Adrian,
Software installed via GPO ( I can only speak to .msi files..... ) will
install when they are 'told' to install.
If you create a package that is assigned to the computer configuration side
then it will install at the next reboot of the computer account objects that
are affected by that particular GPO ( okay, granted that there are instances
where you might require two reboots...give the GPO enough time to properly
propagate and your DNS is correct then there should be no problems ). If
you create a package that is either published or assigned to the user
configuration side then it will install at the next log off / log on of the
user account objects that are affected by that particular GPO. By 'affected
by that particular GPO' I mean that either the computer account object or
the user account object is located inside an OU to which the GPO is linked
( naturally there are two other possibilities - Site and Domain, but most
people are linking GPOs to an OU so I will focus on this scenario. Please
correct me if I am focusing on an incorrect scenario ).
However, you might be thinking that there is a way around this. You are
thinking of secedit. This is a nice utility that can be quite useful. If
you were to enter - at a command prompt - secedit /refreshpolicy user_policy
( if the GPO is configured at the user configuration side of things ) or
secedit /refreshpolicy machine_policy ( if the GPO is configured at the
computer configuration side of things ) what happens? Oh, you can also use
the /enforce switch.
Well, nothing would happen ( in terms of this post nothing would happen! ).
You see, secedit is used for the background processing. There are several
areas of GPO that are not subject to this background processing. Deployment
of applications is one of them.
If you plan to use GPO to deploy software ( .msi ) and the users will never
log off / log on or the computers will never be rebooted then your plan will
not be a successful one! Sorry for the bad news.
HTH,
Cary
