Systems Management

Machine targeted policies will apply the next time an update is forced, which is usually not until the machine is restarted. User targeted policies are similar, but only apply the next time a user to whom the policy applies logs in.

User targeted deployments seem convenient, but you really need to understand the implications of installing applications to a user profile before throwing a bunch of apps out like that.

Also for per-user installations, don't forget the licensing implications if your users move around between desks/sites. As my current client's Compliance people have discovered, it's easy to end up with apps installed on machines for which there are an insufficient number of licenses.

This.

Then you get to find out that--once you have hundreds of additional installations of an application that you don't have enough licenses for--it's a nightmare to eradicate user-based installations.

I am just building a script to remove the Group Policy information for a package which will then allow an administrator to remove it. Thing is, when it's done, in which forum should I post it, 'Scripting' or 'Group Policy'? LOL

You have a script to enumerate and access user registry hives?

Do share!

No, not yet but I have executed proof-of-concept runs where deleting enough of the registry fools GP into thinking that it had no hand in the installation, meaning that an admin can uninstall it AND such that any entry-points which get left behind don't trigger a repair. Once it's done, I will certainly share. Part of the delay is a debate about whther to rename the parent keys, rather than deleting them, with a further run to delete the renamed ones after period 'x'. And I thought *I* was paranoid...