Solved

GPO - Computer vs User ?

Posted on 2011-09-19
4
537 Views
Last Modified: 2012-05-12
How to decide which to use is my question when for exmaple doing a sw install to users.  I am thinking do it as a computer policy and apply it to the computers that add to a group.   That said what is the best way to decide. The sw needs to install and stay put on the machine, while our users do somtimes go from machine to machine and can work fine due to folder redirection adn syncing setup.   Trying to figure out how best to decide and what if any is best practice when doing sw install/deployments for example.  Thx
0
Comment
Question by:dee30
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 36563628
First - GPOs are applied to OUs - not to groups - so you need to put your computers and/or users into OUs not groups (OK you can use security filtering based on groups, but its a bit of a kludge and not the recommended way of doing things)

You can publish software to users which gives the user the a say in wether its installed or not - you can also assign software to users and computers- which gives them no choice in the matter. Not you can't publish to computers.

Generally, if the computer needs the software on it regardless of who is using it, then assign the software to the computer.

If the user must have the software regardless of which computer they are using, then assign or publish to users.

0
 
LVL 12

Assisted Solution

by:geowrian
geowrian earned 250 total points
ID: 36564494
@KCTS
Very well said, but I will note that you can publish or assign software to computers via loopback processing. I wouldn't recommend this except for certain specific circumstances. For instance, I work in higher education, so loopback policies come in handy for computer labs. They make management of the systems easier, as well as help limit the number of licenses required (~200 computers versus >5000 users).
0
 

Accepted Solution

by:
dee30 earned 0 total points
ID: 36567007
Thx
0
 

Author Closing Comment

by:dee30
ID: 36594665
thx
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question