Distribution point problem

  • Thread starter Thread starter Jon
  • Start date Start date
J

Jon

I am using group policy to remotely install software. It
is working within the domain, but when crossing domains,
it starts to act as if it is going to install, but then
quits and brings me to the login prompt............Any
suggestions to why I cannot cross domains....Thanks Jon
 
Group Policies are domain specific. If you want to install the same package
in a different domain you will need to create an identical policy in that
domain.
 
Jon said:
I am using group policy to remotely install software. It
is working within the domain, but when crossing domains,
it starts to act as if it is going to install, but then
quits and brings me to the login prompt............Any
suggestions to why I cannot cross domains....Thanks Jon
Click to expand...

Simon is right (see other post this thread) about GPOs
being "domain" specific -- they don't inherit across domain
boundaries, but I don't think that is the problem you seem
to be experiencing....

It sounds like you have the GPOs (properly) linked and
working but are using a FILE SERVER to hold the package
files that happens to be from one domain to service clients
from multiple domains?

If that is the case the most common problems are either
permissions or authentication (cross domain this is likely.)

Permissions are easy: Do you have those machines from
other domains included in the file servers share AND NTFS
permissions lists? (Authenticated Users or Everyone READ
should cover it but if you are following good practice and
using specific groups like "DomainWS" etc, then likely
you need to add Groups+Permissions to the share and NTFS.)

Authentication cross domain should work but will fail if
your DNS is not properly configured.

Can you go to any machine, server or client, or even DC,
and resolve the DNS names of all the other machines,
especially DCs?

The following covers mostly SINGLE domains, and I will
add "multiple domains" below it:
--
DNS
1) Dynamic for the zone supporting AD
2) All internal DNS client NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC.
--

For multiple domains, each DNS server must be able to resolve
either DIRECTLY (e.g., hold secondaries etc) or by recursion
(from a common root down) or indirectly by FORDWARDING
to another DNS server than can do this.

And of course, each parent DNS zone/domain must delegate to
the child DNS servers so that resolution can always work TOP
to BOTTOM.
 
Back
Top