Deploying MSI's via GPO (Computer Container) dependant on Computer AD Group Membership

Posted on 2008-11-19
Last Modified: 2012-05-05

I have a custom MSI that I want to deploy to certain PCs. The PC's are across different OU's which have different policies associated with them.

In the past when the MSI has been user specific, I have put the users that need the app in a AD group, and then only given that group access to Apply the group policy - which works well.

However Im not interested in which user has the software, I just want it to go to certain PC's. I have tried putting the PCs into a AD group and applied the software in the Computer Container of the GPO - but it doesn't work.

How do I apply my MSI to certain PC's across the company using AD?
Question by:ncht
    LVL 15

    Expert Comment

    Hello, ncht.  I am going to need more info from you. What do the event logs say?
    Did you recheck the permissions for these computers, assuming this msi installer package is on a network share?  The event logs on the dc and on the target pc's should clue us in to issue. Also, are there other GPO's in force on the domain that are might have priority over your software install policy?
    LVL 16

    Accepted Solution

    Make sure the computers objects under the container you have applied to GP to and that those computers (or the group they are in) have access to the install files at the file level and share level.  Also make sure the installation is setup as a computer policy, not a user policy.

    LVL 1

    Author Comment

    Sorry my mistake - when I went back in to check, I noticed that I had applied the GPO to the User OU, and not the Computer OU. Becuase the policy was applied to the Computer and not the user it didnt work. I moved the policy to the Computer OU and it worked perfectly.

    Thank you both for your comments and suggestions.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now