Avatar of harold mcmullen
harold mcmullenFlag for United States of America asked on

new forest or domain?

-We are a library and have as our main domain " acld.lib.fl.us "
-Staff pc's are on the domain
-Patron pc's are in workgroup
-We want to be able to deploy software to patron pc's utilizing group policy like we do with staff pc's
-so what would that require? a new domain, a subdomain, a new forest
-preferably we do not want the patron and staff domains (or whatever)  to be able to access each other

ps. we already use wsus and lup to push some stuff, but would like to use gpo for the patron side also
Active DirectoryWindows Server 2008

Avatar of undefined
Last Comment
harold mcmullen

8/22/2022 - Mon
dipopo

You can create a new domain. Although I'd stick with the workgroup for patrons and just edit the registry pointing them at the WSUS.
Will Szymkowski

Keep the workgroup. Too much work to create an entire domain for WSUS. You can modify the registry to accomplish this.

Refer to this link for details..
http://social.technet.microsoft.com/Forums/windowsserver/en-US/4935d71a-d3b5-45f5-94a9-69eeb31819d6/how-can-deploy-the-upadation-from-wsus-server-to-workgroup-computers

Hope this helps!
Pramod Ubhe

-We want to be able to deploy software to patron pc's utilizing group policy like we do with staff pc's

If this is the only requirement then you need not have to create new domain/forest. WSUS or other software deployment tools can recognize workgroup computers.


-preferably we do not want the patron and staff domains (or whatever)  to be able to access each other

your current setup is good enough to keep them seperated but if you ever decide to go for domain/forest structure then you should choose to create new Forest to keep them completely separated (you can also have connectivity by configuring AD trust relationship).
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER
harold mcmullen

man! thank you everyone for suggesting solutions so quickly. I really appreciate all of you taking time out from (i'm sure) busy schedules to help me.

-anyway,  we already use wsus/lup to push to patron (workgroup) pc's, but we want to be able to use group policy to push software (and policy/permissions) to the patron pc's.

ps. we do not want to purchase any 3rd party software, so basically just use what Microsoft already has builtin to do this.
ASKER CERTIFIED SOLUTION
Will Szymkowski

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
harold mcmullen

thanks. I guess we are going to do the new server with new domain and then cross permissions with other domain. (I might not seem clear but I am just making quick comment cuz i'm busy)