I have an Organizational Unit called Computers in Active Directory. In this OU, I have all the workstations on which I want to install SEP client. I extracted the msi file and made a network share. This msi file is on a different server than the AD.
When I create a Group Policy Object, I cannot link it to the container as it is a group and not an OU. I can't change this as this is the existing setup. So, I apply the GPO to the domain and this msi package extracted from SEPM has policies linked to this container. I created a software policy and assigned the software, but it does not work. I followed these steps: http://www.symantec.com/connect/articles/steps-install-sep-client-package-through-gpo
I am doing this after a long time and this is killing me now. Any advice would be appreciated. I have to install SEP on selected workstations. I also tried using SEPM to remote push, but it is not able to connect to my workstations. I called Symantec Support and they advised to enable Remote Registry Service on all workstations first. If I do that, I will have to create a policy first to enable it and then the computers have to be restarted for it to take place. Please Help
Best Answer
Security Groups and Organizational Units are not the same thing. GPOs are linked to OUs not Security Groups. So link the GPO to the OU that has the computers in it. If the computers are in the same Security Group but not OU then link the GPO to the top level of your tree (your domain) and remove replace Authenticated Users with the Security Group in Security Filtering.
Now because you are creating a machine policy instead of a user policy the GPO runs when the computer starts up. You should run
gpupdate /forceon the computers and restart them if you don't want to wait for the computers to check in with the domain controller and get the GPO configuration to install the software.