Group policy propagation to Client PCs

Hi guys,

How can i propagate an GPO to clients in my domain?
I do not want to wait until a client PC restarts or GPO refresh time comes.

I know we can use Secedit or Gpupdate at the clients.

I am using 2K as my DC, and my clients ate 2K and XP.

Thanks
cakirfatihAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Yan_westConnect With a Mentor Commented:
Microsoft knowledge base 227448
Using Secedit.exe to Force Group Policy to Be Applied Again
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q227/4/48.asp&NoWebContent=1

on XP:

forcing group policy updates to the computer is:
gpupdate /target:machine

forcing group policy updates to the user is:
gpupdate /target:user


To Learn if group policies were applied:
Windows 2000:

Download GPRESULT from the Resource Kit or from Microsoft.
From the command line type GPRESULT to determine what policies have been applied.

Windows XP:
From the command line type GPRESULT to determine what policies have been applied.
-OR-
For a graphical version click Start, Run and type: hcp://system/sysinfo/RSoP.htm


0
 
Yan_westCommented:
Another interesting microsoft KB
Troubleshooting Group Policy Application Problems
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q250842
0
 
cakirfatihAuthor Commented:
how do you force group policy updates to the 2K computers?  The instructions you gave do not work for the 2K machines.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
Yan_westCommented:
Like I said on the 1st like I gave:

secedit (XP & 2000)
Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain.  Example to update the machine policy: secedit /refreshpolicy machine_policy /enforce
To view help on this, just type secedit.
NOTE: In Windows XP this command is superceded by: gpupdate /force

It works on windows 2000, I use it all the time.
0
 
cakirfatihAuthor Commented:
Ok, I failed to mention I also have a Win 2003 server domain controller and neither the XP nor the 2000 instructions you gave worked.  

If I use gpupdate /force, I must reboot the clients individually to get the policy immediately updated on the 2000 machines.  It updates instantaneously on the XP machines, but NOT the 2000 machines.

The secedit command (when I try it on the 2003 server machine) says the following error:

C:\Documents and Settings\Admin>secedit /refreshpolicy machine_policy /enforce

The syntax of this command is:

secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]

Do you have any information for windows 2003 server and 2K clients?

Thanks.
0
 
Yan_westCommented:
On the 2003 Server, you have to use Gpupdate then..

here is the link for 2003.. Think you may have to log off the user too, not sure, never used it on 2003 server..

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/refrGP.asp
0
 
Yan_westCommented:
0
 
cakirfatihAuthor Commented:
Well, like I said before, I know how to use GPUPDATE.   The problem is that it does not cause the client to immediately update unless you reboot the computers or wait until the refresh time occurs that is set in group policy.  (unless you go to each client and refresh on the client).   I am assuming that what I am asking for is impossible for 2K clients, unless I go to the individual machines and run secedit on the clients and/or reboot.





0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.