I found a working solution that was rather elegant, and didn't involve giving users any additional permissions to the ClientApps software distribution folder.
I no longer have the link to that site, or the original references.
However, it is actually quite simple:
Setup your GP software install via the GPMC in the Server Console.
Then, head down to your Client Computer policy:
Edit the policy and navigate down to: Computer Configuration\Administrative Templates\System\Logon
There you will find: Always wait for the network at computer startup and logon. Enable this policy setting.
Next, in Windows Explorer right click on the ClientApps folder and click on, "Sharing and Security".
On the Security Tab, Click the Add button and add the following two groups and give them full control permissions:
- Domain Controllers
- Domain Computers
Click Apply.
You should see the following:
From the command line, or Start-->Run: gpupdate /force
That is it. Once you have set the OS to wait for logon, set the above NTFS permissions to the ClientApps folder, your software will be distributed the next time your users logon. Keep in mind workstations can take up to 90 minutes to refresh their GP.
We use this setup for software such as Windows Defender, PDFCreator, Office 2003, hopefully soon Office 2007, and others.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
No comments:
Post a Comment