harold mcmullen
asked on
new forest or domain?
-We are a library and have as our main domain " acld.lib.fl.us "
-Staff pc's are on the domain
-Patron pc's are in workgroup
-We want to be able to deploy software to patron pc's utilizing group policy like we do with staff pc's
-so what would that require? a new domain, a subdomain, a new forest
-preferably we do not want the patron and staff domains (or whatever) to be able to access each other
ps. we already use wsus and lup to push some stuff, but would like to use gpo for the patron side also
-Staff pc's are on the domain
-Patron pc's are in workgroup
-We want to be able to deploy software to patron pc's utilizing group policy like we do with staff pc's
-so what would that require? a new domain, a subdomain, a new forest
-preferably we do not want the patron and staff domains (or whatever) to be able to access each other
ps. we already use wsus and lup to push some stuff, but would like to use gpo for the patron side also
You can create a new domain. Although I'd stick with the workgroup for patrons and just edit the registry pointing them at the WSUS.
Keep the workgroup. Too much work to create an entire domain for WSUS. You can modify the registry to accomplish this.
Refer to this link for details..
http://social.technet.microsoft.com/Forums/windowsserver/en-US/4935d71a-d3b5-45f5-94a9-69eeb31819d6/how-can-deploy-the-upadation-from-wsus-server-to-workgroup-computers
Hope this helps!
Refer to this link for details..
http://social.technet.microsoft.com/Forums/windowsserver/en-US/4935d71a-d3b5-45f5-94a9-69eeb31819d6/how-can-deploy-the-upadation-from-wsus-server-to-workgroup-computers
Hope this helps!
-We want to be able to deploy software to patron pc's utilizing group policy like we do with staff pc's
If this is the only requirement then you need not have to create new domain/forest. WSUS or other software deployment tools can recognize workgroup computers.
-preferably we do not want the patron and staff domains (or whatever) to be able to access each other
your current setup is good enough to keep them seperated but if you ever decide to go for domain/forest structure then you should choose to create new Forest to keep them completely separated (you can also have connectivity by configuring AD trust relationship).
If this is the only requirement then you need not have to create new domain/forest. WSUS or other software deployment tools can recognize workgroup computers.
-preferably we do not want the patron and staff domains (or whatever) to be able to access each other
your current setup is good enough to keep them seperated but if you ever decide to go for domain/forest structure then you should choose to create new Forest to keep them completely separated (you can also have connectivity by configuring AD trust relationship).
ASKER
man! thank you everyone for suggesting solutions so quickly. I really appreciate all of you taking time out from (i'm sure) busy schedules to help me.
-anyway, we already use wsus/lup to push to patron (workgroup) pc's, but we want to be able to use group policy to push software (and policy/permissions) to the patron pc's.
ps. we do not want to purchase any 3rd party software, so basically just use what Microsoft already has builtin to do this.
-anyway, we already use wsus/lup to push to patron (workgroup) pc's, but we want to be able to use group policy to push software (and policy/permissions) to the patron pc's.
ps. we do not want to purchase any 3rd party software, so basically just use what Microsoft already has builtin to do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks. I guess we are going to do the new server with new domain and then cross permissions with other domain. (I might not seem clear but I am just making quick comment cuz i'm busy)