1 00:00:03,030 --> 00:00:03,810 Okay. 2 00:00:04,650 --> 00:00:10,260 Now I want to get into how you can use group policy software deployment to manage a software lifecycle. 3 00:00:11,130 --> 00:00:16,260 What I mean by lifecycle is sort of that birth updating and death of a package as it's deployed to a 4 00:00:16,260 --> 00:00:16,800 client. 5 00:00:17,730 --> 00:00:24,000 So some of the things you can do within the CI lifecycle capabilities are patching of existing packages. 6 00:00:24,890 --> 00:00:26,830 Upgrades of existing packages. 7 00:00:26,840 --> 00:00:32,960 So I could go from Adobe Reader 11 to Adobe Reader 12 or Office 2007 to 2010. 8 00:00:33,840 --> 00:00:41,760 Actually office is a really bad example because as of about Office 2007, Microsoft actually broke the 9 00:00:41,760 --> 00:00:45,510 ability to use group policy software installation to deploy office. 10 00:00:46,440 --> 00:00:51,540 So you aren't going to really be able to do that to deploy Microsoft Office using group policy software 11 00:00:51,540 --> 00:00:56,400 installation for a variety of reasons, not the least of which is that it's no longer packaged as an 12 00:00:56,400 --> 00:00:57,390 MSI file. 13 00:00:58,260 --> 00:01:01,680 So there's a lot of challenges around using it with group policy. 14 00:01:02,560 --> 00:01:08,230 But in any case, you can do patching upgrades and redeployment of an existing application. 15 00:01:09,100 --> 00:01:13,870 So if for whatever reason, you need to redeploy and I'll talk about where that comes into play for 16 00:01:13,870 --> 00:01:16,240 some of this lifecycle stuff, you can do that. 17 00:01:17,110 --> 00:01:18,860 And then the removal of the package. 18 00:01:18,880 --> 00:01:24,880 If you no longer need the package installed or you want to remove it from certain systems, then that 19 00:01:24,880 --> 00:01:30,280 option that I showed you earlier about having a GPO remove the package when the scope of the GPO is 20 00:01:30,280 --> 00:01:32,710 no longer targeting that user or computer. 21 00:01:33,610 --> 00:01:38,980 So all of these things are possible with group policy, software, installation to a certain degree. 22 00:01:39,880 --> 00:01:44,040 Each of those operations, of course, is done against the entire deployed base. 23 00:01:44,080 --> 00:01:50,290 As I kind of alluded to earlier, in the limitations around group policy software installation, there's 24 00:01:50,290 --> 00:01:52,990 no such thing as being able to phase in patches. 25 00:01:53,890 --> 00:01:59,530 If you've deployed a package in a GPO to 100 computers, then when you update that package, when you 26 00:01:59,530 --> 00:02:04,840 patch that package, the phasing in is really governed by how quickly the computer is rebooted or the 27 00:02:04,840 --> 00:02:06,100 user logs in. 28 00:02:06,100 --> 00:02:09,940 And that's really the only governing factor you have, the only sort of limiter. 29 00:02:10,840 --> 00:02:14,320 There's no way to say, I only wanted to go to these ten systems. 30 00:02:15,280 --> 00:02:19,990 So once the package is deployed, you're kind of stuck with whatever target base you've deployed it 31 00:02:19,990 --> 00:02:20,350 to. 32 00:02:21,160 --> 00:02:26,500 Now you can certainly target the same application to smaller subsets of machines or users and then use 33 00:02:26,500 --> 00:02:29,170 that as your sort of deployment strategy going forward. 34 00:02:29,350 --> 00:02:34,360 But you have to consciously do that by using, you know, features that I've talked about before, such 35 00:02:34,360 --> 00:02:40,300 as security group filtering or WMI filtering to target those applications to particular user or computer 36 00:02:40,300 --> 00:02:41,170 populations. 37 00:02:42,100 --> 00:02:47,320 So again, all of these lifecycle options, if you want to call them that, require that foreground 38 00:02:47,320 --> 00:02:48,730 refresh to take effect. 39 00:02:49,630 --> 00:02:54,610 So you either need to reboot the computer to get the new upgrade or the new patch, or you need to reload 40 00:02:54,610 --> 00:02:54,940 gone. 41 00:02:54,940 --> 00:02:56,770 And all of those things need to happen. 42 00:02:57,640 --> 00:03:02,260 So let's spend a little bit of time talking about how we redeploy or remove a package. 43 00:03:03,190 --> 00:03:08,590 So once the package is out there, all you need to do is right click on package and choose all tasks. 44 00:03:09,480 --> 00:03:14,460 And you'll notice that you can do three different things for a published application in this example. 45 00:03:15,360 --> 00:03:18,870 You can actually change its deployment mode from publish to assign. 46 00:03:18,930 --> 00:03:19,950 You can remove it. 47 00:03:20,820 --> 00:03:25,770 And then when you remove the package, then the behavior at the client is governed by how the checkbox 48 00:03:25,770 --> 00:03:26,310 was set. 49 00:03:26,430 --> 00:03:31,590 That uninstall when package falls out of scope checkbox how that set when you deployed the package. 50 00:03:32,490 --> 00:03:38,280 So if that set to you know basically checked then when you click remove, then the software package 51 00:03:38,280 --> 00:03:42,060 will be removed from that target system when the next foreground refresh happens. 52 00:03:42,990 --> 00:03:48,810 Now the redeploy feature is really just it's not actually going out and forcing all clients to redeploy 53 00:03:48,810 --> 00:03:50,400 the application at that moment. 54 00:03:51,300 --> 00:03:56,460 It's setting a flag on the package in Active Directory that at the next refresh the client sees and 55 00:03:56,460 --> 00:04:00,150 says, Oh, I need to rerun the installation for this package. 56 00:04:01,020 --> 00:04:06,180 And so we'll use that redeploy in a demo in a short bit to show you how you can essentially patch that 57 00:04:06,180 --> 00:04:09,240 Adobe Acrobat reader package that I just had deployed.