ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Install Software via GPO - Computer Configuration vs User Configuration

    Scheduled Pinned Locked Moved IT Discussion
    43 Posts 5 Posters 9.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • thanksajdotcomT
      thanksajdotcom
      last edited by

      I just tested the commands from the local admin account. Now could the issue be where these scripts are located? I have them on one of the DC's NETLOGON folders. That should be fine AFAIK, but it seems like the computer config GPOs are having issues pulling from a domain location, even the scripts. Any thoughts?

      Rob DunnR 1 Reply Last reply Reply Quote 0
      • Rob DunnR
        Rob Dunn @thanksajdotcom
        last edited by Rob Dunn

        @thanksaj

        Using the local admin account is not the same as the computer using the computer account - these are two different things. The local administrator account will access the files in the context of a user object (albeit a local user), whereas the computer will access them as the computer object (a domain computer object). Kind of an odd concept to grasp, but the computer has it's own identity when it accesses network resources.

        thanksajdotcomT 1 Reply Last reply Reply Quote 0
        • thanksajdotcomT
          thanksajdotcom @Rob Dunn
          last edited by

          @Rob-Dunn said:

          @thanksaj

          Using the local admin account is not the same as the computer using the computer account - these are two different things. The local administrator account will access the files in the context of a user object (albeit a local user), whereas the computer will access them as the computer object (a domain computer object). Kind of an odd concept to grasp, but the computer has it's own identity when it accesses network resources.

          Ok, so it should have the permissions to access a domain resource then? That's what I always figured but this whole thing is getting confusing.

          Rob DunnR 1 Reply Last reply Reply Quote 0
          • Rob DunnR
            Rob Dunn @thanksajdotcom
            last edited by

            @thanksaj

            Yep, so the domain group 'authenticated users' contains both user objects and computer objects since both authenticate using their own passwords (computers just have their own passwords that they change automatically). So long as 'authenticated users' is set as a group that is allowed access to a network resource, your scripts configured under the computer configuration GPO settings should be able to reference and use those domain folders and files.

            Does that help?

            thanksajdotcomT 1 Reply Last reply Reply Quote 0
            • thanksajdotcomT
              thanksajdotcom @Rob Dunn
              last edited by

              @Rob-Dunn said:

              @thanksaj

              Yep, so the domain group 'authenticated users' contains both user objects and computer objects since both authenticate using their own passwords (computers just have their own passwords that they change automatically). So long as 'authenticated users' is set as a group that is allowed access to a network resource, your scripts configured under the computer configuration GPO settings should be able to reference and use those domain folders and files.

              Does that help?

              Yes, that was EXTREMELY helpful!

              1 Reply Last reply Reply Quote 1
              • thanksajdotcomT
                thanksajdotcom
                last edited by

                Ok, so I've figured out the trick to how we can get this to work. First of all, THANK YOU to all of you, but especially @Rob-Dunn and @IRJ for your help and insights. How I did this was create TWO GPOs. The first one that executes is the Computer Config GPO and it copies a text file I created called "install_lync_key.txt" from the DC's NETLOGON folder to the root of C:. This GPO is only applied to the computers I want to install Lync on.

                Next, my second GPO executes a batch script to all users. Security Filter is just Authenticated Users, and it's applied at the root level of the domain. The script is as follows:
                __
                IF EXIST "C:\Program Files\Microsoft Office\Office15\lync.exe" exit
                IF EXIST "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" exit
                IF EXIST "C:\install_lync_key.txt" goto InstallLync ELSE exit

                :InstallLync
                "\[removed]\LyncInstaller\Lync Install Files\setup.exe" /config \[removed]\LyncInstaller\config.xml
                __
                Basically, if Lync is already installed, it just kills the script. If it doesn't find the file on the computer, it kills the install. Tested this and it's working the way we wanted. FINALLY! This thing has been a nightmare. Anyways, that's the fix I was able to figure this out with. Thanks for everyone's help!

                A.J.

                Rob DunnR 1 Reply Last reply Reply Quote 1
                • Rob DunnR
                  Rob Dunn @thanksajdotcom
                  last edited by

                  @thanksaj BOOYA!

                  thanksajdotcomT 1 Reply Last reply Reply Quote 2
                  • thanksajdotcomT
                    thanksajdotcom @Rob Dunn
                    last edited by

                    @Rob-Dunn said:

                    @thanksaj BOOYA!

                    Thanks again Rob!

                    1 Reply Last reply Reply Quote 2
                    • IRJI
                      IRJ
                      last edited by

                      Sorry that I stepped out of this one. I have a big deployment I have been preparing for. Its going to be a long night\morning 🙂

                      Rob DunnR 1 Reply Last reply Reply Quote 1
                      • Rob DunnR
                        Rob Dunn @IRJ
                        last edited by

                        @IRJ That's why this is a community and not email 😉

                        Good luck with your deployment!

                        1 Reply Last reply Reply Quote 2
                        • 1
                        • 2
                        • 3
                        • 3 / 3
                        • First post
                          Last post