GPO in XP

O

oscarmok

Our company will be changing from Win95 to XP this year. One of the
task we have to do is applying GPO to the new desktop. As I am new to
GPO, I hope someone can help me out.

1) When we join the XP to the domain, do we put the user account in
local normal user group or administrator group? If we have create a
special group in domain server, can it be assign to that group
instead?

2) Let's say the computer are in local normal user group, I know we
can push out MSI package to the desktop. The apps can install fine
but if the user is part of local normal user group, the app won't run.
I know the app requires full rights in C:\Program Files\<apps> (and
sub-folders) as well registry with full rights in HKLM\Software\<apps>
(and sub registries). If I setup a group name in the domain and
putting users who needs to run that app, can I use GPO and assign it
to their PC so folders/files and registries will contain full control
permissions on the domain group? How?
 
A

Alan Sterling [MSFT]

Hi Oscarmok:

When you join the domain the computer account will go into the computer OU.
The Users accounts can go into the Users OU or a specific OU that you have
designed.IE Accounting or Sales.

Review:
314934 HOW TO: Use Group Policy to Remotely Install Software in Windows 2000
http://support.microsoft.com/?id=314934

--
Alan Sterling---MCSE
Windows 2000 Directory Services
English - This posting is provided "AS IS" with no warranties, and confers
no rights. OR if you wish to include a script sample in your post please add
"Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
 
A

Ace Fekay [MVP]

In
Alan Sterling said:
Hi Oscarmok:

When you join the domain the computer account will go into the
computer OU. The Users accounts can go into the Users OU or a
specific OU that you have designed.IE Accounting or Sales.

Review:
314934 HOW TO: Use Group Policy to Remotely Install Software in
Windows 2000 http://support.microsoft.com/?id=314934
Click to expand...

Maybe this may help, or more explain what is happening ...

262638 - User Must Be the Local (Domain) Administrator to Deploy .msi
Package in GPO:
http://support.microsoft.com/?id=262638


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
O

oscarmok

Thank you for the solution.

But when you joining the PC to the domain, there was a question asking
what local group rights you want the user to be reside on. Normal,
Power and others. By default, it put the domain user under local
Normal user group. What shall I do on that?

As regarding the second question: using local admin to install MSI
package. What about after it install, if the user is not part of
local admin group, and the apps require C:\Program Files\<app> and
HKLM\Software\<app> FULL access rights?
 
A

Ace Fekay [MVP]

In
oscarmok said:
Thank you for the solution.

But when you joining the PC to the domain, there was a question asking
what local group rights you want the user to be reside on.
Click to expand...

Not sure what you mean here. WHen you join a machine to a domain, it just
asks for the admin user/pass to join it.
Normal,
Power and others. By default, it put the domain user under local
Normal user group. What shall I do on that?
Click to expand...

THat is default and you wouldn't normally have to do that. To get your thing
to work, you would need to add the Domain Users (or that specific Domain
user account) to the machine's Local Power User or the machine's Local
Administrators group.
As regarding the second question: using local admin to install MSI
package. What about after it install, if the user is not part of
local admin group, and the apps require C:\Program Files\<app> and
HKLM\Software\<app> FULL access rights?
Click to expand...

Once installed, then it's done. You wouldn't need them to have any more
rights on the local machine, unless the app requires it. You'll have to
consult with the vendor or the app's docs or help files to determine that.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO for user not applied 9
Allow Domain Users to have Local Computer Power User Rights 1
Application deployment via GPO to users 1
GPO IE Zone Mapping issue on TS 2
Using GPO to control local group membership 2
Computer settings in GPO not applying to computers 1
GPO not applying 1
GPO settings are not applied 2

Top