Problems with Group Policy on Win2k Server

M

Marc Hoffman

Hi All...

We're having some issues with Software Installation GPOs on Win2k Server.
Here's the issue:

1. An OU is created at the root level of the domain in Active Directory
Users and Computers.
2. A GPO is applied to the OU containing our software MSI files (we are
publishing the MSI packages, and not assigning them).
3. A security group is created and placed inside the software installation
OU, and users are added to this group.
4. A secedit /policyrefresh command is issued.
5. Any of the members of the software installation security group may log
in, but none of the MSI packages appear in Add/Remove Programs.

Now, here's the weird part:

1. A member of the software installation security groups is moved directly
into the software installation OU.
2. A policy refresh is performed.
3. The user added directly to the software installation OU logs in, and the
MSI packages appear in Add/Remove Programs!

What's going on here? We need to be able to keep users in one place, and
have the GPO apply to the security group.

Thanks in advance.

Marc
 
M

Marc Hoffman

Interesting and annoying at the same time ;-)

Does Win2k3 Server have this "feature"?

Marc
 
D

Danny Sanders

I don't have Win 2k3 but I think this exciting feature (group policy that
does not work on groups) is there to confuse you also!


hth
DDS W 2k MVP MCSE
 
D

Darren Mar-Elia

Definitely not any different in W2K3. I think they should rename GPOs to
"Absolutely Nothing to do with Groups" Policy. It would be more accurate.
:)
 
A

Andrew Mitchell

Marc Hoffman said:
Interesting and annoying at the same time ;-)

Does Win2k3 Server have this "feature"?
Click to expand...

What you need to remember is that GPOs are linked to Domains or OU's, not
users, computers, security groups or any other obect within AD.
Usernames and group membership can be used as filters, but that is all. They
are only a means to fine tune the targeting of your GPOs within a given OU.

Andy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Deploying sw via group policy issue!! PLEASE HELP!! 1
sp4 installation via gpo 0
Software Installation not working in Group Policy 9
sp4 installation via gpo 0
Cannot install Service pack with Group Policy on W2K 2
Software Installation GPO 3
Grou Policy user install looping 1
gpo filtering 1

Top