[wpkg-users] WPKG selectivity based on Windows AD security groups membership

Kevin Keane subscription at kkeane.com
Sat Feb 27 20:01:25 CET 2010

> -----Original Message-----
> These arguments are very well reasoned. I agree with your POV. In such
> case, I will setup some synchro between groups membership and XML
> files.

One (possibly) easy thing to do: I am a small batch file as a wrapper around wpkg.js

This batch file in turn gets called as a Windows Startup script from a group policy object. Now group policy objects in AD only apply to the OU(s) to which they are linked, so if that's all you need you may be all set. If you want to use security groups in AD, you can filter the group policies by security, group, or even user.

You can do various different things with this approach:

- Create several different group policies that all call wpkg.js, but each with a different profile name. Then use security filters to apply each Group Policy to a different security group. Note: be careful of overlapping groups. If you have overlapping groups, wpkg may get called twice with two different profiles, and they may (and probably will) uninstall some of each other's software. You can probably get around that by also using a different config.xml and wpkg.xml file for each security group.
- Your wrapper script could query LDAP and retrieve the security group information before calling wpkg.js.

More information about the wpkg-users mailing list