<div>
The answer seems to be that either a reboot or waiting several days for the membershp changes to be picked up by the individual servers. &nbsp;I made the GP and security group changes on Thursday and the last server picked up the changes the following Wednesday.
</div>


The answer seems to be that either a reboot or waiting several days for the membershp changes to be picked up by the individual servers.  I made the GP and security group changes on Thursday and the last server picked up the changes the following Wednesday.

<div>
<div class="content wysiwyg-content">
I have created a new group policy on my Win2K3 DC so that I have a separate Windows Update policy for servers and workstations. &nbsp;I have restricted the server GP to only members of the Domain Servers security group. &nbsp;I have confirmed that all servers are members of this group in AD. &nbsp;However, I have one server that is not picking up the new policy. &nbsp;When I run Group Policy Results, the new Windows Update policy is shown as Denied, with the reason as 'Inaccessible'. &nbsp;When I look at the Security Group Membership when Group Policy Applied, the Domain Servers group is not listed. &nbsp;The problem server is a Win2K3 VM running under Virtual Server 2005. &nbsp;However, I have other VM's running both under VS and Hyper-V that don't have this problem. &nbsp;Any help is appreciated.
</div>
</div>


I have created a new group policy on my Win2K3 DC so that I have a separate Windows Update policy for servers and workstations.  I have restricted the server GP to only members of the Domain Servers security group.  I have confirmed that all servers are members of this group in AD.  However, I have one server that is not picking up the new policy.  When I run Group Policy Results, the new Windows Update policy is shown as Denied, with the reason as 'Inaccessible'.  When I look at the Security Group Membership when Group Policy Applied, the Domain Servers group is not listed.  The problem server is a Win2K3 VM running under Virtual Server 2005.  However, I have other VM's running both under VS and Hyper-V that don't have this problem.  Any help is appreciated.

Group Policy Not Seeing Correct Group Memberships

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.