`Lucovsky et al.
`
`I lllll llllllll Ill lllll lllll lllll lllll lllll 111111111111111111111111111111111
`US006836794Bl
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,836, 794 Bl
`Dec. 28, 2004
`
`(54) METHOD AND SYSTEM FOR ASSIGNING
`AND PUBLISHING APPLICATIONS
`
`(75)
`
`Inventors: Mark Lucovsky, Redmond, WA (US);
`Michael J. Cherry, Redmond, WA
`(US); Daniel Plastina, Issaquah, WA
`(US); Bharat Shah, Bellevue, WA
`(US); Debi P. Mishra, Redmond, WA
`(US); David E. Kays, Jr., Carnation,
`WA (US); Markus Horstmann,
`Redmond, WA (US)
`
`(73) Assignee: Microsoft Corporation, Redmond, WA
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 09/158,968
`
`(22) Filed:
`
`Sep. 21, 1998
`
`(51)
`(52)
`(58)
`
`(56)
`
`Int. Cl.7 . ... ... .. ... ... ... ... .. ... ... ... ... ... .. ... ... .. G06F 9/445
`U.S. Cl. ........................................ 709/223; 717/177
`Field of Search ................................. 709/219, 223,
`709/224, 225, 229, 226; 717/177
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`* 10/1992 Kirouac et al. ............. 709/221
`5/1995 Platt ........................... 395/600
`12/1995 Halliwell et al.
`........... 395/650
`7/1996 Baskey et al. ......... 395/182.02
`9/1996 Owens et al. ............... 395/700
`12/1996 Stupek, Jr. et al. ......... 395/712
`4/1997 Debenedictis et al. ...... 395/706
`5/1997 Saulpaugh et al.
`......... 395/284
`7/1997 Coy et al. ................... 395/620
`8/1997 Bonnell et al.
`............. 709/202
`8/1997 Scarr et al. ... .. ... ... ... ... ... 714/4
`
`5,155,847 A
`5,421,009 A
`5,473,772 A
`5,535,326 A
`5,555,416 A
`5,586,304 A
`5,625,823 A
`5,630,076 A
`5,644,766 A
`5,655,081 A
`5,659,547 A
`
`5,692,129 A
`5,732,266 A *
`5,732,275 A
`5,742,829 A
`5,752,042 A
`5,764,992 A
`5,768,566 A
`5,778,234 A
`5,784,612 A
`5,790,664 A
`5,790,856 A
`5,796,967 A
`5,805,897 A
`5,835,911 A
`5,859,969 A
`5,859,978 A
`
`11/1997
`3/1998
`3/1998
`4/1998
`5/1998
`6/1998
`6/1998
`7/1998
`7/1998
`8/1998
`8/1998
`8/1998
`9/1998
`11/1998
`1/1999
`1/1999
`
`Sonderegger et al. .. 395/200.11
`Moore et al. . ... ... ... .. ... ... 713/1
`Kullick et al. . . . . . . . . . . . . . . . . 717 /11
`Davis et al.
`................ 395/712
`Cole et al. .................. 395/712
`Kullick et al. . . . . . . . . . . . . . . 395 /712
`Harikrishnan et al. ...... 395/500
`Hecht et al. ................ 395/712
`Crane et al. ................ 713/100
`Coley et al. .. ... ... ... .. ... ... 380/4
`Lillich ........................ 395 /703
`Filepp et al.
`............... 345/339
`Glowny . . . . . . . . . . . . . . . . . . . . . . . 717 /11
`......... 707/203
`Nakagawa et al.
`................ 395/200.3
`Oki et al.
`Sonderegger et al. . . 395/200.56
`
`(List continued on next page.)
`
`Primary Examiner-Dung C. Dinh
`(74) Attorney, Agent, or Firm-Law Offices of Albert S.
`Michalik, PllC
`
`(57)
`
`ABSTRACT
`
`A method and system for managing and deploying applica(cid:173)
`tions across a computer network by assigning and publishing
`applications to user and computer policy recipients.
`Assigned applications are automatically applied via a script
`to the policy recipients, thereby ensuring that the recipient
`has an administrator-specified workstation configuration.
`Assigned applications are advertised so as to appear avail(cid:173)
`able to the user, by adding an application shortcut to the start
`menu, and by populating the machine registry with appro(cid:173)
`priate application information. Other applications may be
`published to users, whereby those applications are option(cid:173)
`ally available for use by users. Published application infor(cid:173)
`mation is maintained in a centralized store of information on
`the network. Assigned and published applications may be
`installed on demand, such as when the application is acti(cid:173)
`vated.
