Ensuring Every User Has Exactly the Right Software When They Need It

Ensuring Every User Has Exactly the Right Software When They Need It
When it comes to DIY projects, it’s all about having the right tools to get the job done. The same applies to corporate computer users. Ensuring end users have the right software to do their job is critical. Unlike a traditional toolbox though, you don’t want to have extra software tools lying around on your user desktops. We’re talking about productivity drainers such as Candy Crush or Facebook. That means it’s about more than just having the right tools. It’s about having only the tools they need to do the job. Mastering this endeavor certainly requires super admin powers. Fortunately, PolicyPak’s modern desktop management solutions are designed to empower your IT team to do just that.
Step 1: Using the Microsoft Store to Your Advantage
PolicyPak can instantly remove unwanted Microsoft Store apps with PolicyPak Software Package Manager. In the screenshot below, we are removing the Windows 10 built-in Candy Crush on the user systems in the office or anywhere else.

This takes nearly no effort, and now, there is less that can go wrong on your machines (and fewer games to play). Additionally, if you want to add a key Windows Store application, like Slack, it’s only one click away (see the screenshot below). All your users will then have the Windows Store version of Slack, which will automatically keep itself updated.

Step 2: Getting Required Software Tools to Your Users
PolicyPak helps you create policies that give you complete granular control of all Windows 10 devices, whether they are on-prem or offsite on a temporary or permanent basis. We’re going to use a couple of tools in the PolicyPak solution suite for this example. We will start with PolicyPak Remote Work Delivery Manager, which can deploy software to machines used by the work-from-anywhere workforce of today.
Because PolicyPak editors are built inside the Group Policy Management Editor, admins are already familiar with its policy creation process. In this example, we are going to create a user-side policy to deploy 7-Zip to our users regardless of where they are working. It all starts by creating a Standard Policy as is shown below.

That opens the policy creation wizard. We are choosing to deploy the software from a single file source located in a shared directory as shown in the screenshot below.

We then choose a target directory on our targeted computers (see the screenshot below).

PolicyPak Remote Work Delivery Manager is perfect for copying files to remote machines and keeping those files updated constantly. For those types of scenarios we would want to perpetually run a policy. For software installation policies, however, it is recommended to run them just once, as shown in the example below.

Up to now, all we’ve done is copy the 7-Zip.msi file to the target machine. Once it is copied, we want to kickstart the installation process. In this case, we will install it quietly without a UI interface (see the screenshot below).

So, what happens when it’s time to retire this application? That’s where revert actions come into play. You can assign a process that will quietly uninstall the deployed application once the policy falls out of scope. You can also choose to delete the copied files as well, as shown in the screenshot below.

It isn’t enough today to simply target policies using security filtering. Until now, only Group Policy Preferences gave admins the ability to use item-level targeting to granularly assign users. With PolicyPak, you can integrate item-level targeting into nearly every policy you create using PolicyPak managers. In the screenshot below, we are narrowing the scope to members of the EastSales Users group that operate portable Windows 10 machines.

Standard Group Policy can’t use item-level targeting, and it has another serious limitation as well. Group policies only apply to domain-joined machines. However, this is not the case with PolicyPak. You can deploy this and other policies using your favorite MDM solution and PolicyPak MDM Edition. If you have BYOD devices or standalone machines somewhere out there in the far reaches of the world, PolicyPak can manage all of them using PolicyPak Cloud Edition.
In the previous example, we selected an on-prem directory to distribute the installation file. But what if your installation files are hosted on a web service such as AWS or Dropbox? Just as PolicyPak can deploy software to users over the web, it can also deploy software from the web too. In this case you would create a web policy, as shown in the screenshot below.

PolicyPak supports multiple web services and will continue to support more in the future. In the example in the screenshot below, we want to install Notepad++, which is installed on our AWS cloud drive.

We can then complete the wizard, implementing the same options shown earlier, such as running processes and revert actions. With PolicyPak Remote Work Manager, it doesn’t matter where you store the install files, you can get the right software to the right user every time.
You can watch a video demonstration on our website showing how to deploy software to both on-prem and VPN connected machines. Also, watch this video demonstration on how to install software on non-domain-joined machines using PolicyPak Cloud.
Step 3: Final Fit and Finish
You might also want to reduce some of the in-box applications for Windows 10 or place special configurations on a machine. In this example, we are going to use PolicyPak Scripts & Triggers Manager.
We will start with the creation of a policy. To keep people within the organization from having access to certain Windows 10 apps, choose a computer policy, as shown in the screenshot below.

Traditional script deployment solutions are saddled with limitations. Microsoft Endpoint Manager only supports PowerShell scripts and Group Policy can only deploy scripts to domain-joined machines. PolicyPak Scripts & Triggers Manager can deploy JavaScript Batch, PowerShell, and VB scripts to any Windows device.
In the example in the screenshot below, we are using a PowerShell script that is available to all customers that trims even more cruft away from Windows 10. Customers can download and modify the script as needed as they may want to retain some of the applications listed within the script or make their own fit and finish modifications.

With the super admin powers of PolicyPak, we will use a trigger to deploy the script. You can choose from multiple trigger actions such as VPN connects and disconnects, user logons or logoffs, or as shown below, whenever the target machines shut down.

You can watch a video demonstration on our website showing how you can clean up your Windows 10 deployment by removing unwanted applications.
Get the Job Done with PolicyPak
Everyone has felt the frustration of not having the right tool for the job at one time or another. Don’t let this be the case for your users. Make sure they have just the right software to get the job done using PolicyPak.

Jeremy Moskowitz

Founder & CTO, Microsoft MVP in Group Policy, Enterprise Mobility, and MDM

Jeremy Moskowitz founded PolicyPak Software after working with hundreds of customers with the same problem they couldn’t manage their applications, browsers and operating systems using the technology they already utilized.

Ready to Get Started? Register for Our Webinar.

Our PolicyPak Webinars explain everything you need to know to get started with the software. Once you've attended the webinar, you'll be provided a download link and license key to start a free trial.