Software Distribution

The SMS software distribution feature automates the distribution of programs to SMS clients. These programs run on the client computers to perform tasks such as installing software or scanning the client's hard drives for viruses.

Using software distribution eliminates the inefficient process of providing thousands of software CDs to users, along with programs and instructions. The automated process of program distribution eliminates user errors such as entering incorrect values in prompts, running incorrect programs, or entering incorrect arguments. By using software distribution, clients can successfully run programs and install software without needing to know how to run these programs or which setup options are best for them. Clients do not need to manage their own software installations. Instead, you centrally define and control how and when programs run on client computers. You can choose how little or how much users manage.

Central management of the software distribution in your organization allows you to monitor the distribution process from beginning to end. SMS generates detailed status messages that allow you to monitor individual clients and to provide assistance to those clients that are having difficulties running a program.

For clients with Windows Terminal Services (Remote Administration mode or Application Server mode) enabled, software distribution icons and messages are limited to the console session. On clients that are remote controlled by using Remote Assistance, Remote Desktop, or SMS Remote Control, software distribution icons function regularly. Software distribution functionality to site systems that have Windows Terminal Services enabled is limited.

Using collections for software distribution

You can easily make software products available to as many computers in your organization as you want. The clients that need to receive the program must be members of a collection (referred to as the target collection). The target collection can contain a single client, all the clients that are assigned to a specific site, or any subset of clients. When the program is distributed to the target collection, all the clients that are members of that collection receive the program. This allows you to distribute programs to specific users, specific user groups, and any group of client computers that share a common set of hardware or software attributes.

If Active Directory is implemented in your organization, you can target a collection that is based on Active Directory containers. You can create a collection that targets systems based on organization units, domains, site, and/or group membership, or you can create a collection that targets users based on domains, organization units, and/or group membership. To target systems for software distribution, using active directory containers, at least one of the Active Directory discovery methods must be enabled at the site.

Collections, in which membership rules are based on queries, are dynamic. After the initial membership list is created, clients are automatically added to or removed from the collection, as appropriate. Client computers that initially did not meet the collection's criteria, but meet the criteria now, automatically become members of the collection. Clients that initially meet the collection's criteria, but then no longer meet the criteria, are automatically removed from the collection (this does not result in the clients being uninstalled). In a dynamic environment, SMS keeps collections current, thus ensuring that only the appropriate clients receive distributed programs.

The following scenario illustrates the benefits of this behavior:

  1. You distribute a program to the "All Windows XP Systems" collection.

  2. Only client computers running Windows XP receive the program.

  3. A few client computers running Microsoft Windows 98 upgrade to Windows XP.

  4. The newly upgraded clients automatically become members of the "All Windows XP Systems" collection.

  5. The program that you distributed to the "All Windows XP Systems" collection automatically becomes available to the newly upgraded clients (along with any other programs that are available to the "All Windows XP Systems" collection).

Software distribution objects

The purpose of using the software distribution feature is to automatically make a program available to target clients. A program can be a file name (SMS uses file association to run such programs) or anything else that can run from a command line, such as a batch file, a Windows Installer command line, or a utility developed by your organization.

Programs often need to download files to the client when they run, for example, installation programs must download installation files. The files that a program requires when it runs are called package source files.

Sometimes, more than one program can be associated with the same set of source files. For example, there can be several variations of a setup program that install the same software by using the same source files. However, each setup program runs differently and provides different setup options, such as running without user intervention or performing an upgrade rather than a full installation. To provide clients with all these setup options, you need to define several programs for the same set of source files.

A copy of the source files must be distributed to one or more servers, accessible to clients, so that when the program runs on client computers, it can access the files that it requires. The distribution point is an SMS site system that has that role. The administrative task of copying the package source files to distribution points is called package distribution. Some programs are not associated with source files. In this case, either the programs use files that are already stored on the client computers or access to the required files is coordinated outside of the SMS software distribution. For example, the command line Defrag.exe might not be associated with source files. In this case, when the program runs on client computers, a local copy of Defrag.exe runs.

Programs, source files, and source file paths are the main components that make up a software distribution package*.* A package is the basic unit of software distribution.

