System TipThis article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows 7 Solution Center
This article was previously published under Q302430
For a Microsoft Windows Server 2003 version of this article, see
324750
(http://support.microsoft.com/kb/324750/ )
How to assign software to a specific group by using Group Policy in Windows Server 2003 Notice
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center
(http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fwin2000)
is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy
(http://support.microsoft.com/lifecycle/)
.
On This Page
SUMMARY
You can use Group Policy to assign or to publish software to users or computers in a domain. Additionally, it is useful to be able to deploy software based on group membership. A Group Policy object (GPO) is usually applied only to members of an organizational unit (OU) to which the GPO is linked. Because a user cannot be located in several OUs at the same time, you must be able to apply Group Policy settings outside the boundaries of OUs. This article describes how to have your software deployment policy applied to users who are not in an OU.
Assign a program to a group
- Create a folder to hold the MSI package on a server. Share the folder by applying permissions that let users and computers read and run these files. Then, copy the MSI package files into this location.
- From a Windows 2000-based computer in the domain, log on as a domain administrator, and then start Active Directory Users and Computers.
Note You can apply Group Policy settings to domains, sites, and OUs. - In Active Directory Users and Computers, right-click the container to which you want to link the GPO, click Properties, and then click the Group Policy tab.
- Create a new GPO for installing your MSI package, and then give the new GPO a descriptive name.
- While the new GPO is selected, click Edit. This starts the Group Policy Object Editor.
- Open and then right-click Software installation in the GPO, and then click New Package.
- You are prompted for the path of the Windows Installer file (.msi) for this package. View the network location that contains the Windows Installer file, click the file, and then click Open.
Warning If the Windows Installer file resides on the local hard disk, do not use a local path. Instead, use the UNC path of the local computer to indicate the location of the installation files. A UNC path takes the form \\servername\sharename\path\filename.msi. - When you are prompted to choose between Assigned and Advanced Published or Assigned, click Assigned unless you have to modify the advanced options. You should now see the software package in the details pane of the Group Policy Object Editor.
- In Active Directory Users and Computers, click the container to which you linked your GPO. Right-click that container, click Properties, and then click the Group Policy tab.
- Click your GPO, and then click Properties.
- Click the Security tab, and then remove Authenticated Users from the list.
- Click Add, and then select the security group which you plan to have this policy applied to add it to the list.
- Select your security group, and then give them Read and "Apply Group Policy" permissions.
227302
(http://support.microsoft.com/kb/227302/ )
Using SECEDIT to force a Group Policy refresh immediately 
No comments:
Post a Comment