Link to home
Create AccountLog in
Avatar of MCSE3737
MCSE3737Flag for Netherlands

asked on

Apply GPO without logging off the user

Hi experts,

I have Windows 2008 Active directory in native mode.
We are migrating to Windows 7 computers.
I want to be able to centrally add a unique user to the administrators group of a unique pc.
I want to achieve this by adding the user to the local group uding a script or GPO
sugestions are welcome!

The problem:
Now i need to loggoff the user to apply this secirity setting.
I need this setting to be applied realtime without the user needing to logoff and on.
Does anybody know a solution to this?

Appreciate all input from all expertsw.

thanks
MCSE

Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image

You can use gpupdate /force to apply the policy.
Avatar of MCSE3737

ASKER

Thanks.
using gpupdate /force after adding the user to the local admingroup on a local pc does not result in applying this setting to the windows 7 computer.
I still need to log of and on.
in addition:
i used every common way to put the user in the admingroup of a pc.
for instance: net groupadd username /add does the trick.
But all methods, be it script, gpo, powershel or command line like above does result in the user being added.

BUT,...i still need to log off and on before the user actually has admin rights on the computer.
This is the problem i need solved, if poosible
ASKER CERTIFIED SOLUTION
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I would agree with erniebeek, it's not possible to elevate a users rights like this when they are logged on as the rights and policies are updated at logon/logoff.