`
`41 Claims, 9 Drawing Sheets
`
`72
`
`76a
`Managed
`Software
`Installer
`(API)
`
`80
`
`82
`
`78
`
`Advertise
`Seript(s)
`
`Client Workstation
`
`Group
`Polley
`Objeet1
`
`Group
`Polley
`Objeet2
`
`Group
`Polley
`Objeetn
`
`Domain
`Contoller
`
`64
`
`IPR2017-00184
`UNIFIED EX1009
`
`
`
`US 6,836, 794 Bl
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`msdn_install.html (Jun. 1997), printed Feb. 29, 2000.
`
`5,867,713 A
`5,867,714 A
`5,870,762 A
`5,897,640 A
`5,925,127 A
`5,930,513 A
`5,930,514 A
`5,933,647 A
`5,954,827 A
`5,960,204 A
`5,966,540 A
`5,978,590 A
`5,987,504 A
`5,995,756 A
`5,999,740 A
`6,006,034 A
`6,006,035 A
`6,009,274 A
`6,009,401 A
`6,021,438 A
`6,023,586 A *
`6,029,147 A
`6,041,333 A
`6,067,582 A
`6,075,943 A *
`6,131,192 A
`6,138,153 A
`6,151,643 A
`6,151,708 A
`6,161,218 A
`6,192,406 Bl *
`6,199,204 Bl
`6,202,207 Bl
`6,205,527 Bl
`6,212,536 Bl
`6,219,786 Bl *
`6,314,565 Bl
`6,324,693 Bl *
`
`2/1999
`2/1999
`2/1999
`4/1999
`7/1999
`7/1999
`7/1999
`8/1999
`9/1999
`9/1999
`10/1999
`11/1999
`11/1999
`11/1999
`12/1999
`12/1999
`12/1999
`12/1999
`12/1999
`2/2000
`2/2000
`2/2000
`3/2000
`5/2000
`6/2000
`10/2000
`* 10/2000
`11/2000
`11/2000
`12/2000
`2/2001
`3/2001
`3/2001
`3/2001
`4/2001
`4/2001
`11/2001
`11/2001
`
`............. 395/712
`Shrader et al.
`Todd et al.
`................. 395/712
`Lee ............................ 707 /202
`Veghte et al. . . . . . . . . . . . . . . . 207 /202
`Ahmad ....................... 213/200
`Taylor ........................ 395/712
`Thompson et al.
`......... 395/712
`Aronberg et al. ........... 395/712
`Frank et al.
`.................. 714/48
`Yinger et al. ............... 395/712
`Lister et al.
`................ 395/712
`Imai et al. .................. 395/712
`Toga .......................... 709/206
`Herrmann ................... 395/712
`Rowley ...................... 395/712
`Heath et al. ................ 395/712
`Nabahi ....................... 395/712
`Fletcher et al. ............. 395/712
`Horstmann ... ... ... ... ... .. ... 705/1
`Duvvoori et al. ........... 709/224
`Gaisford et al. ............ 395/712
`.............. 705/35
`Horadan et al.
`Bretschneider et al. . . . . . 707 /203
`Smith et al. ................... 710/5
`Feinman ..................... 395/712
`Henry . . . . . . . . . . . . . . . . . . . . . . . . . 717 /11
`........ 709/221
`Collins, III et al.
`Cheng et al.
`................. 710/36
`Pedrizetti et al. . . . . . . . . . . . . . 717 /11
`Taylor .. ... ... .. ... ... ... ... .. . 717 /11
`Ma et al. .................... 709/226
`Donohue ..................... 717/11
`Donohue ..................... 717/11
`Goshey et al. .............. 711/162
`............. 707/513
`Klassen et al.
`Cunningham et al.
`...... 713/152
`Kenner et al. . . . . . . . . . . . . . . . . 717 /11
`Brodersen et al. . . . . . . . . . . . . 717 /11
`
`OIBER PUBLICATIONS
`
`"Automating Microsoft Transaction Server Client Installa(cid:173)
`tion," Microsoft Corporation, URL:wysiwyg://MAIN.
