• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 575
  • Last Modified:

Windows 2008 R2 Group Policy

I have some computers on the domain that, as a domain admin, I have no permissions to remote into or remotely restart. I have a group policy on those computers that allows certain people to be able to login locally, which I am part of, but I setup a policy to setup a security group to be part of the local Administrators group on the computers. I can only imagine that because I didn't include domain admins as part of the local Administrators group that I am not a local admin. Would that be true? Is there a way I can make a change to the group plicy and be able to force the Gpupdate on those computers? It appears I cannot because I don't have access. Just seems odd that a domain admin cannot force access remotey to his or her domain computers.
0
Greg27
Asked:
Greg27
  • 3
  • 3
2 Solutions
 
andossCommented:
Domain Admins should have local admin rights to all domain machines anyway.

Have you tried opening computer management remotely and checking the user group on one of the troublesome machines?

ie. right click my computer on your own machine > Manage
Right click computer management on the left hand side and choose connect to another computer.
enter the IP or hostname of another computer
0
 
Greg27Author Commented:
Yes, just includes Administrator and the security group I added through Group Policy. No Domain Admin. I decided to add Domain Admins to the GPO, but not sure how to update the policy on that computer since I can't access the computers.
0
 
andossCommented:
Group Policy should update automatically depending on your replication interval.
Do you know what this is set to?

Computer Config > Admin Templates > System > Group Policy > Group Policy refresh interval for computers.
We set ours to 45 minutes.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
Greg27Author Commented:
Hmmm... I didn't know that was there. I just set mine to 45 minutes, but there is also a randome time added. What did you set that to? Also, since that wasn't applied, is there any other way to force any new changes made to the GPO?
0
 
andossCommented:
We just have a 20 minute random time interval.

You can force a replication of GPO from one domain controller to another but you didn't mention a second domain controller in the remote site?

I think the refresh interval will just take effect after 45 minutes and hopefully your problem will be solved.
0
 
Greg27Author Commented:
Thanks andoss! It is updating the policy as time goes by. I really appreciate the help!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now