Can you have an OU in an OU?

[TechSupp]

Just started pushing software out using MSI's and have created an OU with the domain computers inside it so that they are updated with the software. All so far so good and installs going ahead. Now I want to just install some new software on just a few of those PC's, so do I now have to create a new OW inside the existing OU with the computers in it so that both OU sets of software install on the new PC's and only the first set of software install on the rest? Not at work at the moment so doing this from memory :-)...or am I thinking of this all wrong? i.e. I presume I can't have computers in two OU's at once!

[Michael]

Yes you can and what you're saying seems correct

[kmount]

Yes, put the new OU into the existing OU and put the pc's into that and it will pick up software allocated to both the parent OU and the child.

[TechSupp]

Wish I'd started using msi's ages ago , but now I have its just saved myself stacks of time. Thanks for the replys, I'll sort that next time I'm in. What triggers the software to install and some PC's just needed rebooting from the button on the PC yet some needed the power turning off then rebooting to get them to pick up the new software? They are working just curious as to why. Not a major problem as I just post a message on the notice board for all PC's to be turned off.

[strawberry]

group policy installs are like that, sometimes it takes 2 or more reboots to get the policy and apply it.

[kmount]

Its to do with how often they 'refresh' their policy.

You can 'force' it if you log onto it, and click start, run, and type "gpupdate /force" and then reboot it.

Should work in most cases

[srochford]

gpupdate /force /boot saves having to hang around for it to finish; you can also run it remotely with psexec

The other way of getting software to install on just some machines is to put the computers in a security group. Remove "authenticated users" from the bit in GPMC which says "the settings in this GPO only apply to the following groups, users and computers" and then add the group you've just created. This way you can attach the GPO at the top of the domain and it can apply to odd computers scattered across the OUs

[Geoff]

Yes, put the new OU into the existing OU and put the pc's into that and it will pick up software allocated to both the parent OU and the child.

Oh and BTW if you don't want this to happen for some reason, you can right click the OU in the GPMC and select 'Block Inheritence'. Although personally in situations where you might want to do this, I prefer to use Security filtering instead.