[Last Call] Learn how to a build a cloud-first strategyRegister Now


Deploying MSI's via GPO (Computer Container) dependant on Computer AD Group Membership

Posted on 2008-11-19
Medium Priority
Last Modified: 2012-05-05

I have a custom MSI that I want to deploy to certain PCs. The PC's are across different OU's which have different policies associated with them.

In the past when the MSI has been user specific, I have put the users that need the app in a AD group, and then only given that group access to Apply the group policy - which works well.

However Im not interested in which user has the software, I just want it to go to certain PC's. I have tried putting the PCs into a AD group and applied the software in the Computer Container of the GPO - but it doesn't work.

How do I apply my MSI to certain PC's across the company using AD?
Question by:ncht
LVL 15

Expert Comment

ID: 22993879
Hello, ncht.  I am going to need more info from you. What do the event logs say?
Did you recheck the permissions for these computers, assuming this msi installer package is on a network share?  The event logs on the dc and on the target pc's should clue us in to issue. Also, are there other GPO's in force on the domain that are might have priority over your software install policy?
LVL 16

Accepted Solution

robrandon earned 2000 total points
ID: 22994772
Make sure the computers objects under the container you have applied to GP to and that those computers (or the group they are in) have access to the install files at the file level and share level.  Also make sure the installation is setup as a computer policy, not a user policy.


Author Comment

ID: 22994934
Sorry my mistake - when I went back in to check, I noticed that I had applied the GPO to the User OU, and not the Computer OU. Becuase the policy was applied to the Computer and not the user it didnt work. I moved the policy to the Computer OU and it worked perfectly.

Thank you both for your comments and suggestions.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question