Packages vary widely, depending on their purpose. A package might have source files associated with it. A package typically has at least one program and can have as many programs as needed. Programs have a wide range of configurable options such as security context, supported platforms, and environment requirements. The program's command line can be anything from setup programs to simple batch command lines.

Another object that is associated with software distribution is the advertisement. Advertisements are the objects that make programs available to clients. You must advertise a program before clients can run it. A variation of an advertisement is an assignment, which is a mandatory advertisement that must run on the client's computer. Advertised programs appear at the client both in the SMS user interface and in Add or Remove Programs in Control Panel.

Package definition files

You can create a package by defining the package's properties in the SMS Administrator console. An alternative, non-interactive way to create a package is by using a package definition file.

A package definition file is a specially formatted file that includes all the necessary information about an SMS package. A package definition file typically has an .sms file name extension (.pdf in previous versions of SMS). You can also create software distribution objects by importing an .msi file (Windows Installer) in the same way that you would import an .sms file.

To use a package definition file, you use the Create Package from Definition Wizard to import the file. SMS then creates the package and program objects that are defined in the file. Microsoft products and third-party applications often include a package definition file that you can use with SMS. If a package definition file for a specific package does not exist, you can use SMS Installer to generate one.

SMS Installer

SMS Installer is a tool that you can use to create software installation packages. These packages are known as SMS Installer-generated executable files, which are self-extracting files that contain everything that is necessary to install the software. You can use SMS Installer to create a setup program if one does not exist or to create Windows Installer (.msi) files. You can then use software distribution to distribute these packages to clients.

SMS Installer creates a modifiable installation script that runs on client computers and controls the installation. An installation script can have commands to perform tasks such as gather information about the client's system; install, search, and delete files; prompt users for information; and update both system files and the registry. By using these commands, you have full control of the installation process. SMS Installer provides status reporting in addition to what SMS provides and creates package definition files.

How Software Distribution Works

To distribute a program to clients, you need to create a software distribution package and programs and then you need to advertise the program that you want the clients to run. Advertising the program makes a program available to a specified target collection. The advertisement contains the name of the program, the name of the target collection, and the scheduling configuration (such as when to run the program or when will the program expire).

However, the site's clients will not be able to receive advertised programs until you enable the software distribution client agents on the site's clients. The Advertised Programs Client Agent on Legacy Clients and the Software Distribution Client Agent on Advanced Clients perform the software distribution related tasks on the clients. This primarily allows clients to receive and run programs that you advertised.

You can enable or disable the software distribution feature for an SMS site by enabling the software distribution client agents. When the feature is enabled, you can configure the software distribution client agents and create packages, programs, and advertisements to deliver the programs that clients need.

To use software distribution, perform the following tasks. After completing the first step, you can perform the rest of the tasks as required.

  1. Prepare the site for software distribution:

    • Configure the software distribution client agents.

    • Prepare CAPs, management points, and distribution points.

    • Prepare collections.

    • Prepare security.

  2. Create packages.

  3. Specify distribution points.

  4. Create programs.

  5. Create advertisements.

Figure 3.2 Software distribution process

cpig_004_004c

Figure 3: illustrates the components that participate in the software distribution process. It describes how site systems interact and how data that is related to software distribution propagates through the hierarchy.

  1. When you enable software distribution for a site, SMS enables software distribution on the site's clients as follows:

    • SMS installs the SMS Advertised Programs Client Agent on all Legacy Clients in the site (the agent is preinstalled on Advanced Clients).

    • SMS sends the appropriate Advanced Client policy that enables the Software Distribution Client Agent on Advanced Clients.

  2. When you create a package and advertise a program, SMS stores information about the package, program, and advertisement on CAPs and management points.

    If the site has child sites, SMS propagates information about the package, the program, or the advertisement to lower level sites. Each child site repeats that step until the information reaches a site that has no child sites. In Figure 3.2, the clients that are assigned to the highest primary site receive advertisement A. Clients of the secondary site receive advertisements A and B.

  3. When you choose distribution points for your package, SMS copies the package source files, if source files exist, to the specified distribution points and updates the CAPs and management points with the new information about the distribution points for the package.

