Solved

GPO - Computer vs User ?

Posted on 2011-09-19
4
515 Views
Last Modified: 2012-05-12
How to decide which to use is my question when for exmaple doing a sw install to users.  I am thinking do it as a computer policy and apply it to the computers that add to a group.   That said what is the best way to decide. The sw needs to install and stay put on the machine, while our users do somtimes go from machine to machine and can work fine due to folder redirection adn syncing setup.   Trying to figure out how best to decide and what if any is best practice when doing sw install/deployments for example.  Thx
0
Comment
Question by:dee30
  • 2
4 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
Comment Utility
First - GPOs are applied to OUs - not to groups - so you need to put your computers and/or users into OUs not groups (OK you can use security filtering based on groups, but its a bit of a kludge and not the recommended way of doing things)

You can publish software to users which gives the user the a say in wether its installed or not - you can also assign software to users and computers- which gives them no choice in the matter. Not you can't publish to computers.

Generally, if the computer needs the software on it regardless of who is using it, then assign the software to the computer.

If the user must have the software regardless of which computer they are using, then assign or publish to users.

0
 
LVL 12

Assisted Solution

by:geowrian
geowrian earned 250 total points
Comment Utility
@KCTS
Very well said, but I will note that you can publish or assign software to computers via loopback processing. I wouldn't recommend this except for certain specific circumstances. For instance, I work in higher education, so loopback policies come in handy for computer labs. They make management of the systems easier, as well as help limit the number of licenses required (~200 computers versus >5000 users).
0
 

Accepted Solution

by:
dee30 earned 0 total points
Comment Utility
Thx
0
 

Author Closing Comment

by:dee30
Comment Utility
thx
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now