?
Solved

Group Policy Not Seeing Correct Group Memberships

Posted on 2011-02-15
2
Medium Priority
?
438 Views
Last Modified: 2012-05-11
I have created a new group policy on my Win2K3 DC so that I have a separate Windows Update policy for servers and workstations.  I have restricted the server GP to only members of the Domain Servers security group.  I have confirmed that all servers are members of this group in AD.  However, I have one server that is not picking up the new policy.  When I run Group Policy Results, the new Windows Update policy is shown as Denied, with the reason as 'Inaccessible'.  When I look at the Security Group Membership when Group Policy Applied, the Domain Servers group is not listed.  The problem server is a Win2K3 VM running under Virtual Server 2005.  However, I have other VM's running both under VS and Hyper-V that don't have this problem.  Any help is appreciated.
0
Comment
Question by:jduehmig1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 1500 total points
ID: 34904210
"Domain Servers" is not a default group, so you have to add that machine manually to the group. The group membership change requires a reboot of the machine before it will be recognized.
0
 

Author Closing Comment

by:jduehmig1
ID: 34915755
The answer seems to be that either a reboot or waiting several days for the membershp changes to be picked up by the individual servers.  I made the GP and security group changes on Thursday and the last server picked up the changes the following Wednesday.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question