| Author | Messages | |
andrewmchale
Posts:6
 | | 09/24/2008 2:28 PM |
| Hi all,
Sorry for the delay in my reply and if this has already been cleared up. Dan's reply below confirmed 99% of the case below but I wanted to add (as a WSUS admin) that he is correct, GPP CSE's cannot be deployed via WSUS to XP SP3... yet. It can to XP SP2 if all pre-requisites have been installed.
More info here: http://www.wsus.info/forums/index.php?showtopic=11994
The WSUS blog post incorrectly states that "This update is not currently applicable to Windows XP SP3". It is, just not in the eyes of the WSUS engine.
Andrew
-----Original Message-----
From: Dan Holme [mailto:dan.holme@intelliem.com]
Sent: 06 September 2008 01:39
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Restricted Groups and Local Accounts
I've actually DONE this in Beijing this summer.
XPSP3 takes the GP Extensions. Maybe not through WSUS (not tried) but definitely can be installed. I baked it into the XPSP3 image with a silent install. No problem.
XPSP3 does NOT take XMLLite because it's not necessary. Don’t try to install it -- you'll get the error.
So GO FOR IT with GP Prefs and XPSP3!!!
Dan
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia
Sent: Friday, September 05, 2008 12:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Restricted Groups and Local Accounts
Couple things here. This thread just came across my desk--answers some questions about GPP including XP3 support.
http://windowsitpro.com/article/articleid/100198/microsoft-responds-to-policymaker-questions.html
It *appears* to say at the end that it's not supported on XP3 but I find that hard to believe. What about all those folks that installed GPP and then upgraded to XP3? Its not removed. Anyway, the key point here is that XMLLIte is already included in XP3, so you don't need a separate download.
Also, just an FYI on the XMLLite pre-req in general. See this blog post I did on this, since XMLLite is installed by a number of related components and is not necessarily required as a separate install: http://sdmsoftware.com/blog/2008/05/xmllite_and_group_policy_prefe.html
Darren
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Stegall, Stuart
Sent: Friday, September 05, 2008 2:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Restricted Groups and Local Accounts
This is the best solution we were able to manage, as we have split users
between SP2 and SP3.
http://heidelbergit.blogspot.com/2008/03/how-to-install-gpp-cses-using-s
tartup.html
Stuart Stegall
Systems Integration Specialist
KB Home Information Technology
Office 972-577-5822
Cell 469-279-3626
VoIP x872008
sstegall-x@kbhome.com
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Susan Bradley,
CPA
Sent: Friday, September 05, 2008 4:20 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Restricted Groups and Local Accounts
XMLite prereq
KB915865
"Files from the package are incompatible with files on your system"
943729 installed, but 915865 won't?
Is 915865 included in xp sp3?
Susan Bradley, CPA wrote:
> The patch only states XP sp2, nothing about sp3. I'll go try it on a
> SP3 that I have.
>
> WATSON, BEN wrote:
>> Isn't that more of a WSUS bug though? WSUS believing that SP3
machines
>> already have the GP Extensions plugin installed? It would likely
still
>> work if installed manually or pushed out through some other method
>> wouldn't it?
>>
>>
>> -----Original Message-----
>> From: ActiveDir-owner@mail.activedir.org
>> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Susan
Bradley,
>> CPA Sent: Friday, September 05, 2008 1:32 PM
>> To: ActiveDir@mail.activedir.org
>> Subject: Re: [ActiveDir] Restricted Groups and Local Accounts
>>
>> The WSUS Support Team Blog : WSUS: KB943729 detected as not
>> applicable on Windows XP SP3 installations:
>>
http://blogs.technet.com/sus/archive/2008/09/04/wsus-kb943729-detected-a
>> s-not-applicable-on-windows-xp-sp3-installations.aspx
>>
>>
>> WATSON, BEN wrote:
>>
>>> I believe the GP extensions capability for XP are part of a separate
>>> update that you can download and apply to your machines.
>>>
>>>
>>>
>>
http://www.microsoft.com/downloads/details.aspx?FamilyID=e60b5c8f-d7dc-4
>>
>>> b27-a261-247ce3f6c4f8&displaylang=en
>>>
>>> Does it not function on Service Pack 3 XP machines?
>>>
>>> -----Original Message-----
>>> From: ActiveDir-owner@mail.activedir.org
>>> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Susan
>>>
>> Bradley,
>>
>>> CPA Sent: Friday, September 05, 2008 1:25 PM
>>> To: ActiveDir@mail.activedir.org
>>> Subject: Re: [ActiveDir] Restricted Groups and Local Accounts
>>>
>>> Afai understand, the GP extensions can't be applied to XP sp3 yet.
>>>
>>> Roelf Zomerman wrote:
>>>
>>>> You can try to add the users using the Group Policy Preferences..
>>>> you'd need at least one 2008 or Vista client with group policy
editor
>>>>
>>
>>
>>>> for this to work, but preferences are also applied to Windows
XP/2003
>>>>
>>
>>
>>>> clients, asuming they have the latest updates (including group
policy
>>>>
>>
>>
>>>> extensions)..
>>>>
>>>> _R
>>>>
>>>> *From:* ActiveDir-owner@mail.activedir.org
>>>> [mailto:ActiveDir-owner@mail.activedir.org] *On Behalf Of *WATSON,
>>>>
>> BEN
>>
>>>> *Sent:* Friday, September 05, 2008 10:20 PM
>>>> *Subject:* [ActiveDir] Restricted Groups and Local Accounts
>>>>
>>>> Say I want to create a restricted groups policy that when applied
>>>> to specific machines will always ensure that a local user account
>>>> with a
>>>>
>>
>>
>>>> certain name will be added to the local administrators group.
>>>>
>>>> Is there a way to do this? When I create the policy and point the
>>>> restricted groups policy to my own machine to grab the name of the
>>>> local account, it works on my machine, but the policy will not add
>>>> that local account to any other machines. Just to clarify, if the
>>>>
>> user
>>
>>>>
>>>
>>>> account is created with the same name as specified in the policy,
the
>>>>
>>
>>
>>>> restricted groups policy apparently does not recognize that local
>>>> account and does not add it to the local administrators group.
>>>>
>>>> Is the policy actually using the local SID of the account and thus
>>>> even though all the local accounts are named the same, the policy
>>>> doesn't believe them to be the same and thus doesn't process it?
>>>> That's the only thing I can think of for why this wouldn't work.
>>>>
>>>> Thanks,
>>>>
>>>> Ben
>>>>
>>>> _______________________________________
>>>>
>>>> Best way to annoy your co-workers? E-mail.
>>>> <http://abcnews.go.com/print?id=5351908>
>>>>
>>>>
>>> List info : http://www.activedir.org/List.aspx
>>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>>> List archive: http://www.activedir.org/ma/default.aspx
>>> List info : http://www.activedir.org/List.aspx
>>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>>> List archive: http://www.activedir.org/ma/default.aspx
>>>
>>>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ma/default.aspx
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ma/default.aspx
>>
>>
> List i
z{Sʗ{�Vvx zr�
z}vyrjrzyz
.+-��0������j�q.+-��0�����ˊ�E��Kj�!i�b��b����ןj�m | | | |
|
|