Overview of the Windows 2000 Environment:
How Prism Files fit in
New features built into the Windows 2000 Server product line promise to lower the TCO for managing users and PCs, especially in the area of distributing and updating software. The superior packaging and managemment technology in Lanovation's Prism Deploy and Prism Pack works in all areas of Active Directory to enhance your investment in this new environment.
With the release of Windows 2000 and Active Directory, Microsoft has attempted to answer many of the complaints it receives about the high TCO of Windows desktops. Here are just a few of the complaints:
- DLL hell - differing versions, differing registry counts or shared dlls, differing locations of key dll files
- Difficulty in upgrading software - too many different versions installed in too many different locations
- Difficulty in repairing software - administrators often have to make a trip to the desktop
- 3rd party software that overwrites key system files or other application files, or doesn't follow Microsoft's recommended practices in other areas
- Hardware incompatibilities, leading to non-functioning components and/or blue-screens-of-death
- Wide-open architecture that allows users to download and install programs from the Internet that break their systems
- Time-consuming installation of new versions of the OS
As with any new release, Windows 2000 comes with many new terms, concepts and technologies. Here are some of the highlights:
This is the central database and authority for a Windows 2000 network.
- Provides security by verifying user identity and controlling access to network resources.
- Consolidates management tasks. The entire organization and be viewed and managed from the single view of Active Directory. Active Directory plug-ins to Microsoft Management Console (MMC) provide the interface.
- Has a hierarchical structure: domains, trees (grouping of domains), forests (grouping of trees), Organizational Units (logical containers within domains).
- Organizational Units can contain users, groups, applications, printers, file shares, etc. Organizational Units should be created to serve some business purpose.
Here's a screenshot of the top-level interface to Active Directory:
Benefits of Active Directory
- Centralized management - collective management instead of individual management
- Enhanced scalability - easier to grow the network
- Makes it easy to establish and apply standardized policies to computers and users
This is the umbrella concept for "change and configuration management" under Windows 2000. It encompasses the following three concepts:
- User data management (my data follows me).
This is accomplished through "folder redirection". Certain local folders (My Documents, for example) can be redirected to a network location. Active Directory synchronizes the local and network copies of the folder. If the user goes offline, the Documents directory is still available locally. When user is online again, the local copy is synced up with the one on the network. Similar to "My Briefcase", a laptop component of earlier versions of Windows.
- User configuration management (my preferences follow me)
This is mainly accomplished through the Administrative Templates. Includes such things as users' IE favorites, quick links, cookies, background bitmap, lock-down settings.
- Software distribution (my applications follow me)
Accomplished through a combination of Group Policies, MSI files, .zap files (Prism files), SMS in mixed-OS environments (Prism Deploy & Prism Pack).
Group Policies are the foundation of Intellimirror and are used to carry out the management features of Windows 2000. Groups are a collection of user and computer objects that are stored in Active Directory. By applying a set of policies to a group rather than individual users or computers, management is simplified.
Administrators can configure Computers and/or Users. Each category has three sub-headings:
- Software Settings (this is where software installation is configured)
- Windows Settings (things like startup/shutdown scripts, logon/logoff scripts, security settings)
- Administrative Templates (user and machine configuration management to mandate settings)
Here's a screenshot of the Group Policy plug-in to the Active Directory interface:
Installing Software under Windows 2000
Get ready to expand your vocabulary - here are some of the terms you'll be hearing:
- Advertised apps
The notion of availability of the software in the absence of the installed files; another way of saying Install on Demand. Advertising a program merely installs entry points into that application. Common entry points are start menu and desktop shortcuts, file extension associations, OLE registration. Advertisement is a key feature of Assign and Publish feature of Windows 2000 software installation.
- Published apps
The administrator makes applications available to managed groups, but the users in the group decide if they want to install the application. Can be accomplished with MSI and .zap files. Applications can be published only to users, not computers. Published apps are installed by 1) using Add/Remove programs in Control Panel, 2) clicking a file type associated with the program.
