How To Assign Software to a Specific Group By Using a Group Policy in the Windows Server 2003 Family (324750)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, 64-Bit Enterprise Edition
  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
This article was previously published under Q324750
For a Microsoft Windows 2000 version of this article, see 302430.

IN THIS TASK

SUMMARY

You (as an administrator) can use group policies to assign or publish software to users or computers in a domain, and it is useful to be able to deploy software based on group membership. Group Policy Objects (GPOs) are typically applied only to members of organizational units to which the GPO is linked. Because users cannot be located in several organization units at one time, you must be able to apply group policies outside the boundaries of organization units. This article describes how to apply your software deployment policy to users who are outside the boundaries of organization units.

back to the top

Assign a Program to a Group

  1. Create a folder to hold the Windows Installer package on a network server. Share the folder with appropriate permissions to allow the users and computers to read and run these files, and then copy the Windows Installer package files to this location.
  2. From a Windows Server 2003-based computer in the domain, log on as a domain administrator, and then start the Active Directory Users and Computers snap-in.
  3. From the Active Directory Users and Computers snap-in, right-click the container that you want to link the GPOs to, and then click Properties.
  4. Click the Group Policy tab, and then click New to create a new GPO for installing your Windows Installer package. Give the new GPO a descriptive name.
  5. Click the new GPO, and then click Edit.

    The Group Policy snap-in starts so that you can edit the GPO.
  6. Right-click the Software Settings folder either under Computer Configuration or User Configuration, point to New, and then click Package.

    Notes:
    • The Software Settings folder under Computer Configuration contains software settings that apply to all users who log on to the computer. This folder contains software installation settings, and it may contain other settings that are put there by independent software vendors.
    • The Software Settings folder under User Configuration contains software settings that apply to users regardless of which computer they log on to. This folder also contains software installation settings, and it may contain other settings that are put there by independent software vendors.
  7. In the Open dialog box, type the Universal Naming Convention (UNC) path to the Windows Installer file (.msi) for this package in the File name box, and then click Open.

    Note: You must use a UNC path (such as \\servername\sharename\path\filename.msi) if the Windows Installer file resides on the local hard disk. If you use a local path to indicate the location of the installation files, client computers will look for the same local path on their local hard disks. The client computer will not find the installation files by using a local path, and therefore the installation will be unsuccessful.
  8. In the Deploy Software dialog box, do one of the following:
    • Click Assigned to specify that the application is deployed as assigned and that default settings are used for deployment properties.

      -or-
    • Click Advanced to specify that you are manually editing the package properties instead of accepting the defaults. You can also choose between assign and publish for the deployment method.

      Note: When you are prompted to choose between Advanced or Assigned, click Assigned, unless you understand how to modify the advanced options.
  9. Click OK.

    The software package appears in the right pane of the Group Policy snap-in.
  10. Close the Group Policy snap-in, in the GPO Properties dialog box, click your GPO, and then click Properties.
  11. Click the Security tab.
  12. Click Authenticated Users in the Group or user names list, and then click Remove.
  13. Click Add, select the security group that you want this policy applied to, and then click OK to add the security group to the list.
  14. Select the security group, and then under Permissions for Users, click to select the READ and the Apply Group Policy check boxes in the Allow column.
  15. Click Apply, click OK in the GPO Properties dialog box, click Apply, and then click OK.
Changes to a GPO are not immediately imposed upon the target computers, but are applied in accordance with the currently valid group-policy refresh interval. You can use the Secedit.exe command-line tool to impose GPO settings on a target workstation immediately. See the Windows Server 2003 Help and Support Center for information about using the secedit command.

back to the top
Modification Type:MinorLast Reviewed:7/15/2004
Keywords:kbMgmtServices kbHOWTOmaster kbtool KB324750 kbAudITPro
©2004 Microsoft Corporation. All rights reserved.