[gptalk] Re: auto install
- From: "Eric Middleton" <ericleem@xxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Tue, 19 Sep 2006 22:10:25 -0500
Hey guys thanks for all the replies. I do have my msi's in a shared folder
on a server that users have rights but I am not sure about computers. Do I
need to change the client computers rights to admin? If I do this when a
user logs in will they still have limited access? Thanks again you guys are
great
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Robert Mariani
Sent: Tuesday, September 19, 2006 9:45 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: auto install
No worries... Also if Eric follows what Darren states with verbose logging
and also tries out my suggestion im sure he will have his problems solved.
On Wed, September 20, 2006 12:31 pm, Jim Bangle said:
Honestly? I wouldn't be looking for a better way. This is (I thought)
exactly one of the dozen things I tried when I couldn't seem to get it
working. I will have to dig back into this for myself.
I love the open and timely assistance, everyone. Thanks! And, Eric, I'm
sorry my follies may have misled you for a moment there. I'm just excited to
get the msi's off Netlogon and back into my normal scheme of storing my
current versions of apps that I want users to have. Thanks, again, Robert
and others.
_____
size=2 width="100%" align=center tabindex=65535>
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Robert Mariani
Sent: Tuesday, September 19, 2006 6:57 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: auto install
In terms of security the Netlogon directory is pretty wide open - and like
Darren said - all the MSI's will replicate to your DC's
The way that i manage my GPO software deployments is like this ( i will use
Acrobat 7 Pro as a example)
1. Create a folder like \\ <file:///\\%3cserver%3e\GPOManagedApps\>
\GPOManagedApps\"Acrobat"
2. Create the MSI admin install to to the Acrobat folder
3. Create a Security group with the computers/users I want to install is
package to in the AD
4. Remove all (execept admin) security from the Acrobat folder and add
read/execute to the newly created security group
5. Create a GPO to assign in the usual fashion although in the security
filtering add the security group just create above
6. Link the GPO the required OU and voila! - gpupdate /force (if you want)
and all should be well
hope this give you some pointers...
feel free to correct me if there is a better way!
Rob
On Wed, September 20, 2006 11:36 am, Jim Bangle said:
I am soooooo excited that you all are saying this. I had my msi's on a
share, all warm, fuzzy, and secure, but I had the same exact symptom Eric is
having. I was told by another admin around here someplace that the msi's had
to be in Netlogon, and after simply putting them in folders under Netlogon
and reassigning them. voila! Everything has worked since. BUT, I don't want
them where they are! So, now I have new motivation to figure out how to
create what I want. I thought I was working with a system limitation.
Thanks for the feedback, all. AND, does anyone have any ideas as to why
moving my msi's would have appeared to have been a solution?
-Jim
size=2 width="100%" align=center tabindex=65535>
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Tuesday, September 19, 2006 6:28 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: auto install
Agreed. Netlogon is probably not the place for these--you don't necessarily
want your packages replicating to every DC.. A good DFS share somewhere on a
file server is your best bet. Eric I think your best bet again is to use the
msi*.log files in c:\windows\temp to troubleshoot why the per-computer
assignment is not working.
Darren
size=2 width="100%" align=center tabindex=65535>
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Robert Mariani
Sent: Tuesday, September 19, 2006 6:24 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: auto install
Although a valid suggestion i would not be putting my msi files in the
Netlogon directory -
I believe best practice is to create a shared folder on the network and
allow access via security groups etc...
just my 2c
Rob
On Wed, September 20, 2006 11:08 am, Jim Bangle said:
Eric,
Are your msi files in Netlogon or a subfolder thereof? They must be stored
there, though the assign process will allow you to browse to other locations
and point to msi's elsewhere. I was caught by this early on.
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx
To: gptalk@xxxxxxxxxxxxx
Sent: Tue Sep 19 15:51:18 2006
Subject: [gptalk] auto install
I have tried to make group policy auto install programs. I can make it do it
via user config but I would like to it do it via computer config. I have
added the msi and they are set to assign. At startup the computer sais
something briefly about managed software but then does nothing. Anyhelp
would be great.
Other related posts:
