AD GPO Lab – Software Deployment - Snowboundport37/champlain GitHub Wiki

AD Group Policy & Software Deployment

Objectives

  1. Setup GPO
  2. Deploy Application
  3. Prepare an OU, user, & workstation

1. Prepare Active Directory for Software Deployment

Create a "Test OU"

  1. Open Active Directory Users & Computers.
  2. Create a new Organizational Unit (OU) named Test OU.
    • Right-click your domain, select New > Organizational Unit, and name it Test OU.

Powershell Fun on AD01 via MGMT01

We’ll now use Powershell to create another OU, move objects into it, and remove the Test OU.
From MGMT01 (remotely managing AD01), an example set of commands could be:

# 1. Create a new OU
New-ADOrganizationalUnit -Name "Software Deploy" -Path "DC=yourdomain,DC=local"

# 2. Move WKS01 to the new OU
Move-ADObject -Identity "CN=WKS01,OU=YourComputersOU,DC=yourdomain,DC=local" `
  -TargetPath "OU=Software Deploy,DC=yourdomain,DC=local"

# 3. Move your regular named account to the new OU
Move-ADObject -Identity "CN=yourNamedAccount,OU=YourUsersOU,DC=yourdomain,DC=local" `
  -TargetPath "OU=Software Deploy,DC=yourdomain,DC=local"

# 4. Remove the Test OU
Remove-ADOrganizationalUnit -Identity "OU=Test OU,DC=yourdomain,DC=local" -Recursive
Note: Depending on how you created Test OU, you may need to ensure it’s empty or add -Recursive to remove it.

Deliverable 1: Provide a screenshot of the above Powershell commands & output (on AD01 via MGMT01) showing:

Creation of Software Deploy OU
Moving WKS01 and your regular named account into it
Deletion of the Test OU
(Extra Cyber Karma if you successfully craft it in an optional .ps1 script.)

2. Deploying Software via GPO
Create a Network Share
On MGMT01, download the current PuTTY x64-bit Windows Installer (.msi).
Create a new Share on MGMT01 named Software.
Place PuTTY’s .msi in this shared folder.
Tip: Ensure Domain Computers (or the appropriate security principals) have Read access to this share so GPO-based software deployment can access the .msi file.

Deliverable 2: Provide a screenshot from WKS01, logged in as your regular named account, confirming you can browse to \\MGMT01\Software and see PuTTY’s .msi.
Show your username, hostname, and the shared folder containing the .msi.

Create and Link a New GPO
Open Group Policy Management (install via Server Manager if needed).
Right-click the Software Deploy OU (the OU created earlier).
Select Create a GPO in this domain, and Link it here...
Name it Deploy SW.
Edit the New GPO to Deploy PuTTY
In Group Policy Management, right-click Deploy SW → Edit.
In Group Policy Management Editor, navigate to:
markdown
Copy
Edit
Computer Configuration
└── Policies
    └── Software Settings
        └── Software Installation
Right-click Software Installation → New > Package....
Browse to \\MGMT01\Software\Putty-0.80-installer.msi (using the UNC path).
Choose Assigned.
Confirm you see an Assigned Package entry for PuTTY.
Close the editor once finished. You should see something like:

PuTTY release 0.80 (64-bit) - Assigned

Forcing Group Policy Update & Verifying Install
On WKS01, open a Command Prompt or Powershell.
Run:
powershell
Copy
Edit
gpupdate /force
Restart WKS01 when prompted (software installation requires a reboot or logon/logoff event).
After WKS01 restarts, log on under your regular named account.
Verify PuTTY is installed (e.g., Start Menu or Control Panel > Programs and Features).
3. Event Viewer Validation
Deliverable 3: Two screenshots from WKS01 confirming PuTTY installed via the GPO:

GUI Event Viewer:

Open Event Viewer (eventvwr.msc).
Expand Windows Logs → System.
Locate the Information event from Application Management Group Policy indicating:
"The install of application PuTTY release 0.80 (64-bit) from policy Deploy SW succeeded."

Screenshot this event showing its details.
Powershell Event Log Search:

Open Powershell and run, for example:
powershell
Copy
Edit
Get-WinEvent -LogName System | 
  Where-Object {
    $_.ProviderName -eq "Application Management Group Policy" -and
    $_.LevelDisplayName -eq "Information"
  }
You should see the same message about PuTTY installation success.
Screenshot this Powershell output.
4. Tech Journal Link
Deliverable 4: Provide a link to your Tech Journal entry that covers:

Creating an OU via Powershell
Deleting an OU via Powershell (with any issues encountered)
Moving Items to a New OU (via Powershell or GUI)
Searching the Event Log using Powershell
Include relevant notes, pitfalls, or best practices encountered.