Tranquil IT Forum

Hello,
we recently subscribed to the WAPT Enterprise offer a few months ago, and I just deployed a "core application" group across our entire Active Directory directly on the Computers OU branch. It works perfectly, we're delighted.
Due to an issue we encountered last week, we had to create a new OU under Computers, and we need to remove a core application program to install a proprietary one.
I created a second application group that simply excludes the antivirus package and includes the new one.
I applied it to this new sub-OU, but the installation of both antivirus programs keeps looping.
Is there no other way to proceed?
Sorry to ask, but I haven't been able to find any documentation on this.
Thank you in advance for any help you can provide.

Hello
. Yes, packages are cumulative.
To my knowledge, there's no way to override a package's instruction to install software by using another package in the same directory tree.
If the instruction is given to install software for PCs in the "Computers" OU, it will apply to nested OUs.
In any case, it's not ideal to leave computers in the "Computers" OU. It's generally preferable to create a directory tree that distinguishes between servers, workstations, laptops, etc.

Hi Baptiste,

as Tom rightly points out, there's no way to block inheritance with OU packages. It's an architectural choice we made back then to avoid replicating the overly complex Microsoft GPO management console.

You can remove the dependency of the OU package located on the Computer and create a separate OU package for each sub-OU.

It's also possible to create a self-configuring package that, in its `def install()` function, checks which OU the workstation is in (or another condition) and performs the installations accordingly (basically, it runs `WAPT.install('my-package')`). This is less elegant in terms of defining dependencies and pre-downloading them (because the workstation doesn't know it needs them until it tries to install this configuration package), but it can still be helpful when dealing with tricky situations.

Best regards,

Denis

Hello Baptiste,

Now that you've gotten a taste of WAPT, it will allow you to think about structuring your computer fleet according to your Organizational Units.

The most obvious are "servers," "desktops," "laptops," and "tablets," and below all that, perhaps brands and models to associate them with driver versions, etc.

Normally, if you create this hierarchy, it should already help you.

Then there are the "profile" packages, which are WAPT packages associated with Active Directory groups linked to the computers. So, the "profile" packages are a second management approach that should cover all conceivable human situations.

Hello,
thank you very much for your feedback, it confirms what I thought.
The main goal was to avoid having to create 47 "application framework" definitions for our 47 OUs (which only represent the partitioning of the 2000 workstations we manage; the servers have their own OU outside the "computers" OU ).
I will therefore organize things differently.
Thank you very much for this clarification.
Best regards,
Baptiste