Solved

Windows 2003 Server GPO

Posted on 2007-03-28
12
222 Views
Last Modified: 2010-04-18
I have a single domain, with a single domain controller ( win2003 enterprise edition) I also have 2 member servers ( win200 server  and win 2003 server ).  The network has only one subnet (192.188.0.x). The DOmain controller is also a DNS and DHCP server. My questions is how do I create a group policy that will apply to all computers that have windows xp only. ( i also have win 2000 and 98 computers ). The group policy will install  (assign) a program (.exe file ) as soon as the user logs on. I  also i want to "publish only" a second program that a user can install if he choses to. Can anyone tell me how to configure and apply this group policy??...
0
Comment
Question by:James Hilloya
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 60 total points
ID: 18808814
You can use a WMI filter to identify the XP Machines

Seehttp://technet2.microsoft.com/WindowsServer/en/library/7cae3dab-b973-4905-9e47-00a638241da91033.mspx?mfr=true
for details and examples.
0
 
LVL 1

Author Comment

by:James Hilloya
ID: 18809170
Thanks, however I need to know how to create and configure the GPO . I am not even sure how to get to that "group policy management " screen that is listed on the link u  sent
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 65 total points
ID: 18809628
Unfortunately, Windows 2000 and Windows 98 do not understand WMI filtering, which would be required to have this GP apply only to XP machines.  (There are ways around that for many GPO settings, but Software Installation is a slightly different matter.)  In this case you will need to create a separate OU for your XP workstations, create and link the GPO there.

If you are new to Group Policy and Software Installation, you may find the following tutorial useful:

http://www.serverwatch.com/tutorials/article.php/1497901

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 16

Expert Comment

by:kshays
ID: 18812989
I take it that you haven't really configured gpo's at all?  If that is the case then be careful especially when modifying the "default domain policy" (if you do that).

Here is the link to download gpmc if you haven't done so already.
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

Once downloaded, install and go to administrative tools.  It should be listed in there.

Group policy tutorials:
http://www.2000trainers.com/tutorials/group-policy/
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Deploy-Applications.html

I've just listed a couple of sites for gpo's.  I would suggest creating some test OU's and test users first to  test the gpo's and after you have them working the way you want you can link them to the correct OU and put them into production use.

Kevin
0
 
LVL 1

Author Comment

by:James Hilloya
ID: 18815407
kshays you are correct but what I am trying to do seems to be very simple, I am just not sure how to do it. I have an OU where all of my XP machines are. I have an executable file on the server that I installs a program. I want to assign this program  to all XP machines as soon as the computer comes on. How do  I do that??
0
 
LVL 1

Author Comment

by:James Hilloya
ID: 18815426
I guess I will look at the links that you provided and go from there
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18815436
First of all it's important to note that Software Installation in Group Policy requires an MSI file, not an EXE, so you'll need to use a packaging tool like WinInstall to create an MSI installer file.

Once you've done that, you'll create a GPO for your XP clients which includes the MSI file you created, using steps that have been detailed in the various tutorial links provided in previous posts in this thread.
0
 
LVL 1

Author Comment

by:James Hilloya
ID: 18815474
does windows 2003 server come with the WinInstall??
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18815525
You can check your 2003 media to confirm, but I believe that this is now a third-party tool - there are certainly others in the same market, WinInstall just happens to be one that I'm familiar with.
0
 
LVL 16

Expert Comment

by:kshays
ID: 18815702
WinInstallLE comes on the Windows 2000 cd's I know of.  I haven't checked on my 2003 though.  I think it should be under support tools.  If using WinInstallLE make sure you reference everything by UNC.

Another program that is pretty nice is Advance Installer.
http://www.advancedinstaller.com/

I think what will help you out the most right now is to get familiar with GPO's and software distribution via the gpo's.  Once you get familiar with how gpo works and read through the links we have provided it will make much more sense to you, especially when you do it a few times and actually see it in action :)

Best of luck.

Kevin

0
 
LVL 1

Author Comment

by:James Hilloya
ID: 18815770
Thank You Kevin, from what i read i have to create the gpo and link it to the OU that has all of my xp machines.. then make sure that only the xp machines have the read and apply group policy permissions in the ACL.I hope I am on the right track, going to look into the advance installer now
0
 
LVL 16

Expert Comment

by:kshays
ID: 18816106
No problem.  Yes, you are correct.  It sounds like you are getting the idea :)

Kevin
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Repadmin - Active Directly synchronization 13 25
Impact to changing AD username 2 22
Activity directory migration 4 22
DNS server pulling non-authorative answer 3 29
This article runs through the process of deploying a single EXE application selectively to a group of user.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question