Hey all,

I recently got an IT job and have finished taking inventory on all the software used on our LAN. Since a lot of it gets updated quarterly I'd like to deploy what I can through active directory to make updates less time consuming. I was taught to make a new GPO for each piece of software being deployed no matter how small...and we have a lot of software. I created and tested most of the packages individually in a test environment and they all work, but there are 29 of them.

Some workstations are going to be processing close to 40 GPOs on startup if I go ahead and enable all of these objects. I have been disabling what I can in the GPOs but that's still seems like a ton of policies to me. Is this OK? Suggestions?

Thanks in advance,
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


ORIGINAL: ComfortablySad

... I was taught to make a new GPO for each piece of software being deployed no matter how small...

That's exterme, if you ask me. We have 150+ pieces of software distributed through the same policy, all targeting appropriate computer groups. You can configure ACLs on individual packages inside a GPO (I believe you need to enable Advanced Settings inside mmc to get Security tab, though not positive if it's even necessary). I'd kill myself if I had to sift through 150 different GPOs...
There was a discussion 6+ months back on this forum in regards of the deployment strategies. If you lucky, you may find it - I wasn't able to (search is not very flexible here). But the general consensus was to combine multiple packages into the same policy.
Answered 03/10/2006 by: revizor
Third Degree Blue Belt

Please log in to comment