Thank you for creating this video! Also, thank you for going over and beyond by purposely encountering a common bug in your demonstration and teaching us how to resolve it!
Thanks Robert. This is an incredible video as you explained clearly and completely the software install process, and you showed us what happens in real life, and how to solve a problem that may arise. This is how to teach. I'm subscribing because I know you must have more great videos to share!
Hi, is it possible to find out cross domain gp permissions.. looking for a command to give output of all the permission in particular gp which is used by other domain users or vice versa
Hello, I've followed everything that you did but when I try to deploy software via GPO its not successful. The network shared folder is accessible both to the DC and Client, but it never installs. Whenever I run the gpupdate /force command it shows in the terminal that the policy is successfully updated but a prompt for me to restart never shows, I hope you can help me here.
Good video but I don't think you have to worry too much about the Everyone group in the Shared Permission since the access will be controlled via the Security Permissions. What I think is more important that you hide the folder by adding $ at the end of the Shared Name so the folder is hidden on the Network. Disabling the Offline availability can't hurt.
@@ActiveDirectoryPro I like your solution for "everyone". Nicely done. I personally don't like having "everyone" on domain share unless its necessary. Very informative tutorial.
Should we only give access to Domain Admins, instead of Domain Users if we plan to use this strictly for deploying software through GPO? Never for a Domain user (employee) to directly access the folder and view what's inside? Edit you answered it, must use Domain Users for permissions sake.
@@kahnit It's to make a specific network folder inaccessible to Domain Users. That network folder would only be accessible to Domain Admins to add/remove installers. The network folder would be a software repository to automatically deploy the installation of specific software onto workstations based on the employees' roles - what software they require to do their job.
Its not assigning 😢can you help me any other package generates "add operation failed. unable to extract deployment info from the package. run validation...".
Thanks for the detailed instructions. Can I deploy paid software - like an antivirus with a license key with this method? and can the app install without rebooting the pc ?
Its possible. You will need to check with the software provider if they have an option to include a key. Another possible option is to modify the msi with a program called Orca. It allows you to edit an MSI file. docs.microsoft.com/en-us/windows/win32/msi/orca-exe
having Everyone on a share permission isn't a problem since you are setting it to Read only, so no virus that a potential users might caught will be able to write on that share even if the user has NTFS permissions to write on that folder.
It is a problem. It allows anyone to scan your network for shared folders, which they could then use to exploit. Plus it opens it up to unauthenticated users, that is a huge concern. If you want to give users read only access then use a Active Directory domain group not the everyone group. I would never ever use the everyone group, even if a vendor told me to.
Windows security patches and other updates can typically be downloaded as either .exe files or .msu files as an alternative to using Windows Update. I've always thought of .msi files as Microsoft install and .msu as Microsoft update. I never actually googled to see what they officially mean, if it's even available out there.
HI , I HAVE 2 DC'S IN THE 2 SITES AND IN 1 DC EVERY TIME ERROR MESSAGE THERE IS NO APPLICATION DATA AND IN SECOND DC EVERYTHING FINE ID EVENT 103 ,104 ANY HELP PLEASE
Thank you for creating this video!
Also, thank you for going over and beyond by purposely encountering a common bug in your demonstration and teaching us how to resolve it!
Glad it helped!
@@ActiveDirectoryPro hello i need your help
@@ActiveDirectoryPro its there anyway i can contact you please
Thanks Robert. This is an incredible video as you explained clearly and completely the software install process, and you showed us what happens in real life, and how to solve a problem that may arise. This is how to teach. I'm subscribing because I know you must have more great videos to share!
Thanks for the feedback. Make sure to check out my blog for more how to guides.
activedirectorypro.com/blog/
@@ActiveDirectoryPro Thanks again Robert I sure will check out your blog.
It's very detailed and clear. Thank you so much man!
You're welcome!
