I cannot get GPOs to run below the domain level

I have written a few successful GPOs but all have been at the domain level, I recently began trying to push out a GPO for laptop encryption software and was having difficulties. I decided to start testing in a practice OU instead of at the domain level, but none of the GPOs I have linked to my practice OU seem to be recognized by the workstations it. I have done everything exactly the same, but when I go to a workstation that is in my test OU and run a GPRESULT /R it does not even show up. Is there another step to creating GPOs when linking them below the domain level?
LVL 1
Thor2923Asked:
Who is Participating?
 
Vadim RappConnect With a Mentor Commented:
From http://serverfault.com/questions/353626/multiple-installers-attached-to-a-single-gpo:

"You'll need to find a freeware app called "Assigned Software Sequence Manager" from a company called Sywan ICT. The order that the MSI's are installed within a single GPO is dependent on some date/time-based setting that the usual AD tools don't give you access to. Sywan's app lets you order them as you want."

It can be downloaded from http://www.sywan.nl/download/ASSM_0.3.zip
0
 
Vadim RappCommented:
Run Group Policy Results Wizard and analyze the results - what is applied, what is not, and why.
0
 
Thor2923Author Commented:
I have all my GPOs reporting as applied....I assume that is good??
GPOWizard.PNG
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Vadim RappCommented:
Yes, it is good - assuming that they are Encryption...GPO on the picture. If you see that it's applied, the next step is to check the actual settings that are enforced. They are on the tab "Settings" of the results.

Curious, why several GPO's with similar names, why not one?
0
 
Thor2923Author Commented:
My encryption process requires 3 installs of MSI files that need to go in a specific order. I have inquired about running order and I got conflicting answers on how to make them run in proper order. At this point, I only want to get the first GPO to run and install my "preinstall software" once I finally have that working, I will see about run order or possibly bulking all 3 MSIs into one GPO. At this point it looks like everything is right and most MSI files I have tried do install when I put them in the GPO path, except the ones I really need. I contacted Sophos to see if they have any suggestions
0
 
Vadim RappCommented:
The initial problem was "none of the GPOs I have linked to my practice OU seem to be recognized by the workstations it." Running group policy results wizard, as suggested, confirmed that they are all in fact applied, acknowledged in ID: 41725328.
0
 
Thor2923Author Commented:
this solution did not work for my particular project but may still be useful for someone with GPO issues.
0
 
Thor2923Author Commented:
I didn't realize assigning points was that important, but yes you did provide good information and an answer that may help  many people with GPOs...thanks
0
 
Vadim RappCommented:
As for the 2nd problem, having the MSI's running in particular order, if you still need it working, feel free to open another question. There are other ways to try, although this "Assigned Software Sequence Manager" seems like addressing this exact problem, so if you tried it and it did not work, maybe you could at least post some details (did not work at all? was misrepresented? etc.)

Btw, it took some effort to find it, it's not on the current website, I found the link by archive.org, going back.
0
 
Thor2923Author Commented:
Thanks, I have a conf call today with the vendor and they recommend using SCCM for their MSI push solution. I will bring up GPOs but they appear to be discouraging me so I assume they have a reason. If GPOs become possible, I may come get back on here...thanks
0
 
Vadim RappCommented:
The reason most likely is that they are not familiar with deployment by GPO. Not many people are.

The main advantage of deployment by SCCM is reporting - you can easily find out where it deployed and where it failed. The drawbacks are in the necessity to install the client on every workstation, plus of course SCCM itself - licensing, learning, managing; also, the installations pushed by SCCM install when the user has already logged in, so they are much more likely to interfere with him, and to request machine restart in the end.

The advantages of deployment by GPO are installation before the desktop showed up, thus zero interfering with the user; plus, it's free and less involved than SCCM. The drawback is no reporting, which we addressed in our article "How to Report Result of Installation in Active Directory Deployment"
0
All Courses

From novice to tech pro — start learning today.