Re: AD Software Install

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 08/19/04 

Date: Thu, 19 Aug 2004 06:47:26 -0400

Adrian,

There are three choices that you have here:

1) create an OU structure so that all of the WIN2000 computer account
objects are in one OU and all of the WINXP Pro computer account objects are
in another OU and link the GPO that deploys WIN2000 SP4 to the OU that
contains the WIN2000 computer account objects, or

2) place all of your computer account objects in the same OU and link two
GPOs to that OU ( assuming that you will ultimately be deploying SP2 for
WINXP via GPO ). You could then use Security Groups to filter who gets
which GPO ( you know that all you need to do is to create two security
groups - one WIN2000 and one WINXP, populate them with the correct computer
account objects, remove the Authenticated Users security group form the GPOs
and replace that with the appropriate security group that you just created,
making sure to give it both READ and APPLY GROUP POLICY rights ), or

3) leave things as-is and let it fail on the WINXP systems....and SP2 for
WINXP Pro fail on the WIN2000 systems.

I would contend that the third option is for lazy people and go with first
#1 and then #2. However, we do not know anything about your environment and
do not know if you have any other GPOs that might be linked to the current
OU in which your computer account objects are located.

HTH,

Cary

"Adrian Marsh (NNTP)" <me@nowhere.com> wrote in message
news:eXGx5UdhEHA.2624@TK2MSFTNGP12.phx.gbl...
> heres a poser.
>
> I have w2k SP4 setup to deploy via AD Soft. Inst., but what happens
> when I'm using an XP PC ? I'm assuming it'll try to run the SP4, and
> that SP4 will just quit - right ?

Relevant Pages

  • Re: Automatically adding computers to a group
    ... that makes no sense if the computer account is NOT recreated. ... This security group is used to filter ... Interesting concept, "run once GPO. ... computer a member of this new security group. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Software Installation GPO
    ... just that an individual computer can reside in only one ... >GPO and link it to an OU, ... >with the computer account objects that need to have this ...
    (microsoft.public.win2000.active_directory)
  • Re: Automatically adding computers to a group
    ... their domain computer account password expires. ... security group every time its joined to a domain. ... Interesting concept, "run once GPO. ... that all machines are a member of. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Software Install
    ... > objects are in one OU and all of the WINXP Pro computer account objects are ... > WINXP via GPO). ... remove the Authenticated Users security group form the GPOs ... > WINXP Pro fail on the WIN2000 systems. ...
    (microsoft.public.win2000.active_directory)
  • Re: Software Installation GPO
    ... GPO and link it to an OU, by default the 'Authenticated Users' group is used ... 'Authenticated Users' group, create your own security group, populate it ... you can keep all of your computer account objects in one OU and ...
    (microsoft.public.win2000.active_directory)