Maintain Win2003 system security? Then use the distribution function

win2003 as a service system, in the LAN, the workstation endless software operation, brought a lot of pressure to the system, but also brought some security issues, in order to give the system With reduced decompression, network administrators can take software distribution operations to alleviate some of the huge workload, which can also effectively maintain the system.

Suppose now that a network administrator wants to distribute the "Windows Server 2003 Administration Toolkit" program in the shyzhong.com domain to all workstations, then the following settings should be made.

First, set the shared directory

In order to maximize the management of access rights, you should first create a new directory in the disk using NTFS partition format, and named "lds; Tools" & rdquo; Then copy the Adminpak.msi program from the “I386 directory of the Windows Server 2003 installation CD to the “Tools$” directory. Then set the share permissions for this directory, “Authenticated Users” group is readable, &ld;;Administrator” group is fully controlled.

Tip: The distributed software must be an MSI package file. If you want to package non-MSI files into MSI files, you can use InstallShield and other tools to complete this conversion.

Second, set group policy

Log in to the DC (domain controller) as a domain administrator, and then click “ Start → Programs & Rarr; Management Tools & Rarr; Active Directory Users and Computers & rdquo; menu item, right click on shyzhong.com in the pop-up window, and select “ attribute & rdquo; in the pop-up menu. Click the “New” button in the "Properties" window and name the newly created Group Policy object <;Software”.

Then select Software and click the "Edit" button below, click on the "Group Policy Editor" window, click "User Configuration & Rarr; Software Settings & Rarr; Software Installation" . Then right-click on <;Software Installation" and select “Properties> in the pop-up menu. In the "Software Installation Properties" dialog box, manually enter “computer name share file name”, then select “Show Deployment Software Dialog" & "Basic"

Click the "OK" button to return to the "Group Policy Editor" and right click on the "Software Installation" option. In the shortcut menu that pops up, select “New → Packages&rdquo ; In the subsequent "Open" dialog box, select the “Adminpak.msi” file under the Tools$ directory and click the “open” button. Click the “OK” button after selecting the "Published" option in the "Deployment Software" dialog that pops up. The Group Policy dialog can now be closed. Then open a command prompt window, enter the “Gpupdate” command and press Enter. This will refresh the group policy so that the above settings take effect immediately.

Third, install the software in the workstation

After the above settings in the DC (domain controller), the software will be distributed to all workstations in the shyzhong.com domain. In the workstation, when the user logs in to the domain, simply click on the “Add/Remove Programs” window to “Add New Programs” button, which will immediately list the DCs from the “Add Programs from Network” list. The "Adminpak.msi" program distributed in (domain controller). Click the “Add” button to install the program immediately.

Using the above software installation method in the workstation, the shared mode "passive download" can be changed to "distribution" of the software distribution. In this way, the management function of the domain becomes more powerful, and the burden of the network management is also reduced.

Tips: MSI files and Windows Installer

Windows Installer can implement software installation, deletion, recovery and other functions. But to use these features, you must do so through the Windows Installer package ——MSI file. MSI is the file format necessary to implement software distribution functions. MSI files usually contain the environment information required to install the built-in program and the instructions and data needed to install or uninstall the program. When the user double-clicks the MSI file, a file Msiexec.exe of the Windows Installer associated with it will be called, which will use Msi.dll to read the package file (.msi) and the application conversion file (.mst) for the purpose of proceeding. The next step.

Software distribution is a magical offloading function, which provides a good operation skill for the network management work, not only can reduce the decompression of the huge workload, but also bring certain security problems to the system. Protection.