One of my AOP projects for this year is to find a solutions for application deployment as well as patch management. I have looked at several means of deployment such as Prism Deploy, RIS, Tivoli, and of course Group Policy. My first priority is patch management, but I would like to have one system or application where I could manage my patches and application deployment, some reporting cababilities would be nice too.

I would like to use Group Policy, just because their is no $$ investment involved but during my testing I found that it really wasn't as easy as it looks in the text. I ran into issues where the GPO did not apply to the test workstation or when it did I had problems with the .msi file. My attempt is to find an easy way to deploy our applications, OS's, and patches without consuming months of testing and frustration. Any ideas? Is there an easy solution out there? Please help!!
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


As far as patch management, you could look into SUS (Software Updates Server) from Microsoft. Basically it involves pointing all clients to a single server which manages windows updates. It will only manage patches from Microsoft, but its a solid solution thats fairly cheap and easy.
Answered 01/20/2005 by: Bladerun
Green Belt

Please log in to comment
Well, there are pros and cons to all of the above. Mainly the pro is that once you get deployment working with GPOs then you have the required basic skills to use the other applications. Microsoft has much better support than any of the other vendors so if you run into a problem, your solution is $275 away reagardless of how long it takes. Now I do all of my software deployments and security with GPO, we use RIS for machine images and login scripts for the rest. If you have the time to learn and test and perfect GPO deployment it should be done, but you will find out quickly that there are some applications that just cannot be deployed via GPO. Mainly Palm desktop and so on... There are applications that will have conflicts when you use many repackaged MSI files and so on. I personally have had to either put certain application deployments on hold because of this or even ditch an application completely (palm desktop 4.1). Now, if you were to add SMS into the equation you will definately get a more reliable deployment strategy as well as higher compatibility from applications. So IMHO I would go the route of pure windows 2000 GPO and if needed, spend the money on SMS.
Answered 01/20/2005 by: cdupuis
Third Degree Green Belt

Please log in to comment
^ I agree, though I didn't explain because of the price tag. I've had the best experience with SMS, and I've used GPO, Managesoft, and I've dabbled in Prism Deploy. Reporting in SMS is top notch. There is also a SUS package built for SMS which is a MUCH more robust solution should you decide to go that route.

It should be noted though that there is seldom and "easy way" when it comes to app deployment. In a corporate environment, a good software packager can cut the "months of frustration" down to a week or two for most apps, but you'll seldom find apps that can go out sooner than that. As mentioned, there are those occasional apps that will take weeks, if not months to package.
Answered 01/20/2005 by: Bladerun
Green Belt

Please log in to comment
SMS top notch - you're kidding right,lets start from the top.

No out of the box reporting, requires 1Es Nomad to work effectively, has a scripted "zero touch" operating system deployment tool that is terrible to modify has no user interface and no documentation, is built on NT based 2.0 version, requires advanced client everywhere, has poor remote control (no conferencing, no user interrupt request etc), requires IIS, requires more hardware than NASA has and is ugly and slow - not to mention task based, collection centric and requires AD synchronization to get group information (and extends the schema) etc. etc etc etc

Novadigm, Marimba, ManageSoft and to a limited extent even Altiris beat the freely offered (mostly chucked in on the back of an EA) SMS clunky tool.

Jeez it was only around to show MS had an offering to compete with novell Zenworks, that was far and miles ahead of SMS for software configuration management.

Where are the big successful SMS references......
Answered 04/01/2005 by: grant_au
Yellow Belt

Please log in to comment
I disagree on almost every point you mentioned.

And Managesoft being better than SMS?!? I've got to pick on this one. Have you used both tools? I have. Extensively. SMS when utilized properly is fully configurable in every aspect of deployment, management, report, and functionality. And the reporting in manage soft was rediculously crude. We got it to a usable level, but only after building our own sql database to port all the info from managesoft's mess into. And support? Beyond worthless. Comparing Managesoft to SMS is like comparing Yugo to a BMW.

Let's see, here's a few no name companies that use this "terrible" tool:

GE Medical Systems

...the list goes on

"A large part of your job most likely involves installing and deploying software—from office productivity applications to all sorts of specialized utilities. It's pretty easy to do manually for a handful of machines, but if you're staring down a network with upwards of 1,000 seats, you need help—technological help.

The software distribution, software packaging and drive imaging categories give us a glimpse into the products you use to get the software your organization needs out into the hands of your users. Microsoft is out in front when it comes to software distribution. You chose Microsoft Systems Management Server by a margin of about 40 percent over contenders like IBM's Tivoli NetView Distribution Manager and CA's Unicenter TNG."

From http://www.redmondmag.com/features/article.asp?EditorialsID=453

We actually had IBM consultant come to our environment and recommend a deployment solution over our current GPO deployment. The IBM consultants (there were 9 of them) recommended SMS

In no way am I claiming that SMS is perfect. Actually its far from it. But in an AD environment, feature for funtioning feature, saying SMS is terrible is ignorant.
Answered 04/01/2005 by: Bladerun
Green Belt

Please log in to comment
I agree with Blade. I've extensively used GPO, SMS 2.0, SMS 2003 (much better), Novadigm, and Zen.

Are any of the above perfect? Of course not.

I love Zen and SMS 2003 and have worked with both in small to medium-sized (3,000-15,000) corporate environments. I would not hesitate to go with either one again; SMS with AD or Zen if I had an NDS environment.

And the hardware requirements for SMS 2003 are not that bad.

As far as this topic - I'd use SUS for Windows Updates, GPO for everything you can, and login scripts for the remainders. If you've already got AD, your investment is next to nothing for the rest.
Answered 04/01/2005 by: Thaiboxer
Orange Belt

Please log in to comment