`PRODINF0.6/http://msdn.mi ... m/library/backgrnd/html/
`
`"Seagate Enterprise Management Software-East Announces
`Release of Desktop Management Suite; Best-of-Breed
`Point Solutions Integrated to Provide Heterogenous LAN
`Management," Business Wire, p. 04020056 (Apr. 2, 1996).
`
`Kelly, Mike, "Gain Control of Application Setup and Main(cid:173)
`tenance with the New Windows Installer," Microsoft Sys(cid:173)
`tems Journal, pp. 15-18, 20-23, 26-27 (Sep. 1998).
`
`Lang, Jay., "IBM Bolsters Windows NT Reliability With
`Tools Suite," Information Week, p. A6ff (Jul. 20, 1998).
`
`Dunigan, et al., MCSE Training Guide: Windows NT Work(cid:173)
`station 4, New Riders Publishing, pp. 28-32, 402 405,
`486-492 (1997).
`
`Green, "Windows Apps Need To Be Aware of Install Meth(cid:173)
`ods", Network World, p. 45 (Nov. 1994).
`
`McKinney et al., "Win Tips Windows 9x", Windows Maga(cid:173)
`zine, pp. 255-258 (Aug. 1998).
`
`McNutt, "Administering X Sites", Unix Review, pp. 45ff
`(Jul. 1992).
`
`Methvin, David, "Problems? In Win98?", Windows Maga(cid:173)
`zine, pp. 224ff (Oct. 1998).
`
`Spanbauer, Scott, "Internet Explorer 4.0, Problem Child",
`PC World, p. 53 (Jan. 1998).
`
`Anonymous, "ADSTAR Distributed Storage Manager Basic
`Concepts," IBM Storage Software, http://www.storage.ibm.
`com/software/adsm/adbasics.htm pp. 1-8, (Oct. 31, 1997),
`printed Nov. 3, 1997.
`
`Jones, Michael B., "The Microsoft Interactive System: An
`Experience Report," Technical Report MSR-TR-97-18, pp.
`http ://research.microsoft.com/-mbj/papers/mitv I
`1-20,
`tr-97-18.htm (Jul. 1997), printed Sep. 4, 2001.
`
`* cited by examiner
`
`
`
`-------------------------------------------------------------------------,
`System Memory
`20
`-(Ro-M")--~------
`
`1
`
`BIOS
`
`-2§. l 1 22
`
`Processing
`Unit
`
`21 48
`
`(RAM) 25
`OPERATING 35
`SYSTEM
`-
`
`APPLICATION
`PROGRAMS 36
`
`OTHER PROGRAM
`MODULES 37
`
`55
`I . - - - - - .
`Host
`Adapter
`
`Video
`Adapter
`
`L PROGRAM I
`
`DATA
`
`38
`
`Hard Disk 11 Magnetic
`Drive
`Disk Drive
`Interface
`Interface
`
`Optical
`Drive
`Interface
`
`Serial
`Part
`Interface
`
`Network
`Interface
`
`11111
`----------7L. __
`/
`,,,,.,,,.," 27
`
`/
`
`/
`
`,,.,/'
`
`/ '
`
`/
`
`/
`
`/
`
`,,,,"
`
`-,~~:~~~~~-;---~
`~-.--------
`--~29 31...,,
`',
`OPERATING APPLICATION OTHER 37 PROGRAM
`SYSTEM
`PROGRAMS
`PROGRAM
`DATA
`36
`MODULES
`
`35
`
`FIG. 1
`
`38
`
`47
`
`Monitor! I
`
`' )
`
`----.
`
`SCSll
`
`I 56
`
`Storage
`Device
`
`·
`
`I
`
`LAN I 1J1
`
`49
`
`53
`
`_____ _!
`
`Wide Area Network
`
`v
`
`,
`
`Remote
`Computer(s)
`
`42
`
`11111
`
`-
`APPLICATION
`PROGRAMS~
`
`60
`
`d •
`\JJ.
`•
`~
`~ ......
`~ = ......
`
`~
`~
`ri
`N
`~CIO
`
`N c c
`
`.i;;..
`
`'Jl =-~
`~ .....
`'"""' 0 .....,
`
`\C
`
`e
`rJ'J.
`-..a-..
`~
`~ a-..
`~
`\0
`.i;;..
