I'm thinking about having one sofware policy at the top of our computers OU and then having a security group for each application this way only members of the group receive the application. Who here manages their apps this way and do you find it to be a pain when you have an app that's installed everywhere so you have to add 400 + PC's to the group?
Chrrently we use a combination of security groups and applying software at the OU level but it's becoming a bit of a pain.
Cheers.
We do something like this but wouldn't use a security group for something that's wanted everywhere (it's hard work, as you say!)
Basically, the top level software goes on everything (Office, Sophos, Adobe Reader etc) and then things like student record package go on the PCs that need it. Was a faff to set up at first (lots of PCs needed it!) but it was scripted. Now it's easy - if a new PC comes in that needs the software it goes in the group at that point while the account is being put into AD.
Thanks for the reply Steve.
When you make a change to a package at the top level e.g. Office do you have the issue of all stations reapplying the packages at the same time?
This is why i applied at OU level originally just in case i wanted to make changes to one room.
Anyone have an answer to this? The problem i find is that if i add the application using a GPO that's quite high up the AD structure if i make a change to the GPO all of the clients reinstall the app which is a pain. Is there a way to avoid this?
Cheers.
Yes, there's a setting for that. Make sure "Uninstall this application when it falls out of the scope of management" is disabled. That way, nothing will ever be uninstalled, unless your upgrading a package.
If in unset that option and then remove the app from the list will it still be uninstalled?
Is that how you organise your software deployment Geoff?
no, that's the point. The software never gets uninstalled. Unless you manually do it.If in unset that option and then remove the app from the list will it still be uninstalled?
Yes, plus regular reimaging with ghost (gets round the uninstall issue, and generally a good idea).Is that how you organise your software deployment Geoff?
That's what i thought which can be an issue when i need to remove software and install a new version, we don't reimage our machines all that often here especially office PC's.The software never gets uninstalled. Unless you manually do it
Cheers.
Ours is done on an OU basis...
Only Securus and the always annoying searchstar controls are applied at domain level.
Then it goes and has common software (office, flash etc) is applied on OU1, department software (Dartfish Classroom) OU2 and Room software OU3 (if that room also has an office, then OU4)
There are also a few installs which are done as group memberships, IP Softphone is, Adobe Reader 8 is (as well as being global - kept removing itself) and that's about it really.
I worked hard over the course of about a year to structure AD in a friendly way that things like this are just a click in, click off.
I just wish Group Policy could push out MSP's*shakes fist at Adobe*
Other than updating MSI's during half-terms etc, can you not apply a revised policy which upgrades another policy and then slowly promote & apply it to child OU's?
Just a thought since I seem able to move a computer account between two OU's where software is different and it will only apply the changes, it won't uninstall office etc and then reinstall it, because the same policy is applied in both locations...
Our OU's are organised roughly by department or room so we tend to have a GPO for each of these OU's and i've started using security filtering to target applications to groups of PC's within an OU. As some rooms are more heavily used by certain departments they tend to have their software on so if i use a policy over more than one room the rooms end up with unnecessary software on.
I think i've found a pretty happy medium i was just wondering how others did it.
I'm having an issue with an msp at the mo grrrr if only AD could deploy them.
Cheers.
Goto the GPO > Software > *Rightclick* > Remove SoftwareOriginally Posted by cookie_monster
:-)
I'm sure Geoff said if you deselect "Uninstall this application when it falls out of the scope of management" then it doesn't uninstall even if you remove it from the deployment list.
No you go into the GPO and manually tell it to uninstall. Geoff is right in that if you just delete the GPO it wont uninstall teh software. You can also tell the software to uninstall just before it it replaced by an upgraded version.
Have a browse about in the settings, its all there and pretty obvious what everything does really.
I'm familiar with the settings i must of misunderstood what Geoff was trying to say and i haven't been near a server to check.
Cheers.
I also do something like this.
I have a managed software computers group (of which all desktops are a member), which have apply GPO right over the software installation GPO. Where I need to limit the number of installations (usually for license reasons, such as ABTutor, CorelDraw, Sibelius), I create a new license group and only permit that license group to read the particular software package.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote