One more question - if you assign a software package to users, does it push to their PC when they login next or when they click "add" in add/remove programs?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Friday, June 09, 2006 3:38 PM To: [email protected] Subject: RE: [ActiveDir] Another GPO question First I wouldn't use such a wide-open group as Domain Users to target your install. If you do, then you pick up a lot of unwilling victims. I would try creating a special group just for this deployment and use that to security filter either the GPO or the individual app. But, if you need to use Domain Users or just in general want to exclude the install from servers, then there's probably a couple of ways to skin it. You could put all your admins into a special "Admin Group" and then set a Deny ACE on that GPO or package for that group. The Deny would take precedence over the Allow of the Domain Users. Or, you can enable loopback on all your servers, in replace mode, and control user policy from the computer GPOs that apply to those servers. In this scenario, any user policies (like software installation) would be ignored when those admins logged into those servers. Darren Darren Mar-Elia For comprehensive Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Also check out the Windows Group Policy Guide, a soup-to-nuts resource for Group Policy information. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Friday, June 09, 2006 12:31 PM To: [email protected] Subject: [ActiveDir] Another GPO question If I assign a software GPO to all users (domain users), how do I ensure that if one of those users is in the IT department, they won't unknowingly push the Office Communicator installation to every server in our server room? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of Cameron and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