`~
`lo-"
`
`
`
`Domain 164
`Contoller
`
`Group trr
`
`66
`I
`
`68
`
`Policy
`Objects
`
`Class-nr 11
`Stores
`
`62
`
`Active -if
`
`Directory
`
`User
`Profile
`
`I
`
`Machine
`
`I Profile
`
`201
`
`Workstation1
`
`78
`
`79
`
`202
`
`Network
`Server
`. -
`
`88
`
`86
`.
`
`Workstation2
`
`~
`
`Workstation3 I
`
`I Workstation4 I
`
`I Workstation5 I • I Workstation" •
`.
`
`203
`
`204
`
`205
`
`FIG. 2
`
`I
`
`20n
`
`d •
`\JJ.
`•
`~
`~ ......
`~ =
`......
`
`~
`~
`ri
`N
`~CIO
`N
`c
`c
`.i;;..
`
`'Jl
`
`=-~
`~ .....
`N
`0 .....,
`\C
`
`e
`rJ'J.
`-..a-..
`~
`~ a-..
`~
`\0
`.i;;..
`~
`lo-"
`
`
`
`I 1
`
`72
`::V
`Application
`Deployment
`Editor
`
`76a
`
`Network Server
`
`1 49
`
`661
`
`Managed
`Software
`Installer
`(API)
`
`Advertise
`Script
`
`74
`
`60
`
`78
`
`Managed
`Software
`Installer
`(API)
`
`,,.
`
`Log on
`Process I
`1 Adminstered ~ 74a I 66n
`Policy
`
`82
`
`Advertise
`Script
`Information
`
`User Profile
`
`Rollback
`Script
`
`84·
`
`201
`
`Advertise
`Script(s)
`
`Client Workstation
`
`Group
`Policy
`Object1
`
`Group
`Policy
`Object2
`
`•
`
`Group
`Policy
`Objectn
`
`Domain
`Contoller
`
`64
`
`FIG. 3
`
`d •
`\JJ.
`•
`~
`~ ......
`~ = ......
`
`~
`~
`ri
`N
`00
`
`~
`
`N c c
`
`.i;;..
`
`'Jl =(cid:173)~
`
`~
`~
`0 .....,
`\C
`
`e
`
`rJ'J.
`O'I
`~
`~
`O'I
`~
`\0
`.i;;..
`~
`lo-"
`
`
`
`U.S. Patent
`
`Dec. 28, 2004
`
`Sheet 4 of 9
`
`US 6,836, 794 Bl
`
`74a
`
`.--~-
`
`Log on
`Process I
`Adminstered
`Policy
`
`Advertise
`Script(s)
`
`Managed
`Software
`Installer
`(API)
`
`Registry
`
`70
`
`80
`
`r-+-~---1•
`
`Group Policy Object
`
`76b
`
`Group Policy
`Container
`
`Group Policy
`Template
`
`Program Files
`
`75
`
`Workstation
`
`FIG. 4
`
`
`
`U.S. Patent
`
`Dec. 28, 2004
`
`Sheet 5 of 9
`
`US 6,836, 794 Bl
`
`FIG. 5
`
`500
`
`502
`
`504
`
`begin
`
`Create I Select
`Group Policy
`Object
`
`Select
`Application
`Package
`
`Call Installer
`Mechanism to
`Generate Script
`from Package
`
`506
`
`Generate
`Advertise
`Script
`
`Store Script with _./"508
`Group Policy
`Object
`
`end
`
`
`
`U.S. Patent
`
`Dec. 28, 2004
`
`Sheet 6 of 9
`
`US 6,836, 794 Bl
`
`FIG. 6
`
`600
`
`602
`
`604
`
`606
`
`begin
`
`Write Advertise
`Script(s) to
`Workstation
`
`Select (Next)
`Advertise Script
`
`Call Installer
`Mechanism to
`Process Script
`
`Installer Populates
`Registry, Writes
`Shortcuts to Start
`Menu/Desktop
`
`608
`
`Yes
`
`end
`
`
`
`U.S. Patent
`
`Dec. 28, 2004
`
`Sheet 7 of 9
`
`US 6,836, 794 Bl
`
`FIG. 7
`
`begin
`
`User Clicks
`Advertised
`Application Shortcut
`
`OS Passes Application
`Request to Installer
`Mechanism
`
`700
`
`702
`
`704
`
`No
`
`706
`
`Yes
`
`Install Application,
`Change State to
`Locally Installed
`
`708
`
`OS Executes
`Application
`
`end
`
`
`
`U.S. Patent
`
`Dec. 28, 2004
`
`Sheet 8 of 9
`
`US 6,836, 794 Bl
`
`FIG. 8
`
`begin
`
`User Clicks
`Document
`
`800
`
`OS Looks for
`Extension in Local
`Registry
`
`802
`
`804
`
`Yes
`
`No
`
`810
`
`806
`
`Call Installer to
`Launch Application
`(FIG. 9)
`
`808
`
`Return Success
`
`816
`
`Return Error
`
`end
`
`OS Looks for
`Extension in
`Active
`Directory
`
`Advertise
`Application
`Script
`
`
`
`U.S. Patent
`
`Dec. 28, 2004
`
`Sheet 9 of 9
`
`US 6,836, 794 Bl
`
`begin
`(From FIG. 8)
`
`FIG. 9
`
`Installer Receives
`Request to Launch
`Application
`
`900
`
`904
`
`906
`
`Associated
`Application
`Locally
`Installed
`
`Install Application
`from Network
`
`Change
`Application State
`to Locally
`Installed
`
`Launch
`Application,
`Return Success
`
`
`
`US 6,836,794 Bl
`
`1
`METHOD AND SYSTEM FOR ASSIGNING
