0

Basically my question is do i group computers in security groups then add that group to the policy's security filtering? For some reason i've always though of security groups as appling only to users...

windows 2008 AD windows xp / win 7 machines

thanks in advance!

v-dog
  • 1
  • 1
  • 1

2 Answers2

2

Check out this article, it should address your needs

http://blogs.technet.com/b/grouppolicy/archive/2009/07/30/security-filtering-wmi-filtering-and-item-level-targeting-in-group-policy-preferences.aspx

and like Joe said, yes you can use groups for computers as well

Eric C. Singer
  • 2,319
  • 15
  • 17
  • thanks for clearing that up..i tried it out and i did see the policy being applied, but the msi is not being installed ... how do i start troubleshooting? – v-dog Aug 16 '12 at 18:16
  • @v-dog Check the logs. Should almost always be your first troubleshooting step. (In this case, the client logs and/or rsop should point you at why the msi isn't installing.) – HopelessN00b Aug 16 '12 at 18:29
  • Have you rebooted the computer since setting up the GPO? If so, how many times? Software installation only occurs on startup and sometimes requires several reboots. – joeqwerty Aug 16 '12 at 18:34
  • i'd also check that application event log to make sure the app its self isn't failing for some reason. – Eric C. Singer Aug 16 '12 at 18:52
  • i've rebooted it once, will reboot it again ... no errors in application log ... where do i find the rsop? is there a report on the group policy manager that tells me if the policy was aplied? – v-dog Aug 16 '12 at 19:20
  • honestly, and totally not trying to be rude, but this is out of scope for this question. I'd suggest asking a new question. I'm a little rusty on app deployment through GPO as its not something I do often (I use LANDesk most of the time). Typically once an installer has run once it won't re-run again. So you many need to re-hash, or re-initilize the application GPO to try getting it to reapply. It should also be in the app log. Perhaps there is some verbose logging that needs to be enabled though. – Eric C. Singer Aug 17 '12 at 19:39
1

Yes, you can use a security group populated with computer accounts to filter Group Policy.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171