How to assign software to a specific group by using Group Policy
This article was previously published under Q302430
For a Microsoft Windows Server 2003 version of this article, see
324750 How to assign software to a specific group by using Group Policy in Windows Server 2003
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.
This article has been archived. It is offered "as is" and will no longer be updated.
You can use Group Policy to assign or to publish software to users or computers in a domain. Additionally, it is useful to be able to deploy software based on group membership. A Group Policy object (GPO) is usually applied only to members of an organizational unit (OU) to which the GPO is linked. Because a user cannot be located in several OUs at the same time, you must be able to apply Group Policy settings outside the boundaries of OUs. This article describes how to have your software deployment policy applied to users who are not in an OU.
Assign a program to a group
- Create a folder to hold the MSI package on a server. Share the folder by applying permissions that let users and computers read and run these files. Then, copy the MSI package files into this location.
- From a Windows 2000-based computer in the domain, log on as a domain administrator, and then start Active Directory Users and Computers.
Note You can apply Group Policy settings to domains, sites, and OUs.
- In Active Directory Users and Computers, right-click the container to which you want to link the GPO, click Properties, and then click the Group Policy tab.
- Create a new GPO for installing your MSI package, and then give the new GPO a descriptive name.
- While the new GPO is selected, click Edit. This starts the Group Policy Object Editor.
- Open and then right-click Software installation in the GPO, and then click New Package.
- You are prompted for the path of the Windows Installer file (.msi) for this package. View the network location that contains the Windows Installer file, click the file, and then click Open.
Warning If the Windows Installer file resides on the local hard disk, do not use a local path. Instead, use the UNC path of the local computer to indicate the location of the installation files. A UNC path takes the form \\servername\sharename\path\filename.msi.
- When you are prompted to choose between Assigned and Advanced Published or Assigned, click Assigned unless you have to modify the advanced options. You should now see the software package in the details pane of the Group Policy Object Editor.
- In Active Directory Users and Computers, click the container to which you linked your GPO. Right-click that container, click Properties, and then click the Group Policy tab.
- Click your GPO, and then click Properties.
- Click the Security tab, and then remove Authenticated Users from the list.
- Click Add, and then select the security group which you plan to have this policy applied to add it to the list.
- Select your security group, and then give them Read and "Apply Group Policy" permissions.
227302 Using SECEDIT to force a Group Policy refresh immediately
For more information about how to deploy programs by using Group Policy, click the following article numbers to view the articles in the Microsoft Knowledge Base:
224330 Assigning a Windows Installer Package with minimal interaction
257718 How to create a third-party Microsoft Installer package (MSI)
278472 Packages assigned to computers with Group Policy are not installed
269732 How to obtain the Windows Installer Package (Update.msi) for Windows 2000 service packs
278503 Best practices for using Update.msi to deploy service packs
Article ID: 302430 - Last Review: 12/06/2015 03:31:54 - Revision: 4.5
Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Server
- kbnosurvey kbarchive kbproductlink kbhowtomaster KB302430