`AND PUBLISHING APPLICATIONS
`
`RELATED APPLICATIONS
`
`This application is related to the following United States
`Patent applications, all of which are filed on the same day
`and assigned to the same assignee as the present application:
`"Method and System for Advertising Applications" Ser.
`No. 09/158,967, now U.S. Pat. No. 6,345,386, hereby
`incorporated by reference herein in its entirety;
`"Class Store Schema" Ser. No. 09/158,023, now U.S. Pat.
`No. 6,389,589;
`"Method and System for On-Demand Installation of Soft(cid:173)
`ware Implementations" Ser. No. 09/158,022 and
`"Software Implementation Installer Mechanism" Ser. No.
`09/158,021, now U.S. Pat. No. 6,418,554.
`
`FIELD OF THE INVENTION
`
`The invention relates generally to computer systems and
`networks, and more particularly to an improved method and
`system for deploying applications to users and computers in
`a network.
`
`BACKGROUND OF THE INVENTION
`
`2
`policy for another. As can be readily appreciated, deploying
`applications in an enterprise is a complex task that does not
`fit in well with existing systems and methods.
`
`5
`
`SUMMARY OF THE INVENTION
`
`Briefly, the present invention provides a system and
`method for automatically deploying applications by assign(cid:173)
`ing certain applications to users and machines in accordance
`10 with a policy. One or more advertising scripts are stored with
`a policy associated with computer or user policy recipients,
`and each advertising script includes an application assigned
`to the policy recipient. When one or more advertising scripts
`are applied, such as to a user at logon or a machine at
`15 re-boot, assigned applications are advertised as available to
`the user by placing application shortcuts on a start menu or
`desktop and by writing entries to the system registry such as
`to enable document invocation through the Windows shell
`and class activation through system components and
`20 applications, i.e., file-extension based activation and COM
`(Component Object Model) CLSID (class identifier)-based
`activation, respectively. In this manner, assigned applica(cid:173)
`tions may be advertised as available, prior to the actual
`installation thereof. An installer installs advertised applica-
`25 tions as needed, i.e., upon user activation of the application.
`Other applications may be published, whereby they do not
`appear to be available, but are optionally available if acti(cid:173)
`vated (e.g., via file extension-based activation and CLSID(cid:173)
`based activation) or manually installed by a user.
`
`30
`
`In contemporary enterprises such as a corporation, one of
`the duties of a network administrator is to set up and
`maintain the corporation's computers so as to make employ(cid:173)
`ees more productive. Lost productivity at employees' com(cid:173)
`puter desktops is a major cost for corporations, often result(cid:173)
`ing from user errors such as inadvertently removing some or
`all of a needed application or using an old application rather
`than an enterprise-specified one that is improved, secure
`and/or compatible with others. Productivity is also lost when 35
`a desktop is too complex, such as when the desktop has too
`many non-essential applications and features thereon. Much
`of the expense of administering distributed personal com(cid:173)
`puter networks is spent at the desktop, performing tasks such
`as fixing the applications and settings that the user has 40
`incorrectly or inadvertently modified.
