Planning a Group Policy Software Deployments and GPO’s, and Active Directory Maintenance and Disaster Recovery
Upon the launch of the Active Directory in Windows 2000, one of its main features with regard to design was to ease the process of software deployment within an organization, and to this end, Microsoft incorporated the ability to deploy as well as distribute software through Group Policy (Moskowitz, 2013). Inch (2011) stated that Group Policy refers to an infrastructure that allows one to implement certain configurations for computers and users. The Group Policy settings are usually contained in Group Policy Objects (GPOs) connected to the following Active Directory directory service (AD DS) containers: domains, sites or organizational units (OU). This paper provides an analysis of planning a Group Policy software deployments and GPOs, and Active Directory maintenance and Disaster recovery.
Section 1: Written report
Provide an action plan based on Group Policy that:
Leverages efficient installation of software with reducing associated costs using each phase of the System Development Life Cycle (SDLC). Highlights each phase of the SDLC and the associated aspect of Group Policy).
The following conditions apply in deploying software through Group Policy: First, the client should be running a Windows 2000 or Windows Server 2003 Active Directory domain. Secondly, the organization should be running Windows 2000 or later. When using Group Policy in deploying software in an Active Directory domain, users essentially need to create a new GPO or edit the existing one. The GPO must be linked to a domain, organizational unit (OU) or site (Lundy, 2003). A GPO linked to any of these components has a software installation node that is located under the computer configuration node, and another one located under the user configuration node. Normally, the software installation node enables/facilitates the centralized management of the initial software deployment as well as removal of the software (Hunter, 2005).
A software development life cycle (SDLC) typically involves a series of phases/steps through which the software is produced. The main stages include requirements analysis, requirements design, implementation/coding, testing, deployment and maintenance. Before the software deployment/installation takes place through Group Policy, there must be an adequate planning for deploying the software using Group Policy, and this aspect is associated with the software requirements analysis and design phases of the SDLC. Planning includes the following: Encompassing the client’s software requirements into the strategy, assessing the organizational structure in Active Directory and identifying the available GPOs (Hunter, 2005). This aspect of the Group Policy is clearly associated with requirements analysis phase of the SDLC where software requirements of the client are analyzed, and the software and hardware requirements for the project are identified. When the user requirements have been analyzed and the system has been designed, implementation begins, and this aspect of Group Policy is associated with the coding/implementation phase of the SDLC. The components involved in software deployment through Group Policy include the following:
- Windows Installer package – This is basically a file with an .msi file extension and holds the instructions for installing, configuring as well as removing software. The two types of Windows installer packages are the Native Windows Installer package files that are developed as a software component, and the Repackaged application files (Moskowitz, 2013).
- Transforms/modifications – Transforms are vital components since they enable/allow users to customize Windows Installer packages as well as the installation features when they assign or publish the application. Transform files also have an .msi file extension.
- Application files – These are basically text files and have a .zap file extension that encompasses instructions on how to publish an application (Moskowitz, 2013).
In deploying software via Group Policy, planning involves defining the manner/way in which the applications are to be deployed to the computers or users. Moreover, planning also entail testing the manner in which the applications would be assigned to be published. This testing aspect of the Group Policy is associated with the testing phase of the SDLC.
The process for deploying software through Group Policy – This aspect of Group Policy is associated with the deployment phase of the SDLC where the software is deployed to the client organization. The common processes necessary for the deployment of software through Group Policy as Inch (2011) pointed out involves:
- Creating the software distribution points (SDP) – This will enable users to access the necessary files. In essence, SDPs are the shared folders on the network containing the files necessary to install the deployed applications.
- Creating a GPO and a GPO console for software deployment – When software is deployed through Group Policy, the Group Policy Object Editor is used for various tasks including: configuring the software deployment installation options, assigning, publishing and upgrading applications, and removing managed applications (Inch, 2011).
- Configuring the software deployment installation properties for the GPO – Usually, the Software Installation Properties dialog box has four tabs used in setting configuration options for the software that is to be deployed. There is the General tab that allows users to set the default location of all the packages, set the installation user interface options, and set the default value for assigning or publishing. Advanced tab, which includes options for instance, automatically uninstalling applications when the GPO does not apply any more to the computer or user, enabling 64-bit Windows users to install/deploy 32-bit Windows Installer applications, and storing Object Linking and Embedding (OLE) data in Active Directory. The File Extensions tab enables the users to configure file extensions that should be accessed by various applications on File Extensions tab. Finally, the categories tab enables users to create and organize applications by categories so that users can easily locate the applications in the Remove/Add Programs applet of Control Panel (Inch, 2011).
