Difference between revisions of "Active Directory/Software Distribution"

From WolfTech
Jump to navigation Jump to search
Line 16: Line 16:
  
 
It's important to note that there is a rigid naming standard in place for all domain objects. This is necessary to promote organization, prevent conflicts, ease delegation, and allow for future automation. Before creating domain objects, please thoroughly read the [[../Naming Standards | Naming Standards]] page.
 
It's important to note that there is a rigid naming standard in place for all domain objects. This is necessary to promote organization, prevent conflicts, ease delegation, and allow for future automation. Before creating domain objects, please thoroughly read the [[../Naming Standards | Naming Standards]] page.
 +
 +
'''Note:''' For replication reasons, the only groups that may be members of Software Groups are the pre-defined/automatically created groups performed by the Software Group Replication scripts and Computer objects.
  
 
[[Image:soft_ou.gif|center]]
 
[[Image:soft_ou.gif|center]]

Revision as of 15:24, 1 June 2010

The WOLTECH domain was designed to ease, automate, and monitor the distribution of software to computers. We have an extensive [[../Software Packages | list]] of software that has been packaged and configured for distribution via the domain, and new packages are being added everyday.

Each departmental organizational unit (OU) contains a Software Packages OU. This OU is automatically populated with groups to install all software that the department is licensed to use (via NCSU, your college, freeware, etc). OU Admins can also create their own departmentally licensed software packages.

Software Distribution Architecture

The following process and diagram explain how group policies, groups, and OUs come together to distribute software on the WOLFTECH domain. The diagram shows a University licensed package (MATLAB), college licensed package (OPNET Modeler), and departmentally license package (Microsoft Office).

For each software package:

  1. A domain local group is created in the Software Packages OU of the OU in the hierarchy that the software is licensed.
  2. A group policy is created and linked to the OU. The group policy is filtered to apply only to the domain local group.
  3. Global groups are created in each sub-OU's Software Packages OU. These groups are added as members of the domain local group.
  4. To configure software to be installed a machine, an OU Admin simply adds the machine as a member of the group that was created in his/her OU's Software Packages OU.

It's important to note that there is a rigid naming standard in place for all domain objects. This is necessary to promote organization, prevent conflicts, ease delegation, and allow for future automation. Before creating domain objects, please thoroughly read the [[../Naming Standards | Naming Standards]] page.

Note: For replication reasons, the only groups that may be members of Software Groups are the pre-defined/automatically created groups performed by the Software Group Replication scripts and Computer objects.

Soft ou.gif

University Licensed Software - Group Memberships

University licensed software is distributed through a series of nested groups.

  1. A domain local group is created in the NCSU Software Packages OU (wolftech.ad.ncsu.edu/NCSU/Software Packages).
  2. A group policy is created and linked to the NCSU OU. The group policy is filtered to apply only to the domain local group.
  3. Global groups are created in each college's Software Packages OU (wolftech/NCSU/[COLLEGE]/Software Packages). These groups are added as members of the domain local group.
  4. Global groups are created in each Departmental Software Packages OU (wolftech/NCSU/[COLLEGE]/[DEPT]/Software Packages). These groups are added as members of their college's group.
  5. To configure software to be installed a machine, an OU Admin simply adds the machine as a member of the group that was created in his/her OU's Software Packages OU.
Soft ncsu.gif

College Licensed Software - Group Memberships

College licensed software is distributed through a series of nested groups.

  1. A domain local group is created in the college's Software Packages OU (wolftech/NCSU/[COLLEGE]/Software Packages).
  2. A group policy is created and linked to the college's OU. The group policy is filtered to apply only to the domain local group.
  3. Global groups are created in each of the college's departmental Software Packages OUs (wolftech/NCSU/[COLLEGE]/[DEPT]/Software Packages). These groups are added as members of their college's group.
  4. To configure software to be installed a machine, an OU Admin simply adds the machine as a member of the group that was created in his/her OU's Software Packages OU.
Col soft.gif

Departmentally Licensed Software - Group Memberships

Departmentally licensed software is distributed through a single group.

  1. A domain local group is created in the department's Software Packages OU (wolftech/NCSU/[COLLEGE]/[DEPT]/Software Packages).
  2. A group policy is created and linked to the department's OU. The group policy is filtered to apply only to the domain local group.
  3. To configure software to be installed a machine, an OU Admin simply adds the machine as a member of the group that was created in his/her OU's Software Packages OU.
Dept soft.gif

Available Software Packages

See [[../Software Packages | Software Packages]].

Laptops and Software Installations

My domain laptop is not brought into NCSU everyday. Does wolftech software update from home? I suspect not, since this am I needed it at work so I brought it to my office and plugged it in. It seems to be updating software like crazy (firefox, quicktime...).

Software Application updates depend on two things:

  1. What changes has the machine been told to make – received from the domain controllers (which cannot be seen offsite)
  2. Access to the application installation shares / fileservers – NC State has a block in place to prevent all MS filesharing at the campus border.

You can get around (1) by running the NCSU VPN client and then the cmd “gpupdate /force”. The VPN client ‘places the laptop on campus’ so it can see the domain controllers, and the cmd tells it to talk to them to get the newest batch of instructions.

The VPN client also fixes (2) b/c with that turned on, the laptop can talk to the fileservers.

Here’s the problem. Most applications are installed during the bootup process. At which point you do not have the VPN client running. Wish we had a work around – we don’t. We actually have/had the same problem with laptops ON campus if they’re only using wireless… that’s one of the reasons we’ve asked everyone to register their wireless connection, and skip the login to NOMAD. If they do, they get updates anytime they’re on the NCSU wireless system, which has helped keep many of the laptops updated.