+ Post New Thread
Results 1 to 8 of 8
Windows Server 2008 R2 Thread, Software deployment GPO, target only certain OU's? in Technical; Hi, We have 5 sites and just looking at deploying reader to all machines. At 120mb we dont want to ...
  1. #1

    Join Date
    Nov 2011
    Posts
    608
    Thank Post
    84
    Thanked 21 Times in 19 Posts
    Rep Power
    10

    Software deployment GPO, target only certain OU's?

    Hi,

    We have 5 sites and just looking at deploying reader to all machines. At 120mb we dont want to transfer over the vlan but we are trying to only keep one msi installer for all machines.

    Is it possible to setup a install and only target to certain machines like GPP can do?

    Many thanks,

    Dan.

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Yep. I assume you deploying via group policy? If so just create a GP on the OU and then deploy.

  3. #3
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,998
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106
    Just create the gpo and link it to each OU you want to target.

  4. #4

    Join Date
    Jun 2010
    Location
    England
    Posts
    735
    Thank Post
    89
    Thanked 52 Times in 46 Posts
    Rep Power
    35
    As others have said link the GPO to the OU's that require it ( Providing your OU's are structured in a way this is possible )
    Or you could apply the GPO at top level and narrow it down using security filtering.

  5. #5

    Join Date
    Nov 2011
    Posts
    608
    Thank Post
    84
    Thanked 21 Times in 19 Posts
    Rep Power
    10
    Hi,

    Thanks all. Luckily we have just re-arranged our AD so each site has its own OU now.

    Im guessing that although the domain controller is located at one of the sites, if we put in the installation path in the GPO to another server the workstation will go direct to the server on site for the installation files and not throught the vlan and the DC.

    The DC's are both located on one site and the servers onsite are just file print servers.

    Seems to take ages for it to add the msi to the gpo on our slow connections.
    Last edited by dany2010; 31st July 2012 at 11:05 PM.

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by dany2010 View Post
    Hi,

    Thanks all. Luckily we have just re-arranged our AD so each site has its own OU now.

    Im guessing that although the domain controller is located at one of the sites, if we put in the installation path in the GPO to another server the workstation will go direct to the server on site for the installation files and not throught the vlan and the DC.

    The DC's are both located on one site and the servers onsite are just file print servers.

    Seems to take ages for it to add the msi to the gpo on our slow connections.
    You are correct.

    If you have multiple sites and slow collections and regularly send out software you should look at SCCM it will help.

  7. #7
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    795
    Thank Post
    81
    Thanked 130 Times in 113 Posts
    Blog Entries
    8
    Rep Power
    31
    You don't necessarily have to segregate computer objects into separate organizational units to do this. Look into WMI filters for you group policy objects. Anything that can be queried through WMI can be used to filter which machines get what policy. AD Site can also be queried through WMI.

  8. #8

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,641
    Thank Post
    894
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    441
    Also a different way to lock down who gets what policy is via the security permissions of the GP. Make a security group and add the machine accounts to the group. Then modify the GP permissions and remove the everyone read group and add the security group you just created with read and apply permissions. WMI is probably neater and the event log does not a policy couldnt be applied on pc's that are not in the group but its not a big issue and permissions should be faster then using WMI filters.
    The same technique can be used to filter user GP's as well.

SHARE:
+ Post New Thread

Similar Threads

  1. Software Restriction Policies - Allow ONLY certain software
    By link470 in forum Wireless Networks
    Replies: 28
    Last Post: 9th July 2010, 04:29 PM
  2. Replies: 1
    Last Post: 4th September 2008, 06:31 PM
  3. Software Deployment Via GPO - HELP!
    By rlculver in forum Network and Classroom Management
    Replies: 7
    Last Post: 22nd April 2007, 09:53 PM
  4. Deploy Software via GPO
    By ICTNUT in forum How do you do....it?
    Replies: 16
    Last Post: 4th July 2006, 04:09 PM
  5. Removal of software from GPO deployment
    By tosca925 in forum Windows
    Replies: 4
    Last Post: 29th June 2006, 07:48 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •