Group Policy refresh question

G

Guest

This question concerns a WinServer 2003 environment, but I didn't see a
discussion group for Win2k3 Active Directory :-( This question is about the
mechanics of Group Policy refresh.

I understand Group Policy refreshes at a preset interval. I'm also pretty
sure Group Policy will refresh when you reboot a computer.

Last night I made adjustments to Group Policy. I then ran gpupdate /force
on the workstation to apply those changes immediately. After running it, the
gpupdate process required me to reboot the computer.

So here's my question. Why not just reboot a computer if gpupdate is going
to require you to reboot anyway??? Why bother with gpupdate /force?

I see all the MS docs about the refresh interval - but that concerns PCs
that are running and won't be rebooted. They'll get the update at the
interval.
If I don't want to wait, MS suggests using gpupdate, but they don't suggest
rebooting as a method to immediately apply the new policy. Won't it do the
same thing?

Thanks in advance for your help.
 
P

Paul Bergson

Where did the requirement for reboot come from? The only way I have seen
this is after a software update. You are correct it shouldn't ever require
a reboot.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

I made a change to Group Policy on the server. Then, at a command prompt on
the WinXP desktop, I typed "gpupdate /force". The policy was refreshed,
followed by "Your workstation needs to reboot. Reboot now?" within the
command shell (in other words, it was DOS text). I'm wondering why running
the same command on a server doesn't prompt for a reboot, but on a
workstation it does?
 
B

Brandon Baker

Rebooting does do the same thing. Some policies don't require a reboot and
that is mainly what gpupdate/force is for.
 
J

Jorge_de_Almeida_Pinto

This question concerns a WinServer 2003 environment, but I
didn't see a
discussion group for Win2k3 Active Directory :-( This
question is about the
mechanics of Group Policy refresh.

I understand Group Policy refreshes at a preset interval. I'm
also pretty
sure Group Policy will refresh when you reboot a computer.

Last night I made adjustments to Group Policy. I then ran
gpupdate /force
on the workstation to apply those changes immediately. After
running it, the
gpupdate process required me to reboot the computer.

So here's my question. Why not just reboot a computer if
gpupdate is going
to require you to reboot anyway??? Why bother with gpupdate
/force?

I see all the MS docs about the refresh interval - but that
concerns PCs
that are running and won't be rebooted. They'll get the
update at the
interval.
If I don't want to wait, MS suggests using gpupdate, but they
don't suggest
rebooting as a method to immediately apply the new policy.
Won't it do the
same thing?

Thanks in advance for your help.
Click to expand...

this might have to do with the by default enabled fast logon
optimization

what is your setting for the following GPO setting:
Always wait for the network at computer startup and logon (admin
templates - system - logon)

DESCRIPTION:
Determines whether Windows XP waits for the network during computer
startup and user logon. By default, Windows XP does not wait for the
network to be fully initialized at startup and logon. Existing users
are logged on using cached credentials, which results in shorter logon
times. Group Policy is applied in the background once the network
becomes available.

Note that because this is a background refresh, extensions such as
Software Installation and Folder Redirection take two logons to apply
changes. To be able to operate safely, these extensions require that
no users be logged on. Therefore, they must be processed in the
foreground before users are actively using the computer. In addition,
changes that are made to the user object, such as adding a roaming
profile path, home directory, or user object logon script, may take up
to two logons to be detected.

If a user with a roaming profile, home directory, or user object logon
script logs on to a computer, Windows XP always waits for the network
to be initialized before logging the user on.

If a user has never logged on to this computer before, Windows XP
always waits for the network to be initialized.

If you enable this setting, logons are performed in the same way as
for Windows 2000 clients, in that Windows XP waits for the network to
be fully initialized before users are logged on. Group Policy is
applied in the foreground, synchronously.

If you disable or do not configure this setting, Windows does not wait
for the network to be fully initialized and users are logged on with
cached credentials. Group Policy is applied asynchronously in the
background.

Note: If you want to guarantee the application of Folder Redirection,
Software Installation, or roaming user profile settings in just one
logon, enable this setting to ensure that Windows waits for the
network to be available before applying policy.

Note: For servers, the startup and logon processing always behaves as
if this policy setting is enabled.


Cheers,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Group policy only applied after restart 3
Can't get correct group policy to Vista machine - using wrong group policy 1
Computer-based group policies do not work 9
SceCli Event 1704 in Application log 0
Group Policy Problem 8
Loopback policy partly applied after restart. GPUPDATE /FORCE requ 3
Group Policy Update 7
gpupdate /force 1

Top