  4. The Advertised Programs Client Agent on Legacy Clients periodically checks the CAP to determine if any advertisements are applicable to the client.

    • The Advertised Programs Client Agent runs assignments automatically.

    • The Advertised Programs Client Agent maintains a list of the programs that are not assignments, allowing the Legacy Clients to individually schedule them to run at their own convenience by using the Advertised Programs Wizard and the Advertised Programs Monitor in Control Panel.

  5. Advanced Clients periodically check the management point to determine if any advertisements are applicable to the client.

    • The Software Distribution Client Agent runs assignments automatically.

    • The Software Distribution Client Agent maintains a list of the advertisements that are not assignments, allowing the Advanced Clients to individually run them at their own convenience. Advanced Clients can view and run programs by using either Add or Remove Programs or Run Advertised Programs in Control Panel. Advanced Clients cannot schedule programs to run.

  6. When the program runs, it might need package source files. The Advertised Programs Client Agent checks the CAP or the management point for the list of distribution points that contain the package source files and selects one.

    • On Legacy Clients, the client agent connects to a distribution point and runs the specified program's command line.

    • On Advanced Clients, the client agent connects to a distribution point. Depending on different settings, it may download the package source files to the local machine before running the specified program's command line.

    If there are no package source files, the client agent runs the program's command line without making any connections.

Software distribution on Advanced Clients

Some software distribution settings and capabilities are supported only on Advanced Clients. With these settings and capabilities, Advanced Clients can better handle situations such as non-continuous connectivity to the network and slow link connections.

  • You can configure Advanced Clients to download package source files to the local computer before running a program that requires those files. When the program runs, it gets the files from the local computer rather than from a distribution point.

  • Advanced Clients manage their download cache. When Advanced Clients download package source files in advance, the package source files are stored in the client's download cache. The Advanced Client can set the cache location and size. SMS uses these settings with its cache management logistics to attempt to allocate sufficient space when new requests to download packages arrive.

  • You can enable BITS on distribution points. BITS allows SMS to download package files from the distribution point to the client incrementally. If a file transfer is stopped unexpectedly, BITS can resume the file transfer from the point that it was stopped. BITS throttles file downloads so they do not interfere with the other local applications that are using the network. BITS uses HTTP, so that the Advanced Client can send and receive files in any situation where an HTTP link can be established.

  • If a roaming Advanced Client requires files for programs that are advertised to it, and those files are available from any local distribution point, the Advanced Client can use a local distribution point to access those files, without changing the client's site assignment. This reduces the Advanced Client's use of the wide area network (WAN).

  • Note

    • To reduce the load on the WAN, you can specify a distribution point as a protected distribution point. When specifying boundaries to a protected distribution point, it prevents access to that distribution point from clients roaming outside the specified boundaries. By using this configuration, you can conserve bandwidth and protect a distribution point from being overloaded.

Software Distribution Throughout the Site Hierarchy

Any site can originate a software distribution for itself and its child sites. Package, program, and advertisement definitions replicate automatically down the site hierarchy, whether or not the distribution includes distribution points or target clients in the child sites. Administrators can advertise propagated programs to clients of their site or to clients of their child sites. However, administrators cannot modify propagated packages, programs, or advertisements. It is possible to distribute a propagated package to local distribution points, but the originating site always remains the owner of the package and has full control over all of its objects.

Although collections, packages, programs, and advertisements propagate to child sites, package source files do not. Because Legacy Clients cannot cross site boundaries to gain access to distribution points, you must specify at least one distribution point for the package in each site containing target clients. If the package does not contain source files, then distribution points are not involved in this process.

When a distribution point in a child site is first added to a package's distribution point list, the package source files are compressed and sent to the child site's site server. There, the source files are decompressed and copied to the specified distribution points in that site. The compressed version of the source files is kept at the child site, and if a new distribution point in that site is specified for the package, the child site server again decompresses the package source files and copies them to the new distribution point.

Figure 3.2 shows how software distribution objects propagate down the hierarchy.

When there are changes to source files of a package and you need to update the package source files on the sites that already contain the package, SMS minimizes network traffic by sending only the updates through the network, rather than sending the entire set of source files.

