Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

User Group Policy Update - From Admin Command Prompt

Posted on 2010-09-22
3
Medium Priority
?
1,346 Views
Last Modified: 2012-05-10
I have a domain running Vista workstations and Server 2008 DC's across 3 sites, all in the same domain.

I need to be able to force a GPupdate for a specific user (the logged on user) but they are restricted from accessing the command prompt.

If I open the command prompt as domain admin and run a gpupdate /force it seems to only update the policy for the computer and the ADMIN user, not the currently logged on user.

Same thing with rsop. It reports on the computer policy and the DOMAIN\Administrator policy rather than the currently logged on user.

Without the domain user being able to access the command prompt, how can I force an update of their user GPO?
0
Comment
Question by:ThePhreakshow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33739727
When you open up the command prompt as your domain admin, you are running it as that user, so any GPOs you update will be FOR that user (the admin).  The easiest answer is to give (even if only temporarily) your user admin rights.  Also, a reboot should have the same effect as a gpudate.  Another option would be if the user can get to a Run line, the user can run a gpupdate /force from there, and just not see the results.  OR, you can use RUNAS from the admin window to run GPUPDATE as the user in question, but that might yield mixed results.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 2000 total points
ID: 33741280
try to run this command this way

runas /user:<this_particular_user> "gpupdate /force"

give this user's password and it would work on its account
0
 
LVL 5

Expert Comment

by:balmasri
ID: 33742780
option 1 Just restart the computer.
option 2 wait 90min until the group policy is refreshed
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
What we learned in Webroot's webinar on multi-vector protection.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question