mikey250
asked on
WIN 2008 32BIT - GPO/Eventviewer query
Hi Ive just installed the OS and setup as a DC/DNS/DHCP integrated with SP2 just for test purposes.
I have not created any accounts or anything and am using 'Admin' logon to access server at this moment in time, but I intend to create a user domain account ready for an individual host pc, in-conjunction with a GPO to test for example the 'Redirection folder' and add a GPO Deploy Software.
What I wanted to know is in the Eventviewer it states: Next policy processing for domain\xxxxxx will be attempted in 5 minutes, but wanted to know even if I do a: gpupdate /force on the server does this then ignore the 5 minutes wait?
I have not created any accounts or anything and am using 'Admin' logon to access server at this moment in time, but I intend to create a user domain account ready for an individual host pc, in-conjunction with a GPO to test for example the 'Redirection folder' and add a GPO Deploy Software.
What I wanted to know is in the Eventviewer it states: Next policy processing for domain\xxxxxx will be attempted in 5 minutes, but wanted to know even if I do a: gpupdate /force on the server does this then ignore the 5 minutes wait?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In the passed I kept seeing this message: 'Group Policy client-side extensions ' not enabled but wasn't sure if this was something I had to add separate before completing GPO use!!?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi OliverLo, I successfully installed my GPO Deploy software to the host pc which was my main issue!! - ha ha - Without the need of your notes, but I realise they are relevant!!!!!
Ive just read your comments and regarding 'Folder redirection' I did not add this specifically in the GPO Deploy Sofware, because I thought as I have already added separately a GPO\Edit\'Folder Redirection', so if this is what you are suggesting I should always add a 'Folder Redirection' at least in this scenario I will try this now, as I WONDERED why I was seeing 'Folder Redirection' issues on the host pc Eventviewer, but had NO issues popping up for 'Roaming profile' issues!!!!!!!!
So basically I should have 2 sets of 'Folder Redirection' - 1 in each of the GPO's created!!?
I will look at the 'url'!!
Ive just read your comments and regarding 'Folder redirection' I did not add this specifically in the GPO Deploy Sofware, because I thought as I have already added separately a GPO\Edit\'Folder Redirection', so if this is what you are suggesting I should always add a 'Folder Redirection' at least in this scenario I will try this now, as I WONDERED why I was seeing 'Folder Redirection' issues on the host pc Eventviewer, but had NO issues popping up for 'Roaming profile' issues!!!!!!!!
So basically I should have 2 sets of 'Folder Redirection' - 1 in each of the GPO's created!!?
I will look at the 'url'!!
ASKER
Hi M-Manakhly, this: gpupdate /force is not as straight forward as you made out!
From my understanding now although I still have not quite grasped it, heres the following:
Qns1. A adminstrator can run gpupdate /force on the server and depending on what is being updated may resolve the issues automatically without a full blown reboot of server, or if the change is for a specific host pc run: gpupdate /target:computer or gpupdate /target:computer | user - but this did not work! Why?
Failing that the host pc should be logged off and switch pc off and fully reboot Server and then switch host pc back on!!
From my understanding now although I still have not quite grasped it, heres the following:
Qns1. A adminstrator can run gpupdate /force on the server and depending on what is being updated may resolve the issues automatically without a full blown reboot of server, or if the change is for a specific host pc run: gpupdate /target:computer or gpupdate /target:computer | user - but this did not work! Why?
Failing that the host pc should be logged off and switch pc off and fully reboot Server and then switch host pc back on!!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Morning OliverLo, I have just run your command which appeared to do something, but where do I go to find the log file or whatever?
Normally I open up GPO Management Server and click on the 'Settings' tab which shows a report.. Not that I really know how to troubleshoot although I think Im seeing what I should be seeing.
As for using the 'gpupdate /force', well it was only yesturday that I successfully installed 'software' on the host pc, so this may have also confused my understanding for the last 3 weeks!!!!
Is it right to suggest that if changes are made on the server but no restart or gpupdate is run but instead is run on the host pc, is this the wrong way round?
