Solved

User Group Policy Update - From Admin Command Prompt

Posted on 2010-09-22
3
1,237 Views
Last Modified: 2012-05-10
I have a domain running Vista workstations and Server 2008 DC's across 3 sites, all in the same domain.

I need to be able to force a GPupdate for a specific user (the logged on user) but they are restricted from accessing the command prompt.

If I open the command prompt as domain admin and run a gpupdate /force it seems to only update the policy for the computer and the ADMIN user, not the currently logged on user.

Same thing with rsop. It reports on the computer policy and the DOMAIN\Administrator policy rather than the currently logged on user.

Without the domain user being able to access the command prompt, how can I force an update of their user GPO?
0
Comment
Question by:ThePhreakshow
3 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33739727
When you open up the command prompt as your domain admin, you are running it as that user, so any GPOs you update will be FOR that user (the admin).  The easiest answer is to give (even if only temporarily) your user admin rights.  Also, a reboot should have the same effect as a gpudate.  Another option would be if the user can get to a Run line, the user can run a gpupdate /force from there, and just not see the results.  OR, you can use RUNAS from the admin window to run GPUPDATE as the user in question, but that might yield mixed results.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33741280
try to run this command this way

runas /user:<this_particular_user> "gpupdate /force"

give this user's password and it would work on its account
0
 
LVL 5

Expert Comment

by:balmasri
ID: 33742780
option 1 Just restart the computer.
option 2 wait 90min until the group policy is refreshed
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Master-Master-Slave BIND setup 2 25
GPO question for Windows 10 deployment 5 28
Best in class privacy policy 6 47
Remote login in windows 7 8 27
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question