You'll want a class for each remote office. Generally, the class-map, for each office will match destination addresses used by the office. (As you noted having 40 offices, I created class names from 1 to 40. However, you could name the classes [and their map] for something more representive for the offices.)
Correct! Your high level shaper should be for 2 Gbps (oops, I missed changing that with your revised information).
Also correct, you apply the high level parent policy on the egress interface. (Which, also, if desired, you can rename the polices too.)
BTW, how this works, the parent policy sets a limit for bandwidth usage for the interface as a whole (to whatever bandwidth you've contracted for - if contracted bandwidth is full interface bandwidth, you don't need the parent policy and its shaper).
Each office class, sets a limit for bandwidth to each remote site. Their shapers insure you don't overrun that office's bandwidth.
Also BTW, the above works great, for a hub network. If sites might send traffic between themselves, doing QoS on just your equipment becomes problematic. Generally, for multipoint WAN networks, your WAN provider needs to allow you to define QoS in their network for your requirement. (I don't know if this has changed, but in the past, most MPLS WAN providers could provide some QoS support based on your requirements. MetroE providers, again, at least in the past, often did not provide such QoS support.)
Lastly, such a QoS policy can be used to further analyze bandwidth needs.