Qns1. Is this correct: gpupdate /target:DESKTOP1 or gpupdate /target:DESKTOP1 | jfoster - for example ? - If so this did not work from the server....
Normally I open up GPO Management Server and click on the 'Settings' tab which shows a report.. Not that I really know how to troubleshoot although I think Im seeing what I should be seeing.
As for using the 'gpupdate /force', well it was only yesturday that I successfully installed 'software' on the host pc, so this may have also confused my understanding for the last 3 weeks!!!!
Is it right to suggest that if changes are made on the server but no restart or gpupdate is run but instead is run on the host pc, is this the wrong way round?
Qns1. Is this correct: gpupdate /target:DESKTOP1 or gpupdate /target:DESKTOP1 | jfoster - for example ? - If so this did not work from the server....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
When I do: gpupdate /h rsop.html - it just shows me the following list:
/force
/wait:(value)
/logoff
/bootings
/sync
but dont know where to find 'rsop.html' - ?
When I created GPO's on the server I run: gpupdate /force on server 1st
I then restart host pc and logon to domain sometimes not doing: gpupdate /force on host pc, so I will then log back onto the Server make more changes then do: gpupdate /force on Server and then log back onto host pc and then do: gpupdate /force on host pc!!!!!!!!!!!
According to your advice Ive been doing things the wrong way!!!!
I think when I was successful in installing the GPO Software it must of happened accidentally via 'Option 3 - background refresh of GPO every 90 to 120 minutes!!!!!
Ok I will keep in mind your comments:
'You have to build your GPO then scope the GPO to the client computers or users. Once you've done it you have to run:
gpupdate /force on the client computer.
If the GPO settings are not applied then you will have to restart the computer and check if it's still not applied.
Gpupdate allows you to force the application of GPO. If you don't do it then a GPO will be applied only under the following conditions:
1. next computer restart
2. next user logon
3. background refresh of GPO every 90 to 120 minutes
Don't forget that the conditions under which a GPO is applied depends on the nature of the GPO settings (some GPO requires the restart).
To answer to your last question, you must execute the GPupdate command line on the target client computer on which you want the GPO to apply (not on the server). The syntax you used is wrong.
The following syntaxes are only used if you want to apply only the computer related settings of a GPO or the user related settings of a GPO:
A. gpupdate /force /target:computer where computer is truly the string computer and not the name of the target computer.
B. gpupdate /force /target:user where user is truly the string user and not the name of the specific user.
FInally to make it simple, just apply "gpupdate /force" on the target client computer on which you want to see the GPO applied.'
I have one more question!!!!
Qns1. After I create a GPO for 'Deploy Software', via an OU/Gp, should I see the security filter showing 'Allowed' for example, or is it not until an actual host pc logs on that the Server Eventviewer will show 'Allowed' in Security Filter for eg.??
/force
/wait:(value)
/logoff
/bootings
/sync
but dont know where to find 'rsop.html' - ?
When I created GPO's on the server I run: gpupdate /force on server 1st
I then restart host pc and logon to domain sometimes not doing: gpupdate /force on host pc, so I will then log back onto the Server make more changes then do: gpupdate /force on Server and then log back onto host pc and then do: gpupdate /force on host pc!!!!!!!!!!!
According to your advice Ive been doing things the wrong way!!!!
I think when I was successful in installing the GPO Software it must of happened accidentally via 'Option 3 - background refresh of GPO every 90 to 120 minutes!!!!!
Ok I will keep in mind your comments:
'You have to build your GPO then scope the GPO to the client computers or users. Once you've done it you have to run:
gpupdate /force on the client computer.
If the GPO settings are not applied then you will have to restart the computer and check if it's still not applied.
Gpupdate allows you to force the application of GPO. If you don't do it then a GPO will be applied only under the following conditions:
1. next computer restart
2. next user logon
3. background refresh of GPO every 90 to 120 minutes
Don't forget that the conditions under which a GPO is applied depends on the nature of the GPO settings (some GPO requires the restart).
To answer to your last question, you must execute the GPupdate command line on the target client computer on which you want the GPO to apply (not on the server). The syntax you used is wrong.
