Barb,
Two things: one a general comment and one specific to your 'problem'
1) be very careful with the Snap Servers. I have had nothing but bad luck
with them. Where I used to work we had three of them - used as file
ervers - and they all were flaky at best. We were on the phone with them
often. At one point they were a really good option but I am not so sure now
with the prices of servers and server hardware. But, that is just my
experience. Everyone has a different perspective.
2) I might suggest that you try this on a 'regular' Server. See if you
experience the same sort of times. The time that you experience seems
rather long to me. However, there might be something behind this....
You created a shared folder on the snap server ( in this sense it does not
matter if it is a WINNT file server, a WIN2000 file server or a SNAP
server ) and copied the I386 folder from the SP4 CD or simply extracted the
executable to that shared folder. If it is possible on the Snap Server ( do
not think that it is ) you should give Domain Computers read permissions on
both the Share and NTFS permissions ( do not remember if the SNAP server has
the NTFS permissions - do not think so ) and then give either the Domain
Admins or Administrators Full Control on both the Share and NTFS
permissions. Again, I do not remember if you can do this on the SNAP
server, but you get the point that I am making hopefully.
Now that you have a shared network location you need to go into the ADUC and
create an OU and put the computer account objects that you want to be given
SP4 via this GPO into that OU. Now, you can create this GPO and link it to
that OU ( technically, the GPO is already linked to the OU where it was
created ). Remember that since this is Service Pack 4 that it needs to be
applied at the computer configuration and not at the user configuration.
Since this is being done to the computer configuration you have only one
choice - assign. Publish is not an option when creating GPOs to the
computer configuration. The only way that you are going to see anything
show up in the Add / Remove programs is if you published it. There is a
large part of your problem.
Furthermore, when you are creating the package you need to tell AD where the
..msi file is located. To do this you need to make sure that you use the UNC
convention ( \\snapserver\sharedfolder\file.msi ) and not a mapped network
drive ( S:\sharedfolder\folder\file/msi ).
I would stay away from using Security Groups to filter the GPOs for the time
being until you have a better handle on this. Typically, when you create a
GPO the Security Group 'Authenticated Users' is given both the READ and
APPLY POLICY rights. You can change this by removing the 'Authenticated
Users' group and replacing it with a Security Group that you have created.
You just need to remember to give this particular group both the READ and
APPLY POLICY rights.
HTH,
Cary
