That's funny, the Acrobat scenario is the exact case in question for me:) Thanks! jlc
From: Miller Bonnie L. [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 7:45 AM To: NT System Admin Issues Subject: RE: GPO Based Software Deployment Targeting Yep-we have tons of software deployed via gpo set up using groups other than "authenticated users", all in the same policies. The easiest way is to create a group in AD and add the computers you want to have the application to that group. If you already have some installations you want to keep, you need to replicate your AD and restart the pc so that their access tokens get updated with the new group info (so the software doesn't uninstall on you where you want to keep it). Then, filter that deployed app by removing authenticated users and add your group of computers. The only place we use deny permissions is where we have conflicting applications, but it also works well. For example, we don't want Acrobat Reader and Acrobat installed on the same machine. So, we create groups for both and then in addition to adding the allow for the group that needs it, we deny the other one. That way if a computer ends up in both groups by mistake, they get no software rather than a messed up installation of both. -Bonnie From: Joseph L. Casale [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2008 12:36 PM To: NT System Admin Issues Subject: GPO Based Software Deployment Targeting Is it wise/doable to edit the perms associated with an application instance for one of many deployed apps in a GPO? I want to prevent one app from being deployed on a few wkst's but don't want to make another GPO. Would that work to deny that package for say "Special Group" of computers? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
