Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MSI pushed to one PC, can't figure out why.

Status
Not open for further replies.
neonrh

neonrh

IS-IT--Management
Aug 8, 2002
23
US
Okay, I've been testing deployment of several apps via GPO in a small lab environment. Setup and deployment work ok. Under the Computers OU, I have three other ones, Servers, Workstations - NoGPO and Workstations - GPO. Only Workstations - GPO has a policy for installing apps. I placed specific computer accounts into that OU. Then, under the groups OU, I created groups for each app, such as SW-Adobe7.0, SW-Lotus6.5.4, SW-Winzip, etc.

I added software installs for each app, pointing to the appropriate MSI. I then edited the security for each app install, unchecking the security inheritance, but selecting to copy the existing settings. I set the Servers OU to deny access, and then if I was editing the one for Winzip, I'd give the SW-Winzip group read access to that software install. I did the same for each app.

Everything was working perfectly. Then I setup a laptop on my lab network, joining it to the domain. I placed the computer account in the Workstation - GPO OU, and then placed the computer account in the SWLotus6.5.4 user/computer group. I then rebooted so that GPO could push Lotus onto the PC. When I did so, it installed every application from that GPO. The odd thing is, I rebooted the other workstations (of which two others were also in the SWLotus6.5.4 group) and no other workstation reacted the same. Just that one PC.

Anyone ever seen this? I can post a representation of the ACL for the software install, they're all configured the same for each app.
 
Sort by date Sort by votes
Im not sure I get all what you ve done, but:

Create an OU and place your workstations in it.
(Put your servers in another)
Create a SW Group. Location irrelevant.

Link a GPO to the Workstations OU.
Edit security on the GPO.
Remove Authenticated Users
Add SW group.
Give SW group Read and Apply.

Add your workstations to the SW Group.

For troubleshooting, look in the eventviewer of the workstations you thought should have been affected by the GPO.
Also use GPMC for GPO modelling

In general avoid using Deny anywhere.

/Martin
 
Upvote 0 Downvote
You answered my question, for some reason I left authenticated users in the mix. I removed them. Haven't had a chance to test yet, but after your reply I'm quite certain that was it. Thanks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Michel$
  • Locked
  • Question
hi guys , please , how to configu
Replies
0
Views
1K
Michel$
Michel$
popcorn22
  • Locked
  • Question
Install and setting up an Avaya stand-alone DHCP server on to a DELL EMC R640?
Replies
0
Views
276
popcorn22
popcorn22
Nyan Win
  • Locked
  • Question
Open multple Access reports by same(one) criteria with DoCmd
Replies
0
Views
128
Nyan Win
Nyan Win
IngeYen
  • Locked
  • Question
Error: Unable to reach 10.10.208.254 from 10.10.208.10 [B1
Replies
0
Views
204
IngeYen
IngeYen
nikonjd
  • Locked
  • Question
Tool to compare two different Windows Servers directories and files
Replies
0
Views
196
nikonjd
nikonjd

Part and Inventory Search

Sponsor

Back
Top