Our GPO structure looks like this, and it works well - all the software gets allocated to every machine in the ou just like you would expect. However, what would be the best way to allocate the likes of SIMS.net? If I add SOFTWARE SIMS.net to Art then every PC in art will get SIMS, whereas I just want it to be allocated to the teaching machines. Likewise with SmartBoard software.
Any ideas?
GPO.png
One idea I had was to allocate SIMS.net & SmartBoard software at site level, but change the delegation from Authenticated Users to Teaching Computers, and then add all the teaching computers to the Teaching Computers group. I know this should work, but is that best practice or is there another way that is more highly thought of?
Make a Sub OU for the teachers pc?
Last edited by box_l; 21st June 2011 at 03:37 PM.
This is the way I have done it I have a teaching pc's ou and departmental ou's under that. When I need to put software only to a certain department just create the gpo in the corresponding ouOriginally Posted by box_l
The 2 options are Sub-OU for teachers in each room/OU.
Or using security groups and applying them to the GPO.
Obviously both methods require you to add the computer to the correct OU/group on creation.
Otherwise a script which reads the computer name...
Create a group called SIMS PCs, an appropriate group policy and put security filtering on the policy so it only applies to that particular group?
Gone with the security group method and seems to work well. Make the computer a member of the group and it allocates, take it out and it deallocates - just what I need
EDIT: Also, by using this method I just need to link the GPO once at site level, whereas with OU's within OU's it would require a bit more work I feel.
We used to do this for all GPOs. OUs were purely for organisational structure, and GPOs were filtered by group membership. Group names similar to the GPO name, and Bob's your uncle. Easy to tell at a glance what's going on without having to trawl through hunting down links.
Yep, plus it means any teacher specific software can be deployed this way, be it at top level or even if you want to apply IT teachers software only to the IT teachers computers/OU.Gone with the security group method and seems to work well. Make the computer a member of the group and it allocates, take it out and it deallocates - just what I need
EDIT: Also, by using this method I just need to link the GPO once at site level, whereas with OU's within OU's it would require a bit more work I feel.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
