Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1335
  • Last Modified:

Some Clients not picking up a Change in Group Policy

Hi,

I have made some changes to the Default Domain Group Policy and half of the Servers and Clients in the Domain have picked up the Changes but the other half are still using the previous settings. I have tried doing a Gpupdate /force on the machines but still not getting anywhere.

0
Contigo1
Asked:
Contigo1
  • 6
  • 4
1 Solution
 
josikaCommented:
What policy setting did you change/configure?  Is the OS that the changes are not applying to common?  Meaning, are they all Windows 2003 that have not accepted the changes?
0
 
Contigo1Author Commented:
No they are a mixture of 2003 and 2008R2 and I have changed the Windows update settings to point to our new WSUS server. The Servers that are not picking up the changes are still pointing to the old WSUS server which is now offline.
0
 
josikaCommented:
Do you have group policy inheritance blocked on the OUs where the affected servers lie?  Have you set any security or WMI filtering on the Default Domain Policy?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Contigo1Author Commented:
There is no WMI Filtering and Inheritance is not blocked to theOU's. The Servers are all in the Computers OU in AD. I have not set any Security on the Domain Policy either
0
 
josikaCommented:
Anything in the Event Viewer on the affected computers after running 'gpupdate /force'?
0
 
Contigo1Author Commented:
Nope the only thing I found the refers to Group Policy is and event that says:

Security policy in the Group policy objects has been applied successfully.
0
 
josikaCommented:
I would run RSOP on the servers and make sure the servers are seeing the policies.

Is it possible the WSUS server configuration is set in the local group policy on the servers?

Also, I would move the servers out of the default Computers container and into another OU.
0
 
Contigo1Author Commented:
I have looked at the local policy and everything is set to not configured. I have also done an RSOP and it is saying it is picking up the old settings still. How do I check what Policy it is getting the settings from? Also Could it be a problem with the version number?
0
 
Contigo1Author Commented:
The problem was that the File Replication Service was not working which was meaning the AD and the Sysvol where getting out of sync. So when I made changes to the group policy it was not being replicated throughout the Domain. I solved this by what is listed in this articlehttp://support.microsoft.com/kb/290762

I then left the FRS service to get back into Sync. When It was back in sync I still couldnt get it to make the changes I needed so I changed all the upodate settings back to not configured in the GPO and then left it to sync back up with all the machines. Once this was done I changed all the update settings back to the required settings.
0
 
Contigo1Author Commented:
This is what solved my problem
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now