Group Policy Deployed software vs Chocolatey in a Domain
-
@coliver said:
Are you able to make custom packages with this without uploaded them to the Chocolaty repos?
You just make your own repo. https://mbrownnyc.wordpress.com/2013/09/06/create-your-own-nuget-server-to-serve-packages/
-
@thecreativeone91 said:
@coliver said:
Are you able to make custom packages with this without uploaded them to the Chocolaty repos?
You just make your own repo. https://mbrownnyc.wordpress.com/2013/09/06/create-your-own-nuget-server-to-serve-packages/
Thanks.
-
Chocolatey is nice because it mimics how Linux and Mac handle updates. It is a "pull" from the client which is ideal if you have non-domain machines, home machines or machines that are in the field. It's perfect when you don't want to be using AD or don't want to be pushing updates or whatever. For everyone? Heck no. But a very useful tool and the perfect one in a lot of cases. Especially when you start making your own repos to control every aspect of what is being deployed.
Chocolatey is especially good if you want to democratize software deployments and push that duty out to end users.
GP is really good when you have users on the LAN and want to be a bit more in control.
-
Do the end users have to have local admin rights to use Chocolatey?
If so, that would kill it for me in a business where I manage the machines.
In a BOYD that could be awesome.
-
@Dashrender said:
Do the end users have to have local admin rights to use Chocolatey?
Depends what you are deploying and how you want to deploy it. You can script Chocolatey and automate it so that you could do a lot of fancy things with it if you wanted.
-
@Dashrender said:
If so, that would kill it for me in a business where I manage the machines.
You can give them access to single install commands rather than to just anything. Or give them access only to your repo so that you don't care if they are installing willy nilly (e.g. anyone can install Notepad++ as the administrator, but nothing else.)
Giving users access to Chocolatey would mean that they could run updates anytime that they wanted.
-
So you script Chocolately itself to somehow have local admin rights, while the user doesn't?
-
@Dashrender said:
So you script Chocolately itself to somehow have local admin rights, while the user doesn't?
Yup, this is a pretty common way of handling tasks of this nature.
-
@scottalanmiller said:
GP is really good when you have users on the LAN and want to be a bit more in control.
We could do it all with GP the major issues is handling updates and sometimes the break and slow down logins. I might not use chocolatey but it is very interesting.
I ran the script via task scheduler (push from GP) and run it in the System account.
-
There have been other tools talked about here and SW, and of course I can't think of their names - for the more normal things that people deploy to end users.
-
@Dashrender said:
There have been other tools talked about here and SW, and of course I can't think of their names - for the more normal things that people deploy to end users.
Yes, there are several. Ninite is popular.
Chocolatey's big benefits are open source, free and that you can run your own repo. That it is easy to automate does not make it unique, but is a big deal.
-
With Chocolatey a nice thing to do is make a scheduled task that does a full package update at some specific time (middle of the night, lunch time, whatever.) This works even when the machines are off network (but online.)
-
Ninite costs and is even more limiting than GP assigned software. I'd love SCCM seems to be the best but we aren't looking at SCCM right now. Chocolatey is more powerful than GP. Problem is I still haven't found the best way to script the initial install of programs and chocolatety.
-
I love ninite for personal use. Nuke/pave times drop dramatically.