GPO - Install software based on User - Without user involvement
-
OK So I'm trying to get a GPO to install software, dependant on what user is logging into a computer, and the GPO results aren't listing the GPO at all.
What am I missing here, ignoring the formatting.
Computer Configuration (Enabled) Policies Software Settings Assigned Applications ScreenConnect Client (eb1c846337814859) Product Information Name ScreenConnect Client (eb1c846337814859) Version 6.1 Language English (United States) Platform x86 Support URL Deployment Information General Setting Deployment type Assigned Deployment source \\server\software\ScreenConnect\NTG.RemoteSupport.ClientSetup.msi Uninstall this application when it falls out of the scope of management Disabled Advanced Deployment Options Setting Ignore language when deploying this package Disabled Make this 32-bit X86 application available to Win64 machines Enabled Include OLE class and product information Enabled Diagnostic Information Setting Product code {4f7d2a12-39ff-4b35-bbcd-a5fce7181058} Deployment Count 0 Security Permissions Type Name Permission Inherited Allow domain\tnoob Read Yes Allow inheritable permissions from the parent to propagate to this object and all child objects Enabled Advanced Upgrades Setting Required upgrade for existing packages Enabled Packages that this package will upgrade GPO None Packages in the current GPO that will upgrade this package None Categories None Transforms None -
Yes, I've performed a gpupdate /force on the target computer I'm testing with.
-
There are several guides from MS, but they are all computer based, and while they likely would work, I want the software installed to specific users who roam often.
-
Have you tried to "Enable loopback policy" setting in the computer section of the GPO? This will apply these user settings to anyone logged into the computer the GPO is applied to.
-
Many policies can't be applied to users and have to be applied to the computer. that said you might be able to set the Item level targeting to limit it to specific users.
Of course I'm looking at GPO now and see that there is a software section under the user Configuration portion.
By default you can only use either Computer Config, or User Config, not both at the same time. I have no idea why MS did it this way, but they did.
Because of that, I have split my GPOs into User based ones and computer based ones and resolved my issues.
But, as @thedalton said, you can enable the loopback policy and both sides of a policy will work (usually).
-
Yeah.... I'm actually copying another GPO that is being deployed / functional. So I'm kind of at a loss why this one isn't working.
-
@Dashrender said in GPO - Install software based on User - Without user involvement:
Many policies can't be applied to users and have to be applied to the computer. that said you might be able to set the Item level targeting to limit it to specific users.
This is your problem.
If you want to deploy the software based on user, you need to deploy it under User Configuration -> Policies -> Software Settings -> Software installation.
You tried to deploy it under Computer Configuration, and filtered by User, so it gets totally ignored.
-
@Mike-Davis Sorry, yeah... I was testing it in both locations and copied the info from the wrong section.
But good eye.
-
@Mike-Davis said in GPO - Install software based on User - Without user involvement:
@Dashrender said in GPO - Install software based on User - Without user involvement:
Many policies can't be applied to users and have to be applied to the computer. that said you might be able to set the Item level targeting to limit it to specific users.
This is your problem.
If you want to deploy the software based on user, you need to deploy it under User Configuration -> Policies -> Software Settings -> Software installation.
You tried to deploy it under Computer Configuration, and filtered by User, so it gets totally ignored.
This is only a problem if your computer is not part of this GPO pool - or you're trying to run things from both computer and user without loopback enabled.