`At the same time, an enterprise wants certain personnel to
`have access to various software applications, while wanting
`other applications to be available to certain users for access 45
`if needed. For example, a corporate enterprise may declare
`a policy specifying that everyone in the company should use
`a particular electronic mail program, while in addition, those
`in the research department should be able to load a particular
`spreadsheet application if needed. Similarly, the enterprise 50
`may decide that employees spend too much time browsing
`the Internet, whereby the enterprise desires that only certain
`groups such as the research group and management group
`should have Internet browsers installed on their machines.
`However, to implement such policy decisions, adminis(cid:173)
`trators or the like generally need to physically visit each
`workstation to load or unload the specified programs, and
`spend time with the employees regarding the need for
`installing optional programs. In addition to initially setting
`the computers, the administrators must hope (or regularly 60
`check) that the users do not change the settings, however
`users regularly make modifications, leading to lost produc(cid:173)
`tivity. The administrator also needs to revisit the worksta(cid:173)
`tions to install new versions of applications.
`Moreover, such policies cause problems when multiple 65
`users share the same computer, since a policy instituted for
`one user of that computer may not be compatible with the
`
`Other benefits and advantages will become apparent from
`the following detailed description when taken in conjunction
`with the drawings, in which:
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a block diagram representing a computer system
`into which the present invention may be incorporated;
`FIG. 2 is a block diagram generally representing a com(cid:173)
`puter network into which the present invention may be
`incorporated;
`
`FIG. 3 is a block diagram generally representing exem(cid:173)
`plary components for assigning and publishing applications
`in accordance with various aspects of the present invention;
`FIG. 4 is a block diagram generally representing how
`advertising scripts are copied to the workstation from the
`group policy object and then advertised via the installer in
`accordance with an aspect of the present invention;
`
`FIG. 5 is a flow diagram generally representing the steps
`taken to assign an application in accordance with one aspect
`of the present invention;
`
`FIG. 6 is a flow diagram generally representing the steps
`taken at user logon to advertise an assigned application in
`accordance with another aspect of the present invention;
`
`FIG. 7 is a flow diagram generally representing the steps
`taken when a user activates an assigned application via a
`shortcut;
`
`FIG. 8 is a flow diagram generally representing the steps
`taken when a user attempts to activates an application via an
`file extension associated therewith; and
`
`FIG. 9 is a flow diagram generally representing the steps
`taken by an installer mechanism to locate an application
`associated with a file extension.
`
`55
`
`
`
`US 6,836,794 Bl
`
`5
`
`3
`DETAILED DESCRIPTION OF IBE
`PREFERRED EMBODIMENT
`Exemplary Operating Environment
`FIG. 1 and the following discussion are intended to
`provide a brief general description of a suitable computing
`environment in which the invention may be implemented.
`Although not required, the invention will be described in the
`general context of computer-executable instructions, such as
`program modules, being executed by a personal computer.
`Generally, program modules include routines, programs,
`objects, components, data structures and the like that per(cid:173)
`form particular tasks or implement particular abstract data
`types. Moreover, those skilled in the art will appreciate that
`the invention may be practiced with other computer system
`configurations, including hand-held devices, multi(cid:173)
`processor systems, microprocessor-based or programmable
`consumer electronics, network PCs, minicomputers, main(cid:173)
`frame computers and the like. The invention may also be
`practiced in distributed computing environments where
`tasks are performed by remote processing devices that are
`linked through a communications network. In a distributed
`computing environment, program modules may be located
`in both local and remote memory storage devices.
`With reference to FIG. 1, an exemplary system for imple(cid:173)
`menting the invention includes a general purpose computing 25
`device in the form of a conventional personal computer 20
`or the like, including a processing unit 21, a system memory
`22, and a system bus 23 that couples various system com(cid:173)
`ponents including the system memory to the processing unit
`21. The system bus 23 may be any of several types of bus
`structures including a memory bus or memory controller, a
`peripheral bus, and a local bus using any of a variety of bus
`architectures. The system memory includes read-only
`memory (ROM) 24 and random access memory (RAM) 25.
`A basic input/output system 26 (BIOS), containing the basic
`routines that help to transfer information between elements
`within the personal computer 20, such as during start-up, is
`stored in ROM 24. The personal computer 20 may further
`include a hard disk drive 27 for reading from and writing to
`a hard disk, not shown, a magnetic disk drive 28 for reading
`from or writing to a removable magnetic disk 29, and an
`optical disk drive 30 for reading from or writing to a
`removable optical disk 31 such as a CD-ROM or other
`optical media. The hard disk drive 27, magnetic disk drive
`28, and optical disk drive 30 are connected to the system bus
`23 by a hard disk drive interface 32, a magnetic disk drive
`interface 33, and an optical drive interface 34, respectively.
