Network and Classroom Management Thread, GPO for individual machines in Technical; Our GPO structure looks like this, and it works well - all the software gets allocated to every machine in ...
21st June 2011, 04:22 PM #1
GPO for individual machines
Our GPO structure looks like this, and it works well - all the software gets allocated to every machine in the ou just like you would expect. However, what would be the best way to allocate the likes of SIMS.net? If I add SOFTWARE SIMS.net to Art then every PC in art will get SIMS, whereas I just want it to be allocated to the teaching machines. Likewise with SmartBoard software.
21st June 2011, 04:26 PM #2
One idea I had was to allocate SIMS.net & SmartBoard software at site level, but change the delegation from Authenticated Users to Teaching Computers, and then add all the teaching computers to the Teaching Computers group. I know this should work, but is that best practice or is there another way that is more highly thought of?
21st June 2011, 04:26 PM #3
Make a Sub OU for the teachers pc?
Last edited by box_l; 21st June 2011 at 04:37 PM.
21st June 2011, 04:32 PM #4
This is the way I have done it I have a teaching pc's ou and departmental ou's under that. When I need to put software only to a certain department just create the gpo in the corresponding ou
Originally Posted by box_l
21st June 2011, 04:55 PM #5
The 2 options are Sub-OU for teachers in each room/OU.
Or using security groups and applying them to the GPO.
Obviously both methods require you to add the computer to the correct OU/group on creation.
Otherwise a script which reads the computer name...
21st June 2011, 04:55 PM #6
Create a group called SIMS PCs, an appropriate group policy and put security filtering on the policy so it only applies to that particular group?
21st June 2011, 05:12 PM #7
Gone with the security group method and seems to work well. Make the computer a member of the group and it allocates, take it out and it deallocates - just what I need
EDIT: Also, by using this method I just need to link the GPO once at site level, whereas with OU's within OU's it would require a bit more work I feel.
21st June 2011, 05:54 PM #8
We used to do this for all GPOs. OUs were purely for organisational structure, and GPOs were filtered by group membership. Group names similar to the GPO name, and Bob's your uncle. Easy to tell at a glance what's going on without having to trawl through hunting down links.
Originally Posted by Hightower
21st June 2011, 06:09 PM #9
Yep, plus it means any teacher specific software can be deployed this way, be it at top level or even if you want to apply IT teachers software only to the IT teachers computers/OU.
Originally Posted by Hightower
By DaveP in forum Windows Server 2008
Last Post: 6th July 2010, 09:45 PM
By lounee_77 in forum MIS Systems
Last Post: 18th March 2010, 02:33 PM
By farquea in forum Windows
Last Post: 13th July 2009, 01:19 PM
By Cooper_Trooper in forum Educational IT Jobs
Last Post: 1st June 2009, 09:20 PM
By craigg in forum O/S Deployment
Last Post: 11th March 2009, 11:16 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)