- Adding the installation packages to the GPO – During this step, the installation packages are added to the GPO and it will be specified whether the application should be published or assigned to computers and users.
- Configuring Windows Installer package properties – When the Windows Installer package is added to the GPO, users may change the properties of the package and modify the category of the application. The properties dialog box for the package is where the users can configure the Windows Installer package properties using General, Deployment, Upgrades, Categories, Modifications and Security tabs (Inch, 2011).
Upon deployment of the software through Group Policy, it will be used by the intended users and with time, some changes, adjustments, and/or corrections may need to be made, and this would be done through the maintenance process. This aspect of Group Policy is associated with the maintenance phase of the SDLC where several changes and corrections are made to the software after being deployed to the client.
Describe and graphically depict how you can: Use the Group Policy Management tool to immediately help these employees access the software.
Deploying the software using the Group Policy Management Console (GPMC)
According to Tulloch and Sanders (2006), the Group Policy Management tool to be used is the Group Policy Management Console (GPMC). The first step in this Group Policy-based software installation involves obtaining the installer file for the software to be deployed, and this installation file will be Microsoft Software Installer (MSI) format. With the appropriate MSI file, a distribution point will be created from where the software will be deployed. It will be on a server where a shared folder could be created that every user has read access to. After creating this shared folder, the MSI file will be copied into it (Tulloch & Sanders, 2006).
With the installation file prepared, it is now time to create the GPO which will push out the installation. This will be done using the GPMC. A new GPO will be created by opening the GPMC, then clicking on ‘Group Policy Objects’ located in the left pane, then right-clicking in the center pane and clicking ‘Create New Group Policy Object’. After that, a name for this GPO will be typed, and then the Enter key hit. The name of the GPO will be brief and descriptive, for instance ‘Virus Protection Installation’ (Tulloch & Sanders, 2006).
Figure 1
With a fresh and clean GPO to work with, it is now assigned the installation package. This is done by right-clicking on the newly created GPO, then clicking ‘Edit’. Under the computer configuration heading, the ‘Software Settings’ is expanded, followed by right-clicking ‘Software Installation’, to ‘New’, then clicking ‘Package’ as shown in Figure 1 above. In the dialog box, the full UNC path is typed to the shared MSI file followed by clicking ‘Open’, clicking ‘Assigned’, and then clicking ‘Ok’. At this moment, the software package will be displayed in the run pane of the GPMC window. To complete the setup, the remaining task is to link the GPO appropriate/relevant container. This is done by right-clicking on the container in the GPMC, which holds all the workstations one wishes the software to be deployed to and clicking ‘Add Existing GPO’. Next is to select the GPO that was created and clicking ‘Ok’ (Tulloch & Saunders, 2006). The software will then be installed/deployed the next time when the users restart their computers.
Upgrade to the latest version assuming their computers meet the hardware requirements.
To upgrade the software to the latest version on remote computers, the following steps are necessary as stated by Moskowitz (2013): First is to open the GPO Editor and then do one of the following; In order to upgrade software applications on computers, double click ‘Computer Configuration’ on the console tree. To upgrade software applications for users, double-click ‘User Configuration’. Next is to double ‘Software Settings’ and then clicking ‘Software Installation’. For user or computer configuration, right-click ‘Software Installation’, click ‘New’, and then click ‘Package’. Next is to click the Windows Installer package which will serve as the upgrade package, and opening it. In the ‘Deploy Software’, click ‘Assigned’. Next is to right-click the Windows Installer package in the details panel, and this will function as the upgrade – not the package to be upgraded. After that is to click ‘Properties’, then clicking the ‘Upgrades’ tab. Click ‘Add’ to create or add to the list of packages which are to be upgraded by the current package (Moskowitz, 2013).
