In my last post on self-service scenarios, Darren Mar-Elia commented that application self-service is another potential scenario. I totally agree. In fact, in my mind I lumped application self-service into entitlement self-service. In other words, I simply see applications as a type of entitlement that you may or may not be authorized for.
Did you know that in an Active Directory world application self-service is already built-in? You can "publish" applications to Active Directory and they are deployed via Group Policy. When you publish an application in Active Directory it becomes available from the Add/Remove Programs for those users to whom the Group Policy object (GPO) applies. You could also assign the applications to a particular set of users (or computers) via the GPO and the application would be automagically installed on that user's machine when they logon.
I am not sure how many people out there know about this capability but it's available. Check it out.
identity management, passwords, Quest Software
(ISC)2 Delivers Advice to US Federal CISO
3 hours ago