Solved

Group policy propagation to Client PCs

Posted on 2004-08-23
8
3,488 Views
Last Modified: 2008-02-01
Hi guys,

How can i propagate an GPO to clients in my domain?
I do not want to wait until a client PC restarts or GPO refresh time comes.

I know we can use Secedit or Gpupdate at the clients.

I am using 2K as my DC, and my clients ate 2K and XP.

Thanks
0
Comment
Question by:cakirfatih
  • 5
  • 3
8 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 11876982
Microsoft knowledge base 227448
Using Secedit.exe to Force Group Policy to Be Applied Again
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q227/4/48.asp&NoWebContent=1

on XP:

forcing group policy updates to the computer is:
gpupdate /target:machine

forcing group policy updates to the user is:
gpupdate /target:user


To Learn if group policies were applied:
Windows 2000:

Download GPRESULT from the Resource Kit or from Microsoft.
From the command line type GPRESULT to determine what policies have been applied.

Windows XP:
From the command line type GPRESULT to determine what policies have been applied.
-OR-
For a graphical version click Start, Run and type: hcp://system/sysinfo/RSoP.htm


0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11876988
Another interesting microsoft KB
Troubleshooting Group Policy Application Problems
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q250842
0
 

Author Comment

by:cakirfatih
ID: 11914338
how do you force group policy updates to the 2K computers?  The instructions you gave do not work for the 2K machines.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11914388
Like I said on the 1st like I gave:

secedit (XP & 2000)
Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain.  Example to update the machine policy: secedit /refreshpolicy machine_policy /enforce
To view help on this, just type secedit.
NOTE: In Windows XP this command is superceded by: gpupdate /force

It works on windows 2000, I use it all the time.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:cakirfatih
ID: 11933036
Ok, I failed to mention I also have a Win 2003 server domain controller and neither the XP nor the 2000 instructions you gave worked.  

If I use gpupdate /force, I must reboot the clients individually to get the policy immediately updated on the 2000 machines.  It updates instantaneously on the XP machines, but NOT the 2000 machines.

The secedit command (when I try it on the 2003 server machine) says the following error:

C:\Documents and Settings\Admin>secedit /refreshpolicy machine_policy /enforce

The syntax of this command is:

secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]

Do you have any information for windows 2003 server and 2K clients?

Thanks.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11933544
On the 2003 Server, you have to use Gpupdate then..

here is the link for 2003.. Think you may have to log off the user too, not sure, never used it on 2003 server..

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/refrGP.asp
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11933562
0
 

Author Comment

by:cakirfatih
ID: 11936450
Well, like I said before, I know how to use GPUPDATE.   The problem is that it does not cause the client to immediately update unless you reboot the computers or wait until the refresh time occurs that is set in group policy.  (unless you go to each client and refresh on the client).   I am assuming that what I am asking for is impossible for 2K clients, unless I go to the individual machines and run secedit on the clients and/or reboot.





0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now