2

So we currently have two offices, one in TN and one in FL. Both have a DC installed.

We recently started deploying Trend Micro AV through GP, which is a 200 MB file. We placed the file on DC1 in our TN office and it works great locally.

The problem is remotely, it takes forever for the machine to login, I assume because it is pulling the 200MB file across the WAN.

Is there a better way to do this in the GP vs setting the install path to \dc1\msifile.msi? If I add it it to a replicated folder on the DC (Netlogon folder), and then use the install path \domain.local\netlogon will each client pc be smart enough to know which DC to hit?

Hope this makes sense.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
jeremib
  • 185
  • 1
  • 2
  • 6

2 Answers2

4

I don't like using netlogon/sysvol for large files like this. It likely will be using the older, less efficient NTFRS method of replication. On top of that, it's where your GPO templates and other scripts live. I like to have a separate share for software deployment, so that it doesn't spiral out of control in size.

You should have sites defined in Active Directory Sites and Services for each office anyway, so that your clients are (almost) always guaranteed to be authenticating against the local DC. After you do this, you can set up DFS in a way that it will force clients to use the file server located in their site.

What I do in this case is create a DFS namespace called "Deployment" or something similar. It will be accessed via \\yourdomain\deployment. Then you can use DFS-R to replicate anything in one Deployment share to the other. This will allow you to have mirrored deployment shares at both sites while obscuring the absolute path. In the DFS namespace settings, you can tell client machines to either connect to whatever server responds fastest or whatever server is available in the site that the client is in. In this case, you want the latter.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
0

My suggestion would be to use a site level GPO to target the install source locally.

Site 1 GPO source would be: 

\\site1server\share

Site 2 GPO source would be: 

\\site2server\share

By targeting the source to be a local share via a site level GPO you only need to copy the file once to each site level share, it doesn't need to be replicated, and clients will install it from the local share.

This answer assumes that you've got Active Directory Sites and Services configured appropriately. If you don't, you should... for more reasons than just software deployment.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172