Hi Stefan - I think you mean link the GPO to the correct OU? Otherwise, I'm not sure what you're talking about. I've never worried about this before other than putting the OU link in the right place. Did you mean something else? On 11/15/21 10:30, Stefan Kania via samba wrote:> > > Am 15.11.21 um 17:00 schrieb Patrick Goetz via samba: >> Hi list - >> >> I experimented with getting software to install on W10 clients using a >> GPO, and could not get it to work.? Has anyone used this feature?? Is it >> even supposed to work under Samba?? The instructions I cobbled together >> from some googling below.? Things like accessibility to the share/etc. >> already tested. >> >> >> -=- Automatically Deploy Software >> >> ?- Create a share folder accessible by everyone in which to place .msi >> files >> ?- Create a Security Group for the computers which are to get this >> install/update >> ???? - Change the Object Type to allow for computer objects >> ???? - Add computers to this group. >> >> ? - GPO >> ? Computer Configuration -> Policies -> Software Settings -> Software >> ??????? Installation >> ? Right click, New -> Package >> ? - Add UNC path to package folder and select package to install. >> ? Remove "Authenticated Users" from Security Filter and add the group >> created above. >> > Don't miss the last step: > Give domain-pc the right to read the GPO > >
Yup. See the Microsoft documentation (in particular, the /a switch) https://docs.microsoft.com/en-us/troubleshoot/windows-server/group-policy/use-group-policy-to-install-software On Mon, Nov 15, 2021 at 8:38 AM Patrick Goetz via samba < samba at lists.samba.org> wrote:> Hi Stefan - > > I think you mean link the GPO to the correct OU? Otherwise, I'm not sure > what you're talking about. I've never worried about this before other > than putting the OU link in the right place. Did you mean something else? > > > On 11/15/21 10:30, Stefan Kania via samba wrote: > > > > > > Am 15.11.21 um 17:00 schrieb Patrick Goetz via samba: > >> Hi list - > >> > >> I experimented with getting software to install on W10 clients using a > >> GPO, and could not get it to work. Has anyone used this feature? Is it > >> even supposed to work under Samba? The instructions I cobbled together > >> from some googling below. Things like accessibility to the share/etc. > >> already tested. > >> > >> > >> -=- Automatically Deploy Software > >> > >> - Create a share folder accessible by everyone in which to place .msi > >> files > >> - Create a Security Group for the computers which are to get this > >> install/update > >> - Change the Object Type to allow for computer objects > >> - Add computers to this group. > >> > >> - GPO > >> Computer Configuration -> Policies -> Software Settings -> Software > >> Installation > >> Right click, New -> Package > >> - Add UNC path to package folder and select package to install. > >> Remove "Authenticated Users" from Security Filter and add the group > >> created above. > >> > > Don't miss the last step: > > Give domain-pc the right to read the GPO > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Microsoft changed some GPO-permission several years ago. All domain-PC must be able to read the GPO, otherwise the GPO will never work. Normally all GPOs assigned to "authenticate users", that includes the domain-PCs, but as soon as you remove "authentcated users" from the "securityfilter" the domin-pc can't read the GPO anymore, so you must go to the "delegation"-Tab and add "domain PC" group with "read"-permission to the list. see https://support.microsoft.com/kb/3163622 for more information. But you normally get a warning message as soon as you remove "authenticated users". Am 15.11.21 um 17:37 schrieb Patrick Goetz via samba:> Hi Stefan - > > I think you mean link the GPO to the correct OU? Otherwise, I'm not sure > what you're talking about. I've never worried about this before other > than putting the OU link in the right place. Did you mean something else? > > > On 11/15/21 10:30, Stefan Kania via samba wrote: >> >> >> Am 15.11.21 um 17:00 schrieb Patrick Goetz via samba: >>> Hi list - >>> >>> I experimented with getting software to install on W10 clients using a >>> GPO, and could not get it to work.? Has anyone used this feature?? Is it >>> even supposed to work under Samba?? The instructions I cobbled together >>> from some googling below.? Things like accessibility to the share/etc. >>> already tested. >>> >>> >>> -=- Automatically Deploy Software >>> >>> ??- Create a share folder accessible by everyone in which to place .msi >>> files >>> ??- Create a Security Group for the computers which are to get this >>> install/update >>> ????? - Change the Object Type to allow for computer objects >>> ????? - Add computers to this group. >>> >>> ?? - GPO >>> ?? Computer Configuration -> Policies -> Software Settings -> Software >>> ???????? Installation >>> ?? Right click, New -> Package >>> ?? - Add UNC path to package folder and select package to install. >>> ?? Remove "Authenticated Users" from Security Filter and add the group >>> created above. >>> >> Don't miss the last step: >> Give domain-pc the right to read the GPO >> >> >-- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und sch?tzt Ihre Privatsph?re. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html