I'm about to start my 2nd year of Windows 7 system deployment in my organization and am looking for a easy way to try to differentiate Group Policy enforcement between this year and last year's computers. Last year the computers that we deployed were Win7 Pro edition and this year is Win7 Enterprise so that we can use AppBlocker group policy settings. Is there a way to differentiate between the two to determine which one will be enforced depending on the which version of Win7 is installed on the system? I'm asking because currently my Win7 policy is essentially a converted copy of my previous XP policy which primarily used "Run only allowed Windows Applications" as the application manager and I have a huge list of allowed EXE files. I have been developing a new policy that uses AppLocker for my Enterprise edition systems so that I hopefully don't need to manage the EXE list (or as long of one) going forward with Win7.

If this is not possible, what is the best way of deploying these policies in the environment? I currently have the non-AppLocker policy being applied to my Workstations container, and I was thinking of adding the AppLocker policy to either the Dynamic Group that will contain all of my new systems (they will all have an identifier to indicate the year of purchase in their name), or to assign it to the users of those computers since my users don't jump between machines. I currently use a "User Last" enforcement scheme.

Thanks for any suggestions!