`The drives and their associated computer-readable media
`provide non-volatile storage of computer readable
`instructions, data structures, program modules and other
`data for the personal computer 20. Although the exemplary
`environment described herein employs a hard disk, a remov(cid:173)
`able magnetic disk 29 and a removable optical disk 31, it
`should be appreciated by those skilled in the art that other
`types of computer readable media which can store data that
`is accessible by a computer, such as magnetic cassettes, flash
`memory cards, digital video disks, Bernoulli cartridges,
`random access memories (RAMs), read-only C memories
`(ROMs) and the like may also be used in the exemplary
`operating environment.
`A number of program modules may be stored on the hard
`disk, magnetic disk 29, optical disk 31, ROM 24 or RAM 25,
`including an operating system 35 (preferably Windows NT),
`one or more application programs 36, other program mod(cid:173)
`ules 37 and program data 38. A user may enter commands
`and information into the personal computer 20 through input
`devices such as a keyboard 40 and pointing device 42. Other
`
`4
`input devices (not shown) may include a microphone,
`joystick, game pad, satellite dish, scanner or the like. These
`and other input devices are often connected to the processing
`unit 21 through a serial port interface 46 that is coupled to
`the system bus, but may be connected by other interfaces,
`such as a parallel port, game port or universal serial bus
`(USE). A monitor 47 or other type of display device is also
`connected to the system bus 23 via an interface, such as a
`video adapter 48. In addition to the monitor 47, personal
`10 computers typically include other peripheral output devices
`(not shown), such as speakers and printers.
`The personal computer 20 may operate in a networked
`environment using logical connections to one or more
`remote computers, such as a remote computer 49. The
`15 remote computer 49 may be another personal computer, a
`server, a router, a network PC, a peer device or other
`common network node, and typically includes many or all of
`the elements described above relative to the personal com(cid:173)
`puter 20, although only a memory storage device 50 has
`20 been illustrated in FIG. 1. The logical connections depicted
`in FIG. 1 include a local area network (LAN) 51 and a wide
`area network (WAN) 52. Such networking environments are
`commonplace in offices, enterprise-wide computer
`networks, Intranets and the Internet.
`When used in a LAN networking environment, the per-
`sonal computer 20 is connected to the local network 51
`through a network interface or adapter 53. When used in a
`WAN networking environment, the personal computer 20
`typically includes a modem 54 or other means for establish-
`30 ing communications over the wide area network 52, such as
`the Internet. The modem 54, which may be internal or
`external, is connected to the system bus 23 via the serial port
`interface 46. In a networked environment, program modules
`depicted 610 relative to the personal computer 20, or por-
`35 tions thereof, may be stored in the remote memory storage
`device. It will be appreciated that the network connections
`shown are exemplary and other means of establishing a
`communications link between the computers may be used.
`For purposes of the following description, a client work-
`40 station (e.g., 201) may correspond to the computer system
`20, while an application package 60 (FIG. 3) may reside on
`one of the remote computers 49. However as can be readily
`appreciated, no particular arrangement of the various files,
`interfaces, objects, mechanisms, processes and so on
`45 described herein is necessary to the present invention.
`Indeed, as is understood in computing and networking in
`general, such files, interfaces, objects, mechanisms, pro(cid:173)
`cesses and so on may be combined, separated and/or dis(cid:173)
`tributed in virtually any number of ways among the various
`50 network devices.
`In general, the present invention provides a method and
`system for deploying software applications throughout a
`computer network in a highly flexible, scalable, extensible
`and efficient manner. To this end, the method and system
`55 leverage a highly flexible architecture wherein an adminis(cid:173)
`trator can tailor policies to sites, domains, and organizational
`units of users and computers thereunder, (in a hierarchical
`manner), by specifying one or more policies therefor, such
`that the policy within an organization is centrally managed.
`60 Such group policies, including the prioritizing of multiple
`policies for policy recipients (e.g., users or machines) are
`described in U.S. patent application Ser. No. 09/134,805,
`entitled "System and Method for Implementing Group
`Policy," assigned to the assignee of the present invention and
`65 hereby incorporated by reference herein in its entirety.
