Overall GPO Structure
A
new structure within a GPO highlights the areas that can be configured.
Within the two main sections of a GPO, Computer Configuration and User
Configuration , you will see two new nodes: Policies and Preferences. This structure is shown in Figure 1.
The
settings included under the Policies node are designed to be enforced.
This means that when a setting is made under this node, the user will
not be able to modify that setting through the user interface. Instead,
the interface will deny access to that user, or the option will be
dimmed.
The settings included under the
Preferences node are designed to be less rigid than the settings under
the Policies node. These settings will modify the setting that exists
on the computer, but they will not prohibit the user from changing the
setting in the interface.
1. Software Settings
The
Software Settings node is where you can configure the deployment of
software to both computer and user accounts. There are slight
differences between deploying software to computers
and users, but they are minimal. Here are some things you should be
aware of when deploying software using Group Policy (Figure 2 illustrates the interface for the Software Settings):
You
should ensure that the installation package is located in a shared
folder that can be referenced using a Universal Naming Convention (UNC)
path, such as \\Server1\Apps\app1.msi.
You
should ensure that the permissions to the shared folder where the
installation package resides are sufficient to access the software to
be installed.
You should ensure that the permissions to the installation package are sufficient to install the software.
Software
can be assigned to both computer and user accounts. Assignment will
place an icon for the application on the Start menu, as if the
application is installed.
Software can
be published to user accounts. Publishing software will add the
application to the Add/Remove Programs list. Users must install the
application from the Add/Remove Programs applet in Control Panel
manually.
Generally, installation packages that have an .msi extension will be deployed using Group Policy.
Applications
that have only an .exe installation can be used in conjunction with a
.zap package for deployment using Group Policy.
Software deployed using Group Policy can be updated using .msp packages, which can also deploy bug fixes and service packs.
Specific software applications can be installed from a suite of applications by using an .mst (transform) package.
Software
deployed using Group Policy can also remove the application if the
computer or user falls out of the scope of management (SOM).
