• Illustration: Office Customization Tool
• Illustration: Installation Point and Setup Process

The Office installation utility, Setup, has undergone major changes that will streamline Office 2007 deployment and maintenance. Automated deployment of Office 2007 should prove more reliable than in prior versions, particularly in organizations deploying multiple language editions. However, administrators will have to learn new customization and deployment procedures, and the product exposes some weaknesses in Windows software deployment technologies.

Setup Central to Deployment and Maintenance

Office Setup is central to the process of deploying Office to desktops and keeping it up to date. Automated deployment of Office can be broken into three sets of tasks:

Customization. Administrators decide which Office applications and features they will install for specific user groups. They then identify templates and other organization-specific resources for Office users. Finally, they create installation points, custom installations of Office with the applications, features, and resources needed by specific user groups.

Deployment. Setup installs Office on user desktops from installation points by one of several methods. New computers frequently get Office by imaging: Setup installs Office on a model Windows computer from an installation point. The model computer then supplies a standard disk image, including both the OS and Office, that is copied onto new computers. For computers already in the field and for reinstalls, Setup runs on the target computer and installs Office from a network-accessible installation point. For example, a software deployment product such as Systems Management Server (SMS) can push files from a network installation point to a target computer and trigger Setup from the pushed files. Alternatively, the Windows Group Policy software deployment engine or a script can trigger Setup on a target computer, which then pulls files directly from a network installation point.

Maintenance. Administrators must periodically patch existing Office installations to protect against security vulnerabilities, and they must deploy service packs to fix bugs and add new features. Typically, SMS or a similar tool pushes updates out to existing computers and then runs Setup on those computers. In addition, administrators have to make sure that new Office installations get the latest patches and service packs. When using imaging, this typically entails using Setup to update Office on model computers and then capturing new images from the model computers. Administrators also use Setup to update installation points so that new installations from the installation points get the updates.

With Office 2007, Microsoft has completely reworked Setup to simplify customization of installation points, better support organizations that use multiple languages, and make maintenance more reliable. In the process, the company has also eliminated some specific options for deploying the product. The changes could complicate deployment in some organizations, but they could also simplify support for Microsoft and for systems integrators who deploy and manage computers.

Simpler Customization

In volume license editions of Office 2007, Setup now includes an Office Customization Tool to prepare custom Office configurations. (For a view of the tool's interface, see the illustration "Office Customization Tool".) The Office Customization Tool replaces multiple tools and mechanisms in previous versions of the suite.

Organizations typically customize Office to add organization-specific resources such as templates, dictionaries, or links to network file locations. Office customization also is used to set defaults (e.g., the default format for saved files), which can then be protected from subsequent user changes by Windows Group Policy. Some organizations also customize Office to remove applications or features, which reduces the "attack surface" for security purposes and trims installation size to speed reinstallation.

Combining multiple Office customization tools into one should help administrators customize Office more quickly and reliably than in past versions. However, the Office Customization Tool still does not support all Office customization. For example, the tool does not enable the selection of languages to deploy. To change options not supported by the tool, administrators must edit an XML file (config.xml) that is conceptually similar to the INI files used in earlier versions of Office, but which employs a completely different format.

As before, Office customization can set only the initial state of Office installations—it cannot prevent users from making changes. The Windows Group Policy mechanism enables administrators to lock down Office settings. The Group Policy administrative templates required for this task have been updated for Office 2007.

More Reliable Deployment, New Methods

Office 2007 Setup is technically very different from previous versions, using a different organization for installation points and following a different process at installation.(See the illustration "Installation Point and Setup Process".) The new technology could make deployment more reliable, particularly when organizations employ multiple languages. However, it also will entail changes to deployment methods in some organizations.

Multilingual Deployment Reworked

Office 2007 installation has been reorganized to work more reliably in multilingual organizations—organizations whose workers employ multiple languages in the Office user interface (UI) as well as in documents and e-mail.

Specifically, each Office 2007 edition has a single language-neutral installation package and a separate set of language-specific packages with menus, help, spelling checkers, and other language-specific resources. Administrators can create installation points or OS images with combinations of languages for particular locations. For example, an organization's Tokyo office might install Japanese, Korean, Simplified Chinese, and Traditional Chinese language resources. Target computers then support any of the four languages, and users and administrators could change among those languages as needed.

The new multilingual architecture replaces two options that were introduced in Office 2000.

