clients not receiving GPO
i Have windows 2003 server sp2 and windows xp sp2 clients.
I have configured GPO to send config for windows updates to clients on my network but for some reason they do not receive it. ( when i go to client gpedit.msc all settings for windows update are "not configured")
but when i change home page on GPO all cients receive updated link after i run gpupdate.
any ideas ?
thanks
I have configured GPO to send config for windows updates to clients on my network but for some reason they do not receive it. ( when i go to client gpedit.msc all settings for windows update are "not configured")
but when i change home page on GPO all cients receive updated link after i run gpupdate.
any ideas ?
thanks
Common reasons policies are not applied...
1. Improper DNS settings (make sure all clients are pointed at a domain controller for DNS)
2. GPO not linked to correct OU (look in gpmc.msc and make sure your policy is applied to the OU your user/computer is in)
3. Improper permissions on GPO (in gpmc.msc click on GPO, delegations tab then advanced button. Make sure it is apply policy for Authenticated Users is checked...or if using security group filtering make sure your users/computers are in that group and the apply policy is set for that group in the GPO)
1. Improper DNS settings (make sure all clients are pointed at a domain controller for DNS)
2. GPO not linked to correct OU (look in gpmc.msc and make sure your policy is applied to the OU your user/computer is in)
3. Improper permissions on GPO (in gpmc.msc click on GPO, delegations tab then advanced button. Make sure it is apply policy for Authenticated Users is checked...or if using security group filtering make sure your users/computers are in that group and the apply policy is set for that group in the GPO)
ASKER
thanks for that ,
when i run rsop.msc i cannot find windows update policy there
when i run rsop.msc i cannot find windows update policy there
try gpupdate /force and gpresult and look for the policy name
ASKER
gpresult tells me that my group policy + default damin policy is applied
ASKER
sorry my policy and default domain policy is applied to user setting and only default domain policy to computer settings
Check your policy to see if the computer settings are disabled. WSUS is a computer policy. Also make sure the GPO is linked to the OU with all the Users in it. If your users are in the default Users container you can move them to their own OU or just link the policy at the domain level
ASKER
all users are in "my company" OU, and my GPO is link to this OU.
how can i check if computer settings are disabled ?
thanks
how can i check if computer settings are disabled ?
thanks
Are the COMPUTER objects in "my company" OU??
if you are using group policy management console (if not google it and dl it from M$) double click on the policy then click on the details tab and make sure it is set to enabled.
if you are using group policy management console (if not google it and dl it from M$) double click on the policy then click on the details tab and make sure it is set to enabled.
ASKER
GPO status is enabled
Computers folder is uder mydomain.local
in my company OU there are only users and two other OU (2 other OU are for two different departments we have)
Computers folder is uder mydomain.local
in my company OU there are only users and two other OU (2 other OU are for two different departments we have)
ASKER
i have moved computer object to my company OU and now rsop shows windows update policy, but not as many policies as on the server ( on the server i have 15 policies and only 5 are shown on client)
ASKER
should i move every computer corresponding to each user to the correct OU ?
If you make settings under Computer Settings in the GPO the GPO will have to be linked to the OU where the COMPUTER resides. And Vice versa for the Users. This is why it is a good idea to separate User and Computer settings. Also settings you want to apply to everyone and settings you only want to apply to some.
ASKER
how do you separete User and Computer settings?
in my company every user has its own pc so should i move user's computer object to OU where the user belongs to ?
in my company every user has its own pc so should i move user's computer object to OU where the user belongs to ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so what you saying is that i shoud have different GPO for each policy eg different for WSUS , different for Power settings etc .... is it right ?
yes
ASKER
so say i have a GPO for WSUS thn i disable User Settings on this one
ASKER
so in a big environment you can end up with hudreds of GPOs
Not necessarially have hundreds of GPOs. You would only say have a couple dozen to set all the policies you really need, then link them to the approperiate OUs. Remember GPOs can be linked to more than one OU and you can filter with security groups
The commands you are looking for associated with domain policies are...
rsop.msc - Resultant Set of Policy (Shows all policies applied to the computer)
gpupdate - updates group policy (command line use /? for usage)
gpresult - shows policies applied but not actual settings (also command line)
Also just an FYI do not edit the "Default Domain Policy" except for the password or audit policy. This is a MS best practice and a common mistake