I have a VirtualBox laboratory with a Windows Server 2019 machine and two Windows 10 machines. Each machine can ping the other ones and the Server machine is a Domain Controler. The clients are part of the domain that is labs.local. The Server has a static IP, and the IP of clients are given by the DHCP Server.
Then I built an Active Directory structure of OUs, users and groups. There are three independent OUs from each others. My goal is to deploy an MSI file only in one OU, lets say "IT". For that, I downloaded the MSI file and put it in a shared folder in the Server. I can access the shared folder from the clients by its UNC path with any user.
Now in Group Policy Management I created a new GPO and then I edited it. In the Group Policy Editor I chose User Configuration > Software Settings > Software Installation. Then I created a new assigned package with the UNC path of the MSI file. At the end I closed the Group Policy Editor and linked the GPO with the OU "IT".
However, after updating the group policies it seems that the GPO applies to the computer (Windows 10 machine) and not to the users because users from other OUs also have the MSI installed, in this case it's Firefox.
Can you give me a hint on how to deploy (and install) a MSI file only in a singles OU ? Thanks.
• Please check the ‘OU’ that you have applied the GPO to whether it has only computer systems or does it include users also. If it includes users also, then this group policy will be applied to the systems on which these users will be logged on to. This is the publishing method of installing a package in AD environment wherein the software package will be installed in those systems where the users in selected OUs have logged on to. This software package will be available in ‘Add or Remove Programs’ section of the control panel.
• Similarly, if the OU has computer systems only, and you have applied the GPO as specified in the question, then no computer system or user will be able to install that software package. And if the following GPO setting has been applied with users as well as computer systems in the OU, then when the user logs on to the computer, the software package gets installed and when the computer system starts, the software package gets installed. This is known as assigning method of software package deployment in AD environment.
‘ Group policy Management --> Select the GPO --> Edit --> Computer Configuration --> Software settings --> Software Installation --> New --> Package --> Type the UNC path of the share where the software package is placed --> Open --> Ok --> Save ’
Please find the below link for more information on the above topics: -