Group Policy offers the ability to assign software packages to specific computers, users or user groups. The software to be assigned must be in Microsoft's .MSI package format but other than that, it's easy to get the needed programs out to their respective users. What's harder, though, is auditing a domain to find out what's been deployed to whom and under what Group Policy Object (GPO).
The program does not need to be installed; it can run from any folder or even a USB flash drive. At this point, the program is very simple, but the author is planning future revisions with many advanced features and would appreciate feedback.
When run, the program first attempts to resolve the Active Directory domain of the machine it's currently running on. If you want to use a different domain, you'll need to supply its Lightweight Directory Access Protocol (LDAP) distinguished name (e.g., DC=newdomain,DC=tld) or a domain name system (DNS) name (e.g., newdomain.com). The program returns the following information about each installed package:
- Application Name: The name of the application as specified in the .MSI file's metadata.
- Found in GPO: Which GPO was used to deploy this program.
- Deployment State: Usually either User Published (the program was published successfully to the user) or Package Removed (the package has been marked for removal). Removed packages are marked in red.
- MSI Path: The network path to the .MSI installed for the package.
- MSI Product Code: The global unique identifier (GUID) for the .MSI in question. If two .MSIs have the same filename, they will still be seen as different products because of the GUID embedded in the MSI. This allows multiple revisions of the same product to be published side-by-side if needed.
Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!
This was first published in October 2005