We have a small (>100 machines) Windows domain running Server 2008R2. We use Symantec Endpoint Protection 12.1 I want to have GPO deploy the AV software to client machines automatically, but only to client workstations, not to servers, which run a different software.
I've set it up before using a GPO linked to the domain mycompany.local and it works, but it deploys the AV software to ALL machines on the domain, including my servers. I can create an OU in active directory for Servers, and perhaps create one for client machines too, but I'd rather not have to go and move new domain members from the default under Computers into a different folder.
How can I use GPO to deploy this AV software only to workstations on our network, and not to servers?
Best Answer
Objects in the default
Computerscontainer in AD don't get group policies applied, aside from policies applied at the domain level. So, in order to apply the Software install to ONLY workstations, you should create another OU for workstations and move all workstation into it. You would then apply your Software install policy on that Workstation OU.