Hey all,

I recently got an IT job and have finished taking inventory on all the software used on our LAN. Since a lot of it gets updated quarterly I'd like to deploy what I can through active directory to make updates less time consuming. I was taught to make a new GPO for each piece of software being deployed no matter how small...and we have a lot of software. I created and tested most of the packages individually in a test environment and they all work, but there are 29 of them.

Some workstations are going to be processing close to 40 GPOs on startup if I go ahead and enable all of these objects. I have been disabling what I can in the GPOs but that's still seems like a ton of policies to me. Is this OK? Suggestions?

Thanks in advance,
0 Comments   [ + ] Show Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.


ORIGINAL: ComfortablySad

... I was taught to make a new GPO for each piece of software being deployed no matter how small...

That's exterme, if you ask me. We have 150+ pieces of software distributed through the same policy, all targeting appropriate computer groups. You can configure ACLs on individual packages inside a GPO (I believe you need to enable Advanced Settings inside mmc to get Security tab, though not positive if it's even necessary). I'd kill myself if I had to sift through 150 different GPOs...
There was a discussion 6+ months back on this forum in regards of the deployment strategies. If you lucky, you may find it - I wasn't able to (search is not very flexible here). But the general consensus was to combine multiple packages into the same policy.
Answered 03/10/2006 by: revizor
Third Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity