Group Policy for Software Management?
Key Benefits:
Centralized deployment of software packages
Automatic installation on computers or for users
Simplifies software version control
Reduces manual effort and human error
Supports rollback and uninstallation policies
Introduction to Managing Software Deployment
Software deployment is the process of delivering, installing, configuring, and enabling a software application or system in a target environment. Effective management of software deployment ensures smooth transitions, minimizes disruptions, and achieves consistent performance and reliability across users or systems.
Understanding Windows Installer: Key to Software Deployment in Windows
Windows Installer, also known as MSI Installer, is a Microsoft installation and configuration service built into the Windows operating system. It provides a standardized framework for installing, updating, and removing software packages using files with the .msi (Microsoft Installer) and .msp (patch) extensions.
It plays a crucial role in enterprise environments, particularly when using Group Policy to manage software deployments.
Key Features of Windows Installer
| Feature | Description |
|---|---|
| Transactional Installation | Ensures either full success or rollback if errors occur |
| Self-Repair | Detects missing/corrupted files and automatically restores them |
| Custom Actions | Supports custom scripts or DLLs during install/uninstall |
| Installation on Demand | Installs features only when needed, reducing initial footprint |
| Rollback Support | Reverts the system to its pre-installation state if installation fails |
Common File Types Used
| File Extension | Purpose |
|---|---|
.msi | Main installation package |
.msp | Patch or update package |
.mst | Transform file for customizing MSI |
| Windows Installer Service | Windows Installer Package |
|---|---|
| Is a client-side service that fully automates the software installation and configuration process | Contains all of the information required by the Windows Installer service to install or uninstall an application |
| Is used to modify or repair an existing application installation | Consists of an .msi file and any external source files that are required to install the application |
| Contains summary information about both the application and the package | |
| Contains a reference to an installation point where product files reside | |
| Benefits of Employing Windows Installer | |
| Resilient applications | |
| Clean removal of files | |
Deploying Software
- Software Deployment
- Acquire a Windows Installer package file
- Place the package on a software distribution point
- Create or modify a GPO
- Configure the GPO
- Creating a Software Distribution Point
- Create a shared folder
- Create appropriate folders in the shared folder
- Copy the Windows Installer packages and application executables to appropriate folders
- Assign users the Read permission so that they can gain access to the shared folder
- Assigning Software
- Publishing Software
- Using Group Policy to Deploy Software Packages
- Create or edit a GPO to deploy software for users or computers
- Select the package to deploy
- Select the deployment method: Published, Assigned, or Configure package properties
- Setting Software Installation Defaults
Configuring Software Deployment with Group Policy in Windows Server
In a domain-based Windows Server environment, Group Policy is the preferred method for managing software deployment. By configuring deployment settings through GPOs, system administrators can distribute software across multiple user or computer accounts automatically and consistently.
Step-by-Step: Configure Software Deployment via GPO
Step 1: Prepare the Network Share
Create a shared folder:
Example:\\Server01\SoftwarePackagesPlace the
.msifile inside (e.g.,7zip.msi)Grant Read permission to
Domain ComputersorAuthenticated Users
Step 2: Create or Link a GPO
Open Group Policy Management Console (GPMC)
Right-click the target OU or domain → Create a GPO and Link it Here
Name it (e.g.,
GPO_Deploy_7Zip)Right-click the GPO → Edit
- Using Software Modifications
- Creating Software Categories
- Associating File Name Extensions with Applications
- Create GPOs to Control the Applications Associated with a File Name Extension
- Change of Priority Order Affects Only Users Who Have the GPO Applied to Them
Maintaining Deployed Software Using Group Policy in Windows Server
After software has been deployed across a network using Group Policy, administrators must manage it over time to address updates, security patches, version upgrades, or decommissioning. Group Policy makes it easy to maintain MSI-based applications without physically accessing each system.
How to Upgrade Software Using GPO
Upload New MSI Version to your network share (e.g.,
\\Server01\Apps\7zip-v2.msi)In GPMC, right-click your GPO package → Properties > Upgrades
Click Add > Select GPO > Current GPO
Select the older version to be upgraded
Choose:
Uninstall the existing package first
or 🔄 Package can upgrade over the existing version
Ensure the new .msi uses the same product code if in-place upgrade is desired.
- Upgrading Deployed Software
- Redeploying Software
- The software patch is placed on the server
- The package is redeployed
- The user logs on and activates the software
- Removing Deployed Software
| Forced Removal | Software is automatically deleted from a computer and it is not advertised |
| Optional Removal | Software is not deleted from a computer and no upgrades to the software can be installed |
Troubleshooting Software Deployment
- Applications Do Not Appear As Expected
- Applications Cannot Be Installed
- Applications Are Not Deployed As Expected
Best Practices
Deploy Package Files to a Test Group of Users First
Use Domain-based Dfs
Specify a Software Distribution Point for Package Files Location
Organize Applications by Function
Do Not Use Two Different Methods to Deploy the Same Software
Add comment