GPO installations

[flekso]

Is there a way to limit the GPO software installations to workstations
and avoid the server(s) ?

 

[Oli Restorick [MVP]]

Yes.

The normal method would be to place all your workstations in a single OU and
apply the policy there. I'm guessing that all your computers (both servers
and workstations) are still in the default "Computers" container and that,
because you can't apply a GPO to this container because it's not an OU,
you're applying the GPO at the root of the domain.

So, just create another OU, place your workstations in it and link the GPO
at this point instead of where you're currently linking it.

Hope this helps

Oli

 

[flekso]

But what happens when new workstations are added to the domain, it's
not future proof.

 

[Nicolas]

But what happens when new workstations are added to the domain, it's
not future proof.

You should put your workstations directly in that OU (the solution depends
on the way you install your workstations).

If you use unattended or sysprep, use the answer file. If you do it
manually, use netdom.

To be very sure, I suggest not to use a domain admin account. Create a
special account for joins and don't let it the write acces to "computers"

 

[Oli Restorick [MVP]]

You either add them by script to the correct place, create the computer
accounts ahead of time, or move them afterwards.

Oli