Solid content for someone new to this
Thanks Austin
Bruh big fan! Your site has helped me lot!
Excellent! Thanks for the feedback.
Thanks for such a great video! Extremely informative!
You are welcome
Thank you. I need to get Cisco Duo deployed.
Hi, is it possible to find out cross domain gp permissions.. looking for a command to give output of all the permission in particular gp which is used by other domain users or vice versa
How to do this in Azure portal using "*Azure policy*" for pushing a software on many Windows Server 2019?
You can deploy software with Intune.
Hello, I've followed everything that you did but when I try to deploy software via GPO its not successful. The network shared folder is accessible both to the DC and Client, but it never installs. Whenever I run the gpupdate /force command it shows in the terminal that the policy is successfully updated but a prompt for me to restart never shows, I hope you can help me here.
Good video but I don't think you have to worry too much about the Everyone group in the Shared Permission since the access will be controlled via the Security Permissions. What I think is more important that you hide the folder by adding $ at the end of the Shared Name so the folder is hidden on the Network. Disabling the Offline availability can't hurt.
You are correct but it is not a security best practice.
@@ActiveDirectoryPro
I like your solution for "everyone". Nicely done. I personally don't like having "everyone" on domain share unless its necessary. Very informative tutorial.
Should we only give access to Domain Admins, instead of Domain Users if we plan to use this strictly for deploying software through GPO? Never for a Domain user (employee) to directly access the folder and view what's inside?
Edit you answered it, must use Domain Users for permissions sake.
why would you want to hide what software is installed on employees devices? Also, users can also just view GPOs
@@kahnit It's to make a specific network folder inaccessible to Domain Users. That network folder would only be accessible to Domain Admins to add/remove installers. The network folder would be a software repository to automatically deploy the installation of specific software onto workstations based on the employees' roles - what software they require to do their job.
Its not assigning 😢can you help me any other package generates "add operation failed. unable to extract deployment info from the package. run validation...".
I am not able to deploy and I am using vm please guide me how I deploy on vm
how to install license key on program ?
Thanks for the detailed instructions. Can I deploy paid software - like an antivirus with a license key with this method? and can the app install without rebooting the pc ?
Its possible. You will need to check with the software provider if they have an option to include a key. Another possible option is to modify the msi with a program called Orca. It allows you to edit an MSI file.
docs.microsoft.com/en-us/windows/win32/msi/orca-exe
What if the msi install file has settings you have to configure?
Use ORCA
www.advancedinstaller.com/edit-msi-file-with-orca-and-alternative.html
having Everyone on a share permission isn't a problem since you are setting it to Read only, so no virus that a potential users might caught will be able to write on that share even if the user has NTFS permissions to write on that folder.
It is a problem. It allows anyone to scan your network for shared folders, which they could then use to exploit. Plus it opens it up to unauthenticated users, that is a huge concern. If you want to give users read only access then use a Active Directory domain group not the everyone group. I would never ever use the everyone group, even if a vendor told me to.
Hi this a greate tutorial, so we can follow this step to deploy Windows security patch?
If you can download the individual msi file.
Windows security patches and other updates can typically be downloaded as either .exe files or .msu files as an alternative to using Windows Update. I've always thought of .msi files as Microsoft install and .msu as Microsoft update. I never actually googled to see what they officially mean, if it's even available out there.
HI , I HAVE 2 DC'S IN THE 2 SITES AND IN 1 DC EVERY TIME ERROR MESSAGE THERE IS NO APPLICATION DATA AND IN SECOND DC EVERYTHING FINE ID EVENT 103 ,104 ANY HELP PLEASE
sir can you explain this option please :)
"auto-install this application by extension activation"
thnx in advance ❤
is it possible to deploy a GPO using user configuration?
Yes but it doesn't install automatically. The user would have to manually start the install process. Kinda dumb, not sure why MS did that.
thanks, it' very usefull
You're welcome!
Thanks sir
Welcome