Group Policy Deployed software vs Chocolatey in a Domain
-
Do the end users have to have local admin rights to use Chocolatey?
If so, that would kill it for me in a business where I manage the machines.
In a BOYD that could be awesome.
-
@Dashrender said:
Do the end users have to have local admin rights to use Chocolatey?
Depends what you are deploying and how you want to deploy it. You can script Chocolatey and automate it so that you could do a lot of fancy things with it if you wanted.
-
@Dashrender said:
If so, that would kill it for me in a business where I manage the machines.
You can give them access to single install commands rather than to just anything. Or give them access only to your repo so that you don't care if they are installing willy nilly (e.g. anyone can install Notepad++ as the administrator, but nothing else.)
Giving users access to Chocolatey would mean that they could run updates anytime that they wanted.
-
So you script Chocolately itself to somehow have local admin rights, while the user doesn't?
-
@Dashrender said:
So you script Chocolately itself to somehow have local admin rights, while the user doesn't?
Yup, this is a pretty common way of handling tasks of this nature.
-
@scottalanmiller said:
GP is really good when you have users on the LAN and want to be a bit more in control.
We could do it all with GP the major issues is handling updates and sometimes the break and slow down logins. I might not use chocolatey but it is very interesting.
I ran the script via task scheduler (push from GP) and run it in the System account.
-
There have been other tools talked about here and SW, and of course I can't think of their names - for the more normal things that people deploy to end users.
-
@Dashrender said:
There have been other tools talked about here and SW, and of course I can't think of their names - for the more normal things that people deploy to end users.
Yes, there are several. Ninite is popular.
Chocolatey's big benefits are open source, free and that you can run your own repo. That it is easy to automate does not make it unique, but is a big deal.
-
With Chocolatey a nice thing to do is make a scheduled task that does a full package update at some specific time (middle of the night, lunch time, whatever.) This works even when the machines are off network (but online.)
-
Ninite costs and is even more limiting than GP assigned software. I'd love SCCM seems to be the best but we aren't looking at SCCM right now. Chocolatey is more powerful than GP. Problem is I still haven't found the best way to script the initial install of programs and chocolatety.
-
I love ninite for personal use. Nuke/pave times drop dramatically.