Multilingual user interface (MUI) packs. With previous versions of Office, organizations could deploy the English edition of Office along with an MUI pack that supported additional languages. MUI packs enabled a single target computer to support multiple languages and enabled multiple language versions to be deployed from a single installation point or OS image. Unfortunately, MUI packs didn't cover all Office features, so users still got English UIs for some features. Similarly, language switching on a target computer was not complete; for example, a user changing from French to German might find some UI features still in French.

Localized Office versions. With previous versions of Office, organizations could deploy Office versions localized to a specific language rather than deploying the English version and an MUI pack. A localized Office version supported only a single UI language, but it could be deployed with proofing tools for several languages—for example, the French-localized Office 2003 supports a French UI, with proofing tools for Arabic, Dutch, English, German, and Spanish. Localizations of Office generally offered better UI coverage than MUI packs—users were unlikely to encounter English strings in the UI. However, localized versions didn't support multiple Office UI languages on a single computer, so a user could not switch Office menus from French to German, for example. More important, an organization had to create a separate OS image or installation point for each localization of Office, which complicated maintenance.

Microsoft says that the new Office 2007 multilanguage architecture supports the best features of both MUI packs and localizations: Computers can support multiple languages reliably, and (more important) organizations can deploy multiple languages from a single installation point or OS image. The company also says that it has improved its development and testing processes for language-specific resources so that Office 2007 language packs will be more complete than the MUI packs of previous versions.

Office 2007 still ships in localized versions and will still have an MUI pack (now called the Multi-Language Pack). However, this is a packaging and licensing distinction, not a technical one: Office 2007 localized versions are simply the language-neutral Office with preinstalled language resources for a specific set of languages. The Multi-Language Pack is simply a vehicle for buying additional language resources that were not included in the version an organization initially purchased.

Local Installation Source Required

To install Office 2007, Setup requires a compressed, read-only copy of the entire suite on the disk of every target computer. Called the Local Installation Source (LIS), this compressed copy will make Office updating more reliable. However, it consumes additional disk space and bandwidth, which could require some changes to the deployment process.

Setup uses the LIS for initial installation, to repair a damaged installation, and for patching (which requires access to the original version of a patched file). In Office 2003, Setup created an LIS by default, but it did not require one; it could install or repair systems using a network installation source or a CD-ROM. In practice, this often produced annoying messages prompting users for a CD-ROM or a path to an installation source when Office was patched or repaired. By requiring an LIS, Office 2007 should eliminate these messages.

However, the LIS requires roughly 200MB of permanent space on every target computer, on top of the space required for Office's installed files. It can also require up to 2GB free disk space on the target computer for decompression, although this space will be freed after installation.

Furthermore, the LIS must be transferred to every target computer. This could be a problem for computers with slow network connections and for computers that aren't always connected. It could particularly complicate coordinated upgrades of entire organizations, since all computers in the target organization will be competing for bandwidth to download the LIS.

To mitigate this problem, administrators can deploy the LIS, customization files, and any other files required for installation via an OS image, CD-ROM, or controlled file transfers using a tool like SMS. Office Setup can then complete installation from the LIS and the precached files on a computer without further network connections.

Not a Standard Installer Package

Office 2007 Setup uses the Windows Installer technology and package format, and it exploits the Windows Installer for features such as "transactional install" (which enables complete rollback of the effects of a failed install). However, it does not use the standard Windows Installer command-line utility (msiexec.exe), it does not support the standard Windows Installer command-line options, and it mixes Windows Installer and Office-specific messages in its installation logs. In addition, Office Setup no longer employs the standard Windows Installer tranform (.mst) files for customization.

As a result, customization and deployment tools (such as SMS) will not be able to treat Office 2007 as a generic Windows Installer package, and deployment scripts that expect standard Windows Installer behavior will not work with Office 2007. This will create some additional work for administrators and tool vendors to prepare Office 2007 for deployment.

Microsoft has done some of the additional work in the Business Desktop Deployment (BDD) Accelerator, which delivers tools and documentation for Windows, Office, and desktop application deployment. The BDD includes a graphical "workbench" that enables administrators to define computer configurations, including Office 2007 configurations, and (among other things) enables administrators to create a single Office 2007 installation point that supports multiple applications, languages, and settings configurations.

Group Policy Deployment Limited

Administrators can use Group Policy to lock down Office 2007 settings, just as in previous versions of Office. However, Office 2007 provides less support for deployment with Group Policy than earlier versions of Office did. This could complicate deployment for some organizations.

As before, administrators can deploy Office through Group Policy by specifying which computers should receive the application. The Group Policy engine on the target computer then triggers installation from a network installation point. Group Policy thus provides a way to install Office on existing computers, or to reinstall Office, provided that the target computers are connected to network installation points.

