Re: GPMC Group Policy Modeling - installed software
- From: Denver <denver.perera@xxxxxxxxx>
- Date: 16 May 2007 21:29:06 -0700
On May 16, 6:47 pm, "Herb Martin" <n...@xxxxxxxxxxxxxx> wrote:
"Denver" <denver.per...@xxxxxxxxx> wrote in message
news:1179303978.936866.65200@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On May 16, 9:05 am, "Herb Martin" <n...@xxxxxxxxxxxxxx> wrote:
"Denver" <denver.per...@xxxxxxxxx> wrote in message
news:1179269072.935203.48540@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On May 15, 3:40 pm, "Herb Martin" <n...@xxxxxxxxxxxxxx> wrote:
"Denver" <denver.per...@xxxxxxxxx> wrote in message
news:1179202302.457815.46010@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi - Hope you can assist.
We setup apps to be deployed via GPO in-
Computer Configuration | Software Settings
(ie. WindowsMessenger is setup there in a GPO)
For each application, we apply a security group so we can deploy
this
application by membership of this security group.
(ie. GG-WindowsMessenger)
What I want to know is, is there a tool that I can use to view all
the
objects that are will be applied as a result of this security group
membership.
RSoP -- in All Tasks of AD Users and Computers when a User or
Computer is selected.
(ie. Open a tool, select the security group GG-WindowsMessenger,
and
it can show me (hopefully in a rsop.msc window) all GPO objects that
are applied as a result)
Not that way but RSoP can do it. Take a User (or create one for this
purpose) and do RSoP in PLANNING mode -- use the options to
pretend the user is a member of the Group (or in an OU, or Site, etc)
and then do the RSoP.
I've tried using GMPC's Group Policy modeling, but I cannot see the
software applied. Maybe I'm not using this tool correctly?- Hide
quoted
text -
- Show quoted text -
Hi - Thanks for the reply.
I have tried this, but not all software that is to be installed appear
in the RSoP (running in Planning mode). Ie. Software from GPO_A
appears, but not from GPO_B. I definitely know the security is correct
coz i can assign that security group to a machine and it will deploy
that application upon a reboot.
I am not sure what the above paragraph means. IF the software is being
installed by a GPO then this will tell you about the APPLICATION of the
GPO to a user based even on Group Membership changes.
IF you are dealing with the permissions on the actual SHARES and NTFS
volumes then that is NOT covered by the RSoP but you must ensure this
works using normal share and NTFS tools.
When running the RSoP command, i'm selecting the same machine and
using the default values, therefore there should not be any difference
between RSoP planning mode and physically rebooting that box to
receive the apps.
Probably not, but clearly there is a difference POSSIBLE if you move the
user into a Group where they are not currently a member (as you requested
in your original message.)
It looks like RSoP is timing out. Can you increase the length of time
for RSoP to run? Maybe not all GPOs are getting processed.
Maybe, but I have never heard of that -- if it is timing out then likely
you have some more basic AD Replication OR authentication OR
DNS problems. (Most replication and authentication problems are
DNS anyway.)
Use DCDiag /c to check each individual DC for proper replication and
DNS.
Can you isolate only a particular GPO to be processed respective to
the applied security groups?
You also should likely NOT be using permissions as a PRIMARY method
of selecting the correct GPOs.
That is done by LINKING the GPOs only to the correct OUs, and correctly
designing those OUs for this purpose.
Permissions on GPOs should generally only be used in the rare case where
no other selection method works.
It sounds very much like you are overusing GPO permissions but that is a
design criticism, not a solution to the questions you are actually asking
even
if your current problems might just disappear with a "good" design.
Thanks for your assistance...
Sure.
We will try to help.
--
Herb Martin, MCSE, MVPhttp://www.LearnQuick.Com
(phone on web site)- Hide quoted text -
- Show quoted text -
For some reason, the physical computer that i have in my OU can
receive apps from the second GPO (upon the reboot), but when i use
RSoP planning on that same computer account, apps do not deploy... i
don't know why the difference. Is there a way to check why there is a
difference between physicall rebooting a PC and running RSoP in
planning mode...
My first guess would be some failure to REPLICATE AD which gets you
back to my PREVIOUS suggestion:
Use DCDiag /c to check each individual DC for proper replication and
DNS.- Hide quoted text -
- Show quoted text -- Hide quoted text -
- Show quoted text -
but home come that same host can be rebooted and it will receive the
apps fine. but not in RSOP Planning mode.. :-(
ok - thanks for your help. will look into it.
.
- References:
- GPMC Group Policy Modeling - installed software
- From: Denver
- Re: GPMC Group Policy Modeling - installed software
- From: Herb Martin
- Re: GPMC Group Policy Modeling - installed software
- From: Denver
- Re: GPMC Group Policy Modeling - installed software
- From: Herb Martin
- Re: GPMC Group Policy Modeling - installed software
- From: Denver
- Re: GPMC Group Policy Modeling - installed software
- From: Herb Martin
- GPMC Group Policy Modeling - installed software
- Prev by Date: upgrade win 2000 server to win 2003 DC
- Next by Date: Re: ADAM Design Question: userProxy and Groups
- Previous by thread: Re: GPMC Group Policy Modeling - installed software
- Next by thread: Re: Adding R2 to existing non-R2 Active Directory
- Index(es):
Relevant Pages
|
Loading
