Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows 2008 R2 Group Policy

Posted on 2011-03-17
6
Medium Priority
?
573 Views
Last Modified: 2012-05-11
I have some computers on the domain that, as a domain admin, I have no permissions to remote into or remotely restart. I have a group policy on those computers that allows certain people to be able to login locally, which I am part of, but I setup a policy to setup a security group to be part of the local Administrators group on the computers. I can only imagine that because I didn't include domain admins as part of the local Administrators group that I am not a local admin. Would that be true? Is there a way I can make a change to the group plicy and be able to force the Gpupdate on those computers? It appears I cannot because I don't have access. Just seems odd that a domain admin cannot force access remotey to his or her domain computers.
0
Comment
Question by:Greg27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 8

Expert Comment

by:andoss
ID: 35161903
Domain Admins should have local admin rights to all domain machines anyway.

Have you tried opening computer management remotely and checking the user group on one of the troublesome machines?

ie. right click my computer on your own machine > Manage
Right click computer management on the left hand side and choose connect to another computer.
enter the IP or hostname of another computer
0
 

Author Comment

by:Greg27
ID: 35161931
Yes, just includes Administrator and the security group I added through Group Policy. No Domain Admin. I decided to add Domain Admins to the GPO, but not sure how to update the policy on that computer since I can't access the computers.
0
 
LVL 8

Accepted Solution

by:
andoss earned 2000 total points
ID: 35161977
Group Policy should update automatically depending on your replication interval.
Do you know what this is set to?

Computer Config > Admin Templates > System > Group Policy > Group Policy refresh interval for computers.
We set ours to 45 minutes.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:Greg27
ID: 35162021
Hmmm... I didn't know that was there. I just set mine to 45 minutes, but there is also a randome time added. What did you set that to? Also, since that wasn't applied, is there any other way to force any new changes made to the GPO?
0
 
LVL 8

Assisted Solution

by:andoss
andoss earned 2000 total points
ID: 35162419
We just have a 20 minute random time interval.

You can force a replication of GPO from one domain controller to another but you didn't mention a second domain controller in the remote site?

I think the refresh interval will just take effect after 45 minutes and hopefully your problem will be solved.
0
 

Author Closing Comment

by:Greg27
ID: 35162480
Thanks andoss! It is updating the policy as time goes by. I really appreciate the help!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question