Solved

Group policy propagation to Client PCs

Posted on 2004-08-23
8
3,511 Views
Last Modified: 2008-02-01
Hi guys,

How can i propagate an GPO to clients in my domain?
I do not want to wait until a client PC restarts or GPO refresh time comes.

I know we can use Secedit or Gpupdate at the clients.

I am using 2K as my DC, and my clients ate 2K and XP.

Thanks
0
Comment
Question by:cakirfatih
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 11876982
Microsoft knowledge base 227448
Using Secedit.exe to Force Group Policy to Be Applied Again
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q227/4/48.asp&NoWebContent=1

on XP:

forcing group policy updates to the computer is:
gpupdate /target:machine

forcing group policy updates to the user is:
gpupdate /target:user


To Learn if group policies were applied:
Windows 2000:

Download GPRESULT from the Resource Kit or from Microsoft.
From the command line type GPRESULT to determine what policies have been applied.

Windows XP:
From the command line type GPRESULT to determine what policies have been applied.
-OR-
For a graphical version click Start, Run and type: hcp://system/sysinfo/RSoP.htm


0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11876988
Another interesting microsoft KB
Troubleshooting Group Policy Application Problems
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q250842
0
 

Author Comment

by:cakirfatih
ID: 11914338
how do you force group policy updates to the 2K computers?  The instructions you gave do not work for the 2K machines.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 15

Expert Comment

by:Yan_west
ID: 11914388
Like I said on the 1st like I gave:

secedit (XP & 2000)
Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain.  Example to update the machine policy: secedit /refreshpolicy machine_policy /enforce
To view help on this, just type secedit.
NOTE: In Windows XP this command is superceded by: gpupdate /force

It works on windows 2000, I use it all the time.
0
 

Author Comment

by:cakirfatih
ID: 11933036
Ok, I failed to mention I also have a Win 2003 server domain controller and neither the XP nor the 2000 instructions you gave worked.  

If I use gpupdate /force, I must reboot the clients individually to get the policy immediately updated on the 2000 machines.  It updates instantaneously on the XP machines, but NOT the 2000 machines.

The secedit command (when I try it on the 2003 server machine) says the following error:

C:\Documents and Settings\Admin>secedit /refreshpolicy machine_policy /enforce

The syntax of this command is:

secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]

Do you have any information for windows 2003 server and 2K clients?

Thanks.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11933544
On the 2003 Server, you have to use Gpupdate then..

here is the link for 2003.. Think you may have to log off the user too, not sure, never used it on 2003 server..

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/refrGP.asp
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11933562
0
 

Author Comment

by:cakirfatih
ID: 11936450
Well, like I said before, I know how to use GPUPDATE.   The problem is that it does not cause the client to immediately update unless you reboot the computers or wait until the refresh time occurs that is set in group policy.  (unless you go to each client and refresh on the client).   I am assuming that what I am asking for is impossible for 2K clients, unless I go to the individual machines and run secedit on the clients and/or reboot.





0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
An article on effective troubleshooting
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question