In terms of security the Netlogon directory is pretty wide open - and like Darren said - all the MSI's will replicate to your DC's The way that i manage my GPO software deployments is like this ( i will use Acrobat 7 Pro as a example) 1. Create a folder like \\<server>\GPOManagedApps\"Acrobat" 2. Create the MSI admin install to to the Acrobat folder 3. Create a Security group with the computers/users I want to install is package to in the AD 4. Remove all (execept admin) security from the Acrobat folder and add read/execute to the newly created security group 5. Create a GPO to assign in the usual fashion although in the security filtering add the security group just create above 6. Link the GPO the required OU and voila! - gpupdate /force (if you want) and all should be well hope this give you some pointers... feel free to correct me if there is a better way! Rob On Wed, September 20, 2006 11:36 am, Jim Bangle said: I am soooooo excited that you all are saying this. I had my msi’s on a share, all warm, fuzzy, and secure, but I had the same exact symptom Eric is having. I was told by another admin around here someplace that the msi’s had to be in Netlogon, and after simply putting them in folders under Netlogon and reassigning them… voila! Everything has worked since. BUT, I don’t want them where they are! So, now I have new motivation to figure out how to create what I want. I thought I was working with a system limitation. Thanks for the feedback, all. AND, does anyone have any ideas as to why moving my msi’s would have appeared to have been a solution? -Jim From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Tuesday, September 19, 2006 6:28 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: auto install Agreed. Netlogon is probably not the place for these--you don't necessarily want your packages replicating to every DC.. A good DFS share somewhere on a file server is your best bet. Eric I think your best bet again is to use the msi*.log files in c:\windows\temp to troubleshoot why the per-computer assignment is not working. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Robert Mariani Sent: Tuesday, September 19, 2006 6:24 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: auto install Although a valid suggestion i would not be putting my msi files in the Netlogon directory - I believe best practice is to create a shared folder on the network and allow access via security groups etc... just my 2c Rob On Wed, September 20, 2006 11:08 am, Jim Bangle said: Eric, Are your msi files in Netlogon or a subfolder thereof? They must be stored there, though the assign process will allow you to browse to other locations and point to msi's elsewhere. I was caught by this early on. -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx To: gptalk@xxxxxxxxxxxxx Sent: Tue Sep 19 15:51:18 2006 Subject: [gptalk] auto install I have tried to make group policy auto install programs. I can make it do it via user config but I would like to it do it via computer config. I have added the msi and they are set to assign. At startup the computer sais something briefly about managed software but then does nothing. Anyhelp would be great.