Manage Learn to apply best practices and optimize your operations.

How should I deploy applications to over 100 desktops in my Windows 2003 environment?

SearchSecurity.com application security expert Michael Cobb reviews the tools you need to install and deploy applications over a network and onto the desktops of 100+ users.

I would like to deploy applications (Office XP, Acrobat reader, etc.) over the network to about 100+ desktops in a Windows 2003 environment. Since the desktops are going to stand alone, I do not have AD/SMS services installed. Do you have any recommendations for me before I begin this task?
The first step in any deployment process is to make sure that you have enough licenses for the software that you are installing. Next, back up any critical data that resides on the desktop. If you are installing a Windows service pack, you should also check for application compatibility using the Microsoft Windows Application Compatibility Toolkit. It's also recommended that you perform BIOS, firmware and driver updates prior to any operating system upgrade. Also, check systems for spyware and other unwanted or unauthorized software. Completing these basic maintenance tasks prior to deployment will improve your chances of having a successful upgrade or installation.

Since you can't take advantage of SMS (System Management Services) services, I would opt for using Windows Installer, which ships with the Microsoft Windows Server 2003 family, Windows XP, Windows 2000 and Windows Me. The Windows Installer technology consists of the Windows Installer service and the package file, file extension .msi. MSI files are actually database files which store information about every file and setting that the application installs or modifies. Using an MSI file has its advantages; it can create a system restore point on machines running Windows XP. It also ensures that Windows has enough information to replace any damaged or removed components. Windows Installer can help you manage the installation, addition, and deletion of software components, handling installation progress, rollbacks and reboots. You can also install applications to run directly from a network share, without the need for a local copy, or you can choose to only install the software when it's run for the first time.

You can use the WinInstall Limited Edition tool, which comes in the Valueadd folder of the Windows 2000 and 2003 CDs, to create MSI files. The tool takes a snapshot of a machine that has a clean Windows installation. You then install the application that you want to deploy to your users' machines; at this point, another snapshot is taken. WinInstall compares the snapshots and uses the differences between the two images to create an MSI file and installation package. If you want, you can install multiple applications onto the clean machine prior to taking the second snap shot. This means you can create a single MSI file and installation package that deploys multiple applications or patches. Once you have created your MSI file, you need to make it available to your network users. You can do so by copying the installation files to a network share for which everyone has read permissions. Installing from a network share avoids the need for you to copy the files to a CD and allows you to automate the installation by using a script. To do this, create a network logon script to run the MSI file the next time a user logs on. You might also want to take a look at the Windows Office XP Resource Kit's Custom Installation Wizard to help you customize your Microsoft Office installation.

This was last published in September 2006

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.