Under the ‘Choose a package from’, one should click ‘Current Group Policy Object’ or ‘A specific GPO’ as the source of the package to be upgraded. On clicking ‘A specific GPO’, click ‘Browse’ followed by clicking the Group Policy object that one wants. Next is to review the list of packages under the ‘Package to upgrade’, which lists all of the other packages published or assigned within the selected GPO. After that, one should click on the package that he/she wants to upgrade, followed by doing one of the following; To install/deploy a new version of the same product whist retaining/preserving the user’s application preferences, click ‘Package can upgrade over the existing package’. To replace an existing application with a totally different one, click ‘Uninstall the existing package, then install the upgrade package’. Finally, on the ‘Upgrades’ tab, one should select the ‘Required upgrade for existing packages’ check box if he/she wants the upgrade to be mandatory (Moskowitz, 2013)
Figure 2
It is essential to have a decision making process to determine when to upgrade to new versions of software or retire old versions. The tasks involved in maintaining the deployed software are described in Figure 2 above.
Explain at least 3 maintenance and monitoring procedures you can follow to proactively manage the network before problems occur.
Hunter (2005) observed that maintaining and monitoring Windows Server 2008 network is not an easy task for administrators. He added that the maintenance and monitoring procedures can be separated based on the appropriate or right time to maintain a specific aspect of Windows Server 2008 Active Directory network. Some maintenance and monitoring procedures require everyday attention while others may require only quarterly or biannual checkups. In order to proactively manage the network, the following maintenance and monitoring procedures will have to be strictly followed. Checking the overall server functionality – Checking the overall functionality and health of the server is essential to keeping the users and system environment working productively. Some of the questions that need to be addressed during the verification and checking process include; can the users access data on file servers? Can they access messaging systems? Can they access external resources?
Backing up the Active Directory and Verifying that backups are successful – It is important that a successful backup be performed every night in order to provide a fault-tolerant and secure organization (Moskowitz, 2013). In the event that a disaster strikes, the administrators want to be confident that the entire site or a system can be recovered as quickly as possible. Therefore, successful backup mechanisms are critical to the recovery operation; a recovery is only as good as the most recent backup. Monitoring the event viewer – Usually, an even viewer is used in checking the application, system, security and other logs on a remote or local system. These logs are an imperative source of information about the system. Testing the uninterruptible power supply (UPS) – This can be used in protecting the system from power failures such as surges or spikes and keep the network running long enough following a power outage to allow the administrator to gracefully shut down the system. Another procedure is offline defragmentation – A manual process which defragments the Active Directory database and reduces its size by recovering a substantial amount of disc space (Hunter, 2005).
Explain a procedure you would take to restore Active Directory for both a single domain controller and an object or container within Active Directory if disaster strikes.
Lundy (2003) observed that Windows Server 2008 Active Directory offers the ability to restore Active Directory database. To restore Active Directory for both a single domain controller and an object or container within Active Directory in the event that a disaster strikes, the procedure to be used is Restoring Active Directory using Wbadmin and Ntdsutil. Depending on the goal of the restore, one can use Wbadmin – the command-line component of the Windows Server Backup snap-in – to execute nonauthoritative restore of Active Directory. This restores only one Active Directory domain controller to its original state before the backup. This technique can be used in restoring a single domain controller to the point in time when it was deemed to be good. In case the domain has other domain controllers, then the replication process would update the domain controller with the latest information after the restore is complete. On the other hand, Ntdsutil can be used to carry out authoritative restore of Active Directory. This will restore an object or container within Active Directory that has been inadvertently deleted (Lundy, 2003).
Reference
Hunter, L. (2005). Active Directory Field Guide. Crescent City, CA: Apress Publisher
Inch, R. (2011). Deploying Software with Group Policy. Retrieved from http://support.schoolhousetech.com/entries/20297152-Deploying-Software-with-Group-Policy
Lundy, J. (2003). Administering Group Policy with Group Policy Management Console. Microsoft Corporation.
Tulloch, M., & Sanders, C. (2006). How to Deploy Software Using Group Policy. Retrieved from http://windowsdevcenter.com/pub/a/windows/2006/11/14/how-to-deploy-software-using-group-policy.html
Moskowitz, J. (2013). Group Policy: Fundamentals, Security and the Managed Desktop (2nd ed.). New York, NY: McGraw-Hill/Irwin
Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.
[order_calculator]