Windows Server 2008 R2 Thread, Software deployment GPO, target only certain OU's? in Technical; Hi,
We have 5 sites and just looking at deploying reader to all machines. At 120mb we dont want to ...
31st July 2012, 09:17 PM #1
- Rep Power
Software deployment GPO, target only certain OU's?
We have 5 sites and just looking at deploying reader to all machines. At 120mb we dont want to transfer over the vlan but we are trying to only keep one msi installer for all machines.
Is it possible to setup a install and only target to certain machines like GPP can do?
IDG Tech News
31st July 2012, 09:29 PM #2
Yep. I assume you deploying via group policy? If so just create a GP on the OU and then deploy.
31st July 2012, 09:31 PM #3
Just create the gpo and link it to each OU you want to target.
31st July 2012, 09:42 PM #4
As others have said link the GPO to the OU's that require it ( Providing your OU's are structured in a way this is possible )
Or you could apply the GPO at top level and narrow it down using security filtering.
1st August 2012, 12:04 AM #5
- Rep Power
Thanks all. Luckily we have just re-arranged our AD so each site has its own OU now.
Im guessing that although the domain controller is located at one of the sites, if we put in the installation path in the GPO to another server the workstation will go direct to the server on site for the installation files and not throught the vlan and the DC.
The DC's are both located on one site and the servers onsite are just file print servers.
Seems to take ages for it to add the msi to the gpo on our slow connections.
Last edited by dany2010; 1st August 2012 at 12:05 AM.
1st August 2012, 12:20 AM #6
You are correct.
Originally Posted by dany2010
If you have multiple sites and slow collections and regularly send out software you should look at SCCM it will help.
8th August 2012, 03:33 PM #7
You don't necessarily have to segregate computer objects into separate organizational units to do this. Look into WMI filters for you group policy objects. Anything that can be queried through WMI can be used to filter which machines get what policy. AD Site can also be queried through WMI.
8th August 2012, 05:20 PM #8
Also a different way to lock down who gets what policy is via the security permissions of the GP. Make a security group and add the machine accounts to the group. Then modify the GP permissions and remove the everyone read group and add the security group you just created with read and apply permissions. WMI is probably neater and the event log does not a policy couldnt be applied on pc's that are not in the group but its not a big issue and permissions should be faster then using WMI filters.
The same technique can be used to filter user GP's as well.
By link470 in forum Wireless Networks
Last Post: 9th July 2010, 05:29 PM
By Kyle in forum Educational Software
Last Post: 4th September 2008, 07:31 PM
By rlculver in forum Network and Classroom Management
Last Post: 22nd April 2007, 10:53 PM
By ICTNUT in forum How do you do....it?
Last Post: 4th July 2006, 05:09 PM
By tosca925 in forum Windows
Last Post: 29th June 2006, 08:48 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)