GPO Install

Posted on 2011-10-24
Medium Priority
Last Modified: 2012-05-12
I have a gpo that installs an application on your computer if you are a user in a certain AD group. The gpo and install work fine. However, there is a problem when a user in the group rdp's into a server and the application tries to install (it eventually fails everytime anyway) - we dont want the application to install on the server since it is a client app. We only want it to install when on the users computer when that user logs in.
It is a user enabled gpo. the problem with making it a computer related gpo would mena that it would have to constantly be edited with adding and removing users computers everytime a computer is reimaged, new computers, etc.

Is there anything I can do to make sure it only installs on the clients computer that belongs to the AD group and not the servers? The servers are in a seperate AD OU if that helps.
Question by:tolinrome
LVL 12

Assisted Solution

by:Gary Coltharp
Gary Coltharp earned 800 total points
ID: 37020397
make it computer group based... not user group based.

In that way, only workstations belonging to selected OU's would get the app.
LVL 39

Accepted Solution

Krzysztof Pytko earned 1200 total points
ID: 37020427
Software Installation under User Configuration node always affects users, no matter where they log on. Software Installation under Computer Configuration node always affects computers. So, in this case that's better to change it from user to computer and link GPO to OU with computers.

Computer software installation does installation during computer sturtup with elevated privileges
User software installation does installation on user demand and works on user's credentials


Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question