`Although not necessary to the present invention, group
`policies are maintained via a Windows NT® 5.0 directory
`
`
`
`US 6,836,794 Bl
`
`5
`
`5
`service, known as the Active Directory 62, ordinarily main(cid:173)
`tained in a domain controller 64 (FIG. 2). More particularly,
`each group policy object 66 (FIG. 2) comprises a group
`policy container in the directory service and a group policy
`template in the "sysvol" of the domain controller 64, but for
`purposes of simplicity are generically referred to herein as a
`group policy object. In general, the Active Directory 62
`stores information about the objects of a domain, and makes
`this information easy for administrators to access, find and
`apply via a single, consistent and open set of interfaces. For
`example, with the Active Directory 62, administrators have
`a single point of administration for the objects on the
`network, which can be viewed in a hierarchical structure. A
`core unit in the Active Directory 62 is the domain, and the
`objects of a network exist within a domain. A single domain
`can span multiple physical locations or sites.
`Thus, the present invention is described herein with
`reference to the Microsoft® Windows NT® operating
`system, and in particular to the flexible hierarchical structure
`of sites, domains and/or organizational units of a Windows
`NT® Active Directory 62. Notwithstanding, there is no
`intention to limit the present invention to Windows NT®
`and/or the Active Directory architecture, but on the contrary,
`the present invention is intended to operate with and provide
`benefits with any operating system, architecture and/or
`mechanisms that utilize network information.
`Application Deployment: Assign And Publish
`In general, a primary aspect of application deployment
`involves initially making an application available to users.
`To initially deploy an application, an administrator can 30
`choose to either "assign" or "publish" the application. To
`this end, as shown in FIG. 2, one or more group policy
`objects (templates) 66 may be associated with policy
`recipients, and a subcontainer of each group policy object,
`deemed a class store, may include application deployment 35
`information. Note that although separately shown in FIG. 2
`for purposes of simplicity, a class store 68 is actually a
`subcontainer of the group policy container, as described in
`more detail in co-pending United States Patent Application
`entitled "Class Store Schema," assigned to the same 40
`assignee as the present invention, filed concurrently here(cid:173)
`with and hereby incorporated by reference herein in its
`entirety.
`In accordance with one aspect of the present invention,
`via this centrally maintained deployment information in the 45
`class store 68, policy recipients (e.g., users and
`workstations/machines) in a domain are assigned
`applications, or applications are published thereto. An appli(cid:173)
`cation typically is assigned to a group of users (or a group
`of machines) when it is deemed mandatory for that group to 50
`have that application, while published applications are those
`that are made optionally available to users who may benefit
`therefrom. For example, the same version of an electronic
`mail application program may be assigned to everyone in an
`organization, while a word processing program may be 55
`assigned to every group of users that needs some word
`processing capabilities. However, an application program
`for editing images may not be needed by everyone, and thus
`such a program may be published on a per-group basis so
`that those groups of users who may benefit from the program 60
`have it, while others who do not need it will not have it
`occupy resources of their workstations. Publishing is
`described in more detail below.
`In accordance with one aspect of the present invention,
`assigned applications have a number of attributes, including
`that they are advertised, i.e., they appear as available to a
`user at each logon (if assigned to a user) or at each re-boot
`
`6
`(if assigned to a machine). Note that advertised applications
`are not necessarily installed on the workstation, but rather
`may only appear to be installed. As described in more detail
`below, so as to make an application appear installed, adver-
`tisements for an application include shortcuts that appear on
`the Start Menu and/or placement of shortcuts/icons on the
`desktop, and a collection of registry entries required prima(cid:173)
`rily for OLE and shell activation. For example, to explicitly
`launch an application, users navigate the Start Menu looking
`10 for a shortcut representing the application, then click that
`shortcut. Thus, shortcuts placed on the Start Menu represent
`a blatant advertisement for an application. Users also implic(cid:173)
`itly launch applications by double-clicking a file (of a file
`system) having an extension associated with a particular
`15 application. Since associations between file extensions and
`applications are stored in the system registry 70 (FIG. 3),
`writing such associations to the registry 70 is another way in
`which the present invention may advertise applications.
`Other examples of how an application is advertised include
`20 writing class information (i.e., for OLE/COM activation),
`MIME associations, type library information, and shell
`verbs. Note that shortcuts and default entries in the registry
`70 may reference files that contain indexed icons that are
`normally application executables. However, when
`25 advertised, an application's executable may not be installed,
`which would otherwise