Solved

Group policy propagation to Client PCs

Posted on 2004-08-23
8
3,507 Views
Last Modified: 2008-02-01
Hi guys,

How can i propagate an GPO to clients in my domain?
I do not want to wait until a client PC restarts or GPO refresh time comes.

I know we can use Secedit or Gpupdate at the clients.

I am using 2K as my DC, and my clients ate 2K and XP.

Thanks
0
Comment
Question by:cakirfatih
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 11876982
Microsoft knowledge base 227448
Using Secedit.exe to Force Group Policy to Be Applied Again
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q227/4/48.asp&NoWebContent=1

on XP:

forcing group policy updates to the computer is:
gpupdate /target:machine

forcing group policy updates to the user is:
gpupdate /target:user


To Learn if group policies were applied:
Windows 2000:

Download GPRESULT from the Resource Kit or from Microsoft.
From the command line type GPRESULT to determine what policies have been applied.

Windows XP:
From the command line type GPRESULT to determine what policies have been applied.
-OR-
For a graphical version click Start, Run and type: hcp://system/sysinfo/RSoP.htm


0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11876988
Another interesting microsoft KB
Troubleshooting Group Policy Application Problems
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q250842
0
 

Author Comment

by:cakirfatih
ID: 11914338
how do you force group policy updates to the 2K computers?  The instructions you gave do not work for the 2K machines.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 15

Expert Comment

by:Yan_west
ID: 11914388
Like I said on the 1st like I gave:

secedit (XP & 2000)
Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain.  Example to update the machine policy: secedit /refreshpolicy machine_policy /enforce
To view help on this, just type secedit.
NOTE: In Windows XP this command is superceded by: gpupdate /force

It works on windows 2000, I use it all the time.
0
 

Author Comment

by:cakirfatih
ID: 11933036
Ok, I failed to mention I also have a Win 2003 server domain controller and neither the XP nor the 2000 instructions you gave worked.  

If I use gpupdate /force, I must reboot the clients individually to get the policy immediately updated on the 2000 machines.  It updates instantaneously on the XP machines, but NOT the 2000 machines.

The secedit command (when I try it on the 2003 server machine) says the following error:

C:\Documents and Settings\Admin>secedit /refreshpolicy machine_policy /enforce

The syntax of this command is:

secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]

Do you have any information for windows 2003 server and 2K clients?

Thanks.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11933544
On the 2003 Server, you have to use Gpupdate then..

here is the link for 2003.. Think you may have to log off the user too, not sure, never used it on 2003 server..

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/refrGP.asp
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11933562
0
 

Author Comment

by:cakirfatih
ID: 11936450
Well, like I said before, I know how to use GPUPDATE.   The problem is that it does not cause the client to immediately update unless you reboot the computers or wait until the refresh time occurs that is set in group policy.  (unless you go to each client and refresh on the client).   I am assuming that what I am asking for is impossible for 2K clients, unless I go to the individual machines and run secedit on the clients and/or reboot.





0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Joining to an AD domain "over the Internet" 4 71
AutoCad licenses 9 91
File Server Migration - Questions and advice 7 151
How to best manage folder and file security 4 119
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Resolve DNS query failed errors for Exchange
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question