.MSI file not installing on remote machines on network

Hi guys

I'm having a lot of problems trying to install an .msi file across the network to other remote machines.

It's on a windows 2003 Domain controllers. I've tried doing the following:

1. Created a new GPO.
2. Edited this and gone to Computer Configuration->Software Installation and I've put the .MSI in there as a server share (DC-Software photo).
3. I've permitted the remote machine, write access to the share on the network server.
4. In the security filtering, the machine is in there (security-filtering photo).
5. In the delegation settings, the security settings have been set for this machine for this machine to be able to edit/modify.

I've done gpupdate /force and i've restarted the destination machine many times to no avail. And then of course, I ran gpresult and I get the below. The name of the GPO is called 'BackOffice Install' and it is being denied.

Any ideas guys?

Thanks a lot
Yashy


Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 18/03/2015 at 17:34:24



RSOP data for FC\administrator on DC-TISCALI : Logging Mode
-------------------------------------------------------------------

OS Type:                     Microsoft(R) Windows(R) Server 2003, Standard Edition
OS Configuration:            Additional/Backup Domain Controller
OS Version:                  5.2.3790
Terminal Server Mode:        Remote Administration
Site Name:                   Tiscali
Roaming Profile:            
Local Profile:               C:\Documents and Settings\Administrator.FC
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=DC-TISCALI,OU=Domain Controllers,DC=fc,DC=local
    Last time Group Policy was applied: 18/03/2015 at 17:33:22
    Group Policy was applied from:      DC-Tiscali.fc.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        fc
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Default Domain Controllers Policy
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        Backoffice Install
            Filtering:  Denied (Security)

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        SophosAdministrator
        SophosUser
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        Windows Authorization Access Group
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        DC-TISCALI$
        Domain Controllers
        NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
       

USER SETTINGS
--------------
    CN=Administrator,CN=Users,DC=fc,DC=local
    Last time Group Policy was applied: 18/03/2015 at 17:28:16
    Group Policy was applied from:      DC-Tiscali.fc.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        fc
    Domain Type:                        Windows 2000
   
    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        Backoffice Install
            Filtering:  Denied (Security)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        SophosAdministrator
        SophosUser
        BUILTIN\Administrators
        BUILTIN\Users
        BUILTIN\Pre-Windows 2000 Compatible Access
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Schema Admins
        Enterprise Admins
        Domain Admins
        Group Policy Creator Owners
        SophosAdministrator
DC-Software.jpg
Security-filtering.jpg
settings.jpg
LVL 1
YashyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DonNetwork AdministratorCommented:
YashyAuthor Commented:
Okay, so I went through this thoroughly. The only thing I can see which may be the issue is I've removed 'Authenticated Users' from the 'Security Filtering'. The only thing in the 'Security Filtering' is the actual machine.

But in the link you've sent, it says 'Computers are members of the Authenticated Users group. If you remove Authenticated Users from the list on the Scope tab and you want the GPO to apply to a computer, you must specifically ensure that the computer belongs to a group that is included in the Security Filtering section on the Scope tab.'

So where it says the computer must belong to a security group, I don't get that. Does it mean I can't just have the computer name, but also a security group which this machine is inside?

Thanks again for helping.
DonNetwork AdministratorCommented:
There is no need to remove 'Authenticated Users' from the 'Security Filtering'

All PC's/Servers are members of 'Authenticated Users' , You're just creating more work for yourself.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

YashyAuthor Commented:
Ah, I see so by removing it I'm creating the problem.

But then how can I ensure that it is installed on just these particular machines? Do I just add all of the machines into the security filtering and then just add Authenticated Users?
DonNetwork AdministratorCommented:
I would just add these pc's to a security group called "Back Office" and then just add that group into the security filtering. Leave out "Authenticated Users"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
YashyAuthor Commented:
Okay, great, thank you for helping out.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.