The following syntaxes are only used if you want to apply only the computer related settings of a GPO or the user related settings of a GPO:
A. gpupdate /force /target:computer where computer is truly the string computer and not the name of the target computer.
B. gpupdate /force /target:user where user is truly the string user and not the name of the specific user.
FInally to make it simple, just apply "gpupdate /force" on the target client computer on which you want to see the GPO applied.'
I have one more question!!!!
Qns1. After I create a GPO for 'Deploy Software', via an OU/Gp, should I see the security filter showing 'Allowed' for example, or is it not until an actual host pc logs on that the Server Eventviewer will show 'Allowed' in Security Filter for eg.??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi im running 'Win 7'.. 'gpresult /r - does work!!!
I re-installed clean yesturday as may have lost intermitantly services hence continuous issues!!
QNS1. . Correct me if Im wrong, what commands should I run on the server 1st?
After running command on the server do I then run on client:
- gpresult /r
QNS2. so when I have run: gpresult /r are you saying when running an 'xxx.msc' I WOULD see 'Access denied' for software?
QNS3. And gpresult /r - I WILL also see GPO denied ?
'This is a default snap-in: it should NOT explicitly display an access denied for your software distribution policy (unlike the gpresult should show that the GPO was denied).'
QNS4. Not sure if I understand as if ive made changes to a GPO surely I did NOT have to run any extra commands on the server, because I could then switch host pc back on and run: gpupdate /force and restart for changes to happen?
QNS5. How many times do I have to reboot host pc and run: gpupdate /force to ensure changes take place?
QNS6. Or could I just keep host pc switched off?
- Then make changes in GPO on server?
- Then run: gpupdate /force on server also?
- Then reboot server?
- Then check 'Eventviewer' for changes or would I NOT see them in them as per your previous comments below:
'This is a default snap-in: it should NOT explicitly display an access denied for your software distribution policy (unlike the gpresult should show that the GPO was denied).
In RSOP you will see that the GPO "software distribution" was not applied because you will not see the configured settings from the rsop console.
- Then if I 'DO or DONT' see changes in Eventviewer on server do I continue to switch host pc on and run: gpupdate /force for example?
QNS7. I believe my issues may well be down to not knowin the proper sequence???
'
I re-installed clean yesturday as may have lost intermitantly services hence continuous issues!!
QNS1. . Correct me if Im wrong, what commands should I run on the server 1st?
After running command on the server do I then run on client:
- gpresult /r
QNS2. so when I have run: gpresult /r are you saying when running an 'xxx.msc' I WOULD see 'Access denied' for software?
QNS3. And gpresult /r - I WILL also see GPO denied ?
'This is a default snap-in: it should NOT explicitly display an access denied for your software distribution policy (unlike the gpresult should show that the GPO was denied).'
QNS4. Not sure if I understand as if ive made changes to a GPO surely I did NOT have to run any extra commands on the server, because I could then switch host pc back on and run: gpupdate /force and restart for changes to happen?
QNS5. How many times do I have to reboot host pc and run: gpupdate /force to ensure changes take place?
QNS6. Or could I just keep host pc switched off?
- Then make changes in GPO on server?
- Then run: gpupdate /force on server also?
- Then reboot server?
- Then check 'Eventviewer' for changes or would I NOT see them in them as per your previous comments below:
'This is a default snap-in: it should NOT explicitly display an access denied for your software distribution policy (unlike the gpresult should show that the GPO was denied).
In RSOP you will see that the GPO "software distribution" was not applied because you will not see the configured settings from the rsop console.
- Then if I 'DO or DONT' see changes in Eventviewer on server do I continue to switch host pc on and run: gpupdate /force for example?
QNS7. I believe my issues may well be down to not knowin the proper sequence???
'
ASKER
In the GPO windows to the left should I add whatever GPO's ive created in a hierarhical order, as in:
New GPO just created - ?
Middle - Domain controller
Bottom - Default DC
Does this make a difference or what is it for then although I have not changed anything on the DC or Default either!!!