cajx
asked on
Group Policy Testing - how to speed up sync?
On a Windows 2000 or Windows 2003 domain, I am testing out various group policies. As I understand it, domain controllers should only take 15 minutes to sync if they are all local to each other (and you can force them to sync through the snapin for Sites and Services). However, it always takes much longer than this (2 hours?) before my new group policies ever seem to be applied.
How can I speed this up so I can test in a timely manner?!
How can I speed this up so I can test in a timely manner?!
Last Comment
Rajith Enchiparambil
gpupdate /force from the command prompt of the client you want to test
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
For some reason the gpupdate /force doesn't seem to help. Part of what I am testing is a logon script in the GPO. I can run the gpupdate /force, and it says it does something, then log off/on, but the script still won't run. Any ideas?
What you are doing through Sites and Services is forcing a replication of Active Directory data between the Domain Controllers. This means all DCs are updated with the new Group Policy settings in their Active Directory databases, but the policies won't actually have applied to the DCs at this stage.
To apply the policies, you then need to issue the command gpupdate (with an optional /force switch) which will resync the policies on the DCs from Active Directory.
-tigermatt
To apply the policies, you then need to issue the command gpupdate (with an optional /force switch) which will resync the policies on the DCs from Active Directory.
-tigermatt
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Run gpresult from the client's command prompt to see what policies are actually applied.
Use GPMC to manage the policies as it gives a good breakdown of which policies are applied where etc.
It's a FREE download from Microsoft.
http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
Use GPMC to manage the policies as it gives a good breakdown of which policies are applied where etc.
It's a FREE download from Microsoft.
http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
ASKER
According to gpresult and rsop.msc the policy is being applied, but the script still hasn't run (I have a pause in it so I see it even if it were to fail for some reason). I've done this before, and after several hours it always works. I have the script under the logon section under the User Config part of the Policy like I usually do.
Does a restart of the station get things running quicker?
ASKER
I tried a reboot twice but didn't seem to help. I'm about to try it again now that it's been a while. After that I'll start testing on another user... still a mystery to me.
Try running the script locally to make sure the script is fine.
ASKER
The script runs OK locally and I can now see the GPO is truly applying because some other settings are applying... but yet the script still isn't.
I have the script in the same place in the GPO GUI that I have similar scripts in other OUs, so I am still wondering what the heck is going on.
Anyway, thanks for all the help. I'm going to keep toying with it till I figure out what I've done wrong.
I have the script in the same place in the GPO GUI that I have similar scripts in other OUs, so I am still wondering what the heck is going on.
Anyway, thanks for all the help. I'm going to keep toying with it till I figure out what I've done wrong.
ASKER
Reality check... if I have the script under the User Config... is there any reason to have the actual computer in that OU? Because I only have the user in the OU, not the computer. Please don't tell me that is the problem. :(
No - the script is in User Config, so applies to User objects. Having the computer in the OU will only have an effect if you have set policies in Computer Configuration.
-tigermatt
-tigermatt
ASKER
Check it out... I found this error. I first map a drive (it's not appearing) and then run a very slow install. The install may be over 10 minutes, so that may be triggering it.
error in eventvwr:
Execution of GPO scripts has timed out and have been terminated.
According to this post there is a 10 minute limit by default. But my problem is that wouldn't the drive at least map? Anyway, I'll be doing more testing.
https://www.experts-exchange.com/questions/21491173/Trying-to-execute-a-login-script-Batch-file-via-Group-Policy-to-deploy-an-application-but-I-get-Event-ID-1217-Winlogon-Execution-of-GPO-scripts-has-timed-out-and-have-been-terminated.html
error in eventvwr:
Execution of GPO scripts has timed out and have been terminated.
According to this post there is a 10 minute limit by default. But my problem is that wouldn't the drive at least map? Anyway, I'll be doing more testing.
https://www.experts-exchange.com/questions/21491173/Trying-to-execute-a-login-script-Batch-file-via-Group-Policy-to-deploy-an-application-but-I-get-Event-ID-1217-Winlogon-Execution-of-GPO-scripts-has-timed-out-and-have-been-terminated.html
That definitely looks like it is the issue. The drive would only get mapped if it was done before the software installation begin. If GPO processing timed out before any of your scripts or drive mappings were processed, it won't get mapped.
-tigermatt
-tigermatt
Try running the login script alone on a seperate GPO above the one that creates issues. That will figure out whether your login scripts are working, which was the initial question.
ASKER
I will try that thanks.
I have 10 GPOs applied to this particular user, and I'm wondering if I need to trim that down. I'll keep playing with it.
I'm going to go ahead and give y'all your points before this goes off on another tangent. Thanks a ton. If I have a new question I'll post it separately.
I have 10 GPOs applied to this particular user, and I'm wondering if I need to trim that down. I'll keep playing with it.
I'm going to go ahead and give y'all your points before this goes off on another tangent. Thanks a ton. If I have a new question I'll post it separately.
Thanks very much, you're most welcome :-)
Windows OS
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