Office 2007 supports Group Policy deployment, but with many limitations. For example, administrators can assign Office 2007 only to specific computers, not users. Group Policy deployment supports only very limited customization (e.g., preventing installation of an entire application, such as Access) and applies settings only in the Office 2007 config.xml file.

Consequently, organizations that have been using Group Policy for Office deployment, not just settings lockdown, will want SMS or a similar tool to do installations on systems in the field: Group Policy and network installation points alone will probably no longer be adequate.

Slipstreaming Maintenance

Office 2007 Setup will automatically install security patches, service packs, and other Office updates placed in a designated Updates folder of an installation point. This feature could simplify maintenance: administrators can bring an installation point up-to-date by copying new updates into the relevant folder, without doing an additional install on the installation point. Subsequent installations from the installation point will automatically get the latest updates during installation (a feature commonly called "slipstreaming" updates).

However, organizations that deploy Office 2007 in OS images will not benefit from slipstreaming—they must rebuild those images for Office updates, just as they do with previous Office versions. Specifically, Office 2007 updates cannot be applied directly to OS images in the new Windows Imaging (WIM) format. This feature requires the Windows Installer 4.0, which is available only on Vista. Instead, administrators still must install Office updates on a model PC, and then build new images from that PC.

In the past, Office updates were infrequent. However, Office security updates have become almost monthly events. Thus, some organizations that have previously rolled out Office in OS images might want to reconsider. An alternative recommended by Microsoft is to roll out the Office LIS in images, but then use SMS or a similar tool to actually install the product over the network.

Improved but Not Standardized

Overall, Office 2007 delivers the biggest improvements for Office customization, deployment, and maintenance since Office 2000. These improvements eliminate or reduce support for some methods of Office deployment—for example, an LIS is now required rather than optional, and Group Policy deployment options have been eliminated. However, the alternatives that are supported will probably prove simpler and more reliable than in the past.

The new Setup will also force some administrator retraining and will require development of new scripts and packages for Office deployment. However, at least one early Office 2007 adopter, Unisys, says that the additional work is small compared to other Office 2007 migration tasks, such as testing macros for compatibility, preparing for the new file formats, training users for the new UI, and compensating for features that are no longer supported in Office 2007.

Office 2007 Setup also shows the Office development team moving beyond the Windows Installer and Group Policy software deployment technologies, which were once hailed as harbingers of "zero administration Windows." In particular, the Office group has not adopted technologies from more recent versions of the Windows Installer, such as support for patching Vista images or for maintaining an LIS. This has implications for both customers and partners.

For customers, Office 2007 is a step away from standardized software installation. Microsoft had planned to move to two installers—one for Windows and one for applications such as Office—to simplify security threat assessment and patching for customers. While Office 2007 Setup uses the Windows Installer APIs and capabilities, the product cannot be treated as a standard Windows Installer package. Consequently, Office will remain a special case for software installation and patching, stalling the process of standardization and possibly inspiring other Microsoft teams to go their own way.

For software vendors, Office 2007 Setup should raise questions about the capabilities and future of the Windows Installer and Group Policy. The Office group has had to develop a parallel infrastructure to the Windows Installer for tasks such as handling multilingual installations and managing a local installation source. The group has also reduced, rather than increased, its support for Group Policy software deployment. Commercial software vendors who want Setup capabilities on par with Office will probably want to follow the Office group's lead.

Resources

Tools and documentation for Office 2007 migration are compiled in the Office Resource Kit at technet2.microsoft.com/Office/en-us/library/9df1c7d2-30a9-47bb-a3b2-5166b394fbf51033.mspx.

Large-scale Windows Vista and Office 2007 deployment processes and tools are provided by the Business Desktop Deployment (BDD) Accelerator at www.microsoft.com/technet/desktopdeployment/bddoverview.mspx.

Windows imaging technologies are outlined in the Dec. 2006 Research Report, "Windows Vista: Benefits for Businesses."

The Windows Installer 3.0 is explained in "New Installer Supports Security Push" on page 9 of the Oct. 2004 Update.

Microsoft's plan to standardize installation technologies was highlighted in the Mar. 2004 Research Report, "Trustworthy Computing: Making Software More Secure."

Unisys offers planning and deployment services for Office 2007 as well as Windows Vista, Exchange 2007, and other new Microsoft products—see www.unisys.com/services.

Getronics planning, deployment and other services for the Microsoft platform are outlined at www.getronics.com/global/en-gb/getronics/partners/microsoft/solutions.htm.