Installing and Patching Software

Software is the big payoff. It’s the reason we all use a computer to begin with, but it can also be a huge source of frustration and wasted time. To minimize your trouble, consider how you’ll address software testing, deployment, asset management and patch management.

Why Concern Yourself with Software Installation?

  • The need to be efficient and save time. As with any major, recurring activity, you’re investing a lot of time in software installation, and anything you can do to make it more effective and efficient is worth thinking about.
  • The need for easier maintenance. When you automate this process, your software has the same settings on every computer and it’s installed to the same directory. This type of consistency will make it much easier to troubleshoot problems later on.

Key Actions

  • Consider a phased rollout of new software or major software upgrades.
  • Use an asset management program to keep track of where you have software installed and related information concerning license agreements and activation keys.

Software Testing and Phased Rollouts

Ideally we’d hire someone to spend weeks testing every new application we install in our organizations, but realistically, we often have to rely on the manufacturer for due diligence and hope for the best. And no matter how much testing you’ve done, your patrons and staff will still find some glitches that you and the vendor didn’t catch. To mitigate the effects of these problems, you can roll out your new software slowly. Install it on a few targeted computers and let those end users know that they’re your guinea pigs. Or install it for an entire department. If any problems arise, you’ll hear about it from a few individuals rather than your entire organization.

Systems Management Software

Walking from machine to machine with an install CD is “so 1998.” As with many other routine activities, software installation can be largely automated these days. Systems management software is a type of software that bundles together several different utilities that can make an administrator’s life easier. For example, it lets you specify standard, scripted answers to all of the questions that normally come up during the setup wizard. You generally roll up these preferences into an installer file (aka a software package) and then deploy it to all of your computers. This is sometimes called an unattended installation because once you start the process, it finishes on its own without your intervention. With most systems management software, you don’t even have to visit the computers you’re trying to install to. After you’ve created the installer package, the systems management software will push it out to the computers you specify and start the process automatically. Alternatively, you can let end users initiate the install process. This way, staff who don’t need the software won’t waste a valuable license. Systems management software also handles a wide variety of other administrative tasks, such as patch management, asset management and network monitoring. If you’re interested in learning more, check out the Further Resources section and/or take a look at the Wikipedia article on the topic and the accompanying list of software.

Advantages of Systems Management Software

  • You (or your IT department) tweak the software settings once rather than typing them in at every machine.
  • You answer the questions in the installation wizard once.
  • The software you’ve deployed is the same on all the machines in your organization. If you install the software on each machine individually, you often end up with differences in each installation, which can make the software harder to support.
  • You can decide which machines receive the new software, based on who the end user is, or based on how much power and disk space the computer has.
  • You can specify what time of day the installation occurs.

Other Software Installation Tools

Software installers (often used with Windows systems) and package managers (often used with Linux/Unix systems) can also help you with software rollouts, but they’re not as powerful as a systems management suite. They allow you to pre­-configure your software and create a standard installation, but you usually can’t push the package out so that it runs automatically on all your machines. Instead, you have to carry the installation files around on a CD or download them from a network location. InstallShield and Wise Package Studio are two programs of this type.

Software Asset Management

Whatever system you have in place for tracking software licenses, you need to activate it when you install new software. As soon as possible, record the number of licenses you’ve purchased, the number of copies you’ve installed and the location of the installed copies. Also, be sure to keep track of your installation CDs, passwords and license keys.

Patch Management

In between major releases of a program, software vendors release dozens of small patches to fix problems and close security loopholes. Some applications can be set to automatically download and install these patches, but IT departments often reject this approach due to concerns about compatibility. Before they allow a new piece of code into the organization, IT wants to make sure that it won’t corrupt the operating system or cause critical software to malfunction. Also, depending on how the computers are set up, end users may be able to turn off these automatic updates. Patch management software is a more centralized, reliable solution. Again, some programs are designed specifically for patch management, but, in many cases, patch management software will come as part of a systems management software suite.

If you’re interested in learning more, go to our Further Resources section. Check out How to Handle Patch Management and the patch management articles on Microsoft’s Web site. Also, WindowsSecurity.com has reviewed some of the better­-known patch management tools.

Stories from the Field

Once you create the auto-install package, you can push it out to multiple computers at a time, so you could do a whole library in one sweep, and supposedly, the thing can also be scheduled to run, say, in the middle of the night when the computers are thawed anyway. Although I’ve had limited success for whatever reason. Sometimes it runs, and sometimes it doesn’t. I just haven’t had a lot of time to play with it, but if I ever get it down, I could actually set the thing to do an upgrade in the middle of the night, and you come in the next morning, and they’re upgraded and ready to go.

Rick Moody
Birmingham Public Library, AL

Our patches are done centrally, and we use Microsoft’s patch management software…The Windows updates and the antivirus updates are automatically updated through a server on that network that is updated via the Web, and then all of the public terminals are updated via that server.

Jim Buston
City of Auburn, AL

Novell ZENworks is an application initially designed for desktop management. And they’ve added to it over the years, and now it has many different aspects to it. So, for instance, if you were to come and sit down at one of my computers right now, after you get through our PC reservation system and you get logged onto the computer, you will see an empty desktop. There are no icons on the desktop. The Start menu has nothing on it but Log Off. And the only thing that will open on the machine is a window. And that window is from Novell’s ZENworks — it’s called Application Monitor. And so I, as an administrator, create basically an icon. I’ll create an icon for Internet Explorer, for instance. And I will tell the network that anybody logged into either this computer or anybody logged into the network as this user gets this icon. And they can’t have anything else but this icon. So, like, right now, you’d sit down at my computer, you’d see a window, and in that window would be the icons that I say they can have. So there’s Word, Excel, PowerPoint, Publisher, Internet Explorer. In some cases, [there are] games, and I create those icons. I tell the Application Monitor window which icons to display. And I can say stuff like, if the executable for Word doesn’t exist, don’t show the icon, because otherwise, people would be clicking on it and getting an error message.

Also, I can do things like application updating. So if they release a new version of Adobe Acrobat Reader, I can create a package on my desk and say this is the update to the Acrobat Reader. Now go ahead and do that to all 500 of my computers. I don’t have 500 computers, but if I did it would go and install itself on all those machines. Or update it on all those machines. Or I could actually uninstall applications remotely, too.

It also does imaging on the PCs, so I can build a workstation, put all the applications on it and then make a copy of it on a remote disk. I just plug it in and say, ‘Now push this image down, push this image down,’ so that I can clone machines really fast. And they’re all identical, which is nice. It also does remote management so that I can connect PCs remotely. It also does policy management. And that’s what I use for our public workstations. I can create a policy package [that] is basically a bunch of registry entries. And I can tell the system, ‘Okay, anybody on this computer gets this policy.’ And then I can change the policy up here from my desk, and every PC who logs in that uses that policy gets those changes. It also does application and hardware inventory so that I can do a quick glance and find out how many Dell GX520s I’ve got, how much RAM is in them [and] what applications are on them. I can do license metering, so I can see, oh, I only purchased 20 licenses of Microsoft Word, but I’m using 22, so I’m out of compliance. You know? And it does a lot more than that, but that’s the beginning.

Matt Beckstrom
Lewis & Clark Public Library, UT

Further Resources

Adding new software or upgrading software on computers that you’ve already deployed is a process with its own set of variables. We’ve included additional resources on the topic of software patching and installation that you might find useful.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.