- Assigned apps
The administrator assigns apps based on the needs of managed groups. Can be accomplished with MSI files only. Applications can be assigned to both users and/or computers. Assigned apps are installed by 1) launching a Start Menu shortcut, 2) launching a desktop shortcut, 3) using Add/Remove programs in Control Panel, 4) clicking a file type associated with the program.
- .ZAP files
A simple text file that can be analyzed and executed by a software installation Group Policy. Prism files plug right in. Prism tasks are simply entered in the [Application] section of the .zap file and associated file extensions are entered in the [Ext] section of the .zap file. That's it!
Prism Deploy and Prism Pack's superior packaging technology works in all areas of Active Directory
- Create MSI files using Prism's easy-to-learn technology - no need to hire a developer
- Assign or Publish Prism Deploy/Prism Pack-created MSI files
- Publish native Prism Deploy/Prism Pack Packages via .zap files
- Use logon/logoff scripts under User Configuration to run any Task
- Use startup/shutdown scripts under Machine Configuration to run any Prism Task.
Lanovation's Prism products fill in the gaps of Active Directory and MSI
- Prism Deploy and Prism Pack work today to manage Windows 95, 98, Me, NT 2000 and XP systems. Active Directory only manages W2000 and higher systems. To manage all of these platforms without Prism Deploy or Prism Pack, you'd need to purchase an expensive deployment suite such as SMS.
- Prism Deploy's deployment console provides immediate status reports on the outcome of deployments so you know whether users receive the software you deploy or not. There is no such reporting available when installing software with Active Directory.
- Prism Deploy's deployment console offers a means to push (deploy) applications. This enables you to easily target PCs for immediate deployment. It also enables you to deploy software to other Windows computers (9.x) that aren't being managed via Active Directory, Group Policies and Intellimirror. (You can also deploy to W2000 and higher systems.)
- Prism's smart variables provide all the functionality in one tool that MSI technology needs 3 additional tools to accomplish: MSM (merge modules), MSP (patch files), MST (transform files).
- Creating MSI and related files is a job for a developer. Prism Deploy/Prism Pack's powerful yet easy to learn technology can be used by Network Administrators.
- MSI files are a nightmare to edit, and the available tools for doing so require developer-level skills. With Prsim Deploy/Prism Pack's Explorer-like interface, what you see is what you get.
- Tweaks, legacy apps, updates, patches don't come with MSI files. Use Prism's packager to package them up and roll them out.
- Truly mobile users may rarely log on to the W2K network. For these users, Active Directory and Group Policies won't help much. Instead, you can push them to end users with Prism Deploy's powerful deployment console, post links to Prism files on a web site. User's can browse and install Prism files in a bandwidth friendly way from anywhere in the world.
- Prism Deploy and Prism Pack include Conflict Checker, a program that allows you to run a check on all of your packages to find file and registry conflicts before doing your rollout.
Deploying Software with MSI files vs. .ZAP files
Lannovation have found .ZAP files as a powerful way to deploy software in the Windows 2000 Active Directory envionment in addition to Windows Installer (MSI) files. The following are common assumptions:
- Applications can only be published, not assigned using .zap files
Response: Assigning only gives you another way to install the app: through desktop or start menu shortcuts
- Applications do not automatically repair themselves when installed with .zap files
Response: Program shortcuts distributed in Prism packages can be modified to repair the software on each launch. Alternately, a "Repair" folder can be placed on the desktop so users can choose to repair their apps whenever necessary
- Applications require user intervention to be installed because the .zap file runs the software's original setup program
Response: Not true! Prism packages can be run via machine Startup/Shutdown scripts and user logon/logoff scripts or be pushed/deployed via Prism Deploy's deployment console - all requiring no user intervention.
- Applications installed via .zap files cannot be installed with elevated privileges (User must have install rights).
Response: Not true! Prism's service has all the rights it needs to install any software application, no matter what rights the logged in user has.