Using fan-out

When distributing packages to child sites, you can reduce the workload on the initiating site by using the fan-out feature. The fan-out feature allows sites to distribute package content to lower level sites through child sites, rather than directly. Fan-out distribution occurs automatically if the initiating site does not have an SMS address for the destination site. For example, if a site needs to distribute a package to its child site and to its grandchild site, the originating site has two options:

  1. Distribute the package to the child site and to the grandchild site. This happens if the initiating site has addresses to both sites.

  2. Use the fan-out feature and distribute the package only to the child site. The child site then distributes the package to its child site, which is the grandchild of the originating site. This happens if the initiating site has the address of the child site and only the child site has the address of the grandchild site.

Besides reducing the workload of the initiating site, this also reduces the load on the network link between the initiating site and the rest of the sites, which is often a significant issue. This is especially efficient when distributing large software packages such as Windows XP. Figure 3.3 describes the added load on the central site when fan-out is not used.

Figure 3.3 Software distribution with and without fan-out

cpig_004_003c

Benefits of Software Distribution

With software distribution, you can centrally manage software in your organization in an efficient manner. You can simultaneously upgrade all the computers in your site with a new software installation, run a virus scan utility on all client computers on a regular basis, or distribute a licensed application to a small subset of your users. You can distribute a Windows Installer package that is configured with the elevated rights install mode and SMS will then run the administrator setup portion under administrative context (localsystem) and the user setup portion under the current user context.

SMS provides a wide set of settings for the distributed programs. This gives you flexibility in the type of programs that you can advertise and in the way these programs run on the client computers.

You can specify an event that must happen before a program runs, such as a user logon. You can specify an action that will be automatically performed after a program completes, such as a reboot or a user log off. This is useful especially with operating system upgrades, but you can use it with any program that requires a restart to complete.

Programs are available to clients through Add or Remove Programs in Control Panel. This allows software that is distributed by SMS to be added or removed from the client's computer in the same manner that other, non-SMS distributed programs are added or removed. You can define categories for your programs so that users can filter on those categories in the Add or Remove Programs dialog box and find the programs that they need faster.

Many scheduling options are available for advertised programs. You can schedule an advertisement centrally, so it runs at a specified time on all clients. This program is referred to as an assignment. This is useful for mandatory programs such as a virus scan that clients must run at a certain time. Legacy Clients can schedule programs individually to run at their own convenience. You can combine these two capabilities and allow clients to individually schedule programs, but after a specified time, the program becomes mandatory for clients that did not run the program yet. A powerful scheduling option is a recurring schedule. When you configure an advertisement with a recurring schedule, SMS automatically runs the assigned program on a periodic basis, as specified.

Some programs require the completion of another program before they can successfully run. The software distribution feature allows you to configure program dependencies. This can be very useful in setup programs in which one portion can run in the user context and another portion requires the system context. For example, you can advertise a program to install WinZip on the client's computer and specify that it must complete successfully before a .zip program can run.

If a program can run unattended, you can schedule it to run on client computers at a time when no users are logged on to the network.

Some setup programs must perform tasks that require administrative rights, but they also must perform tasks that require the user's context, such as adding icons to the user's desktop. You can create a program, which is a Windows Installer script, and configure the program to run with administrative credentials but in the user's context. Even if the logged on user does not have administrative credentials, the program can run.

You can use the capabilities of the software distribution feature to perform many administrative tasks. Some common tasks are:

  • Install software on client computers, providing different installation options for the same software.

  • Use Add or Remove Programs in Control Panel to add or remove programs.

  • Copy data files to client computers.

  • Run utilities such as virus checks or disk defragmentation.

  • Perform any function that can run from a command line.

  • Distribute the Skpswi.dat file that clients can use to prevent software inventory collection from a specific drive or a specific directory.

  • Bring new computers in the organization to a corporate standard. After installing only the operating system and SMS on a new computer, you can use software distribution to install the rest of the required software to bring the computer up to the required standard.

  • Perform an unattended Windows XP installation on all client computers. You can create a Windows XP installation package that includes the appropriate answer file. Clients will then perform an unattended operating system upgrade.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.