Group Policy Update

M

M. Eteum

I have (2) Windows 2003 Server as Domain Controllers. After creating a
new Group Policy (and use the Group Policy Security Filtering), I ran
GPRESULT on the client that is affected by the newly created Group Policy.

I've try many different combination using "gpupdate /force"(for windows
2003) and "secedit /refreshpolicy machine_policy"(for windows 2000), the
newly created Group Policy is still not applied.

Here's the "gpresult" on Windows 2003, under Computer Setting:

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------

<The Newly Created Group Policy>
Filtering: Not Applied (Unknown Reason)

The gpresult under Windows 2000, it does not even notice the newly
created Group Policy.


But then, I tried "gpupdate /sync" on Windows 2003 but it required to
reboot the machine(which is undesirable), the gpresult shows that the
Group Policy has been applied. I can't test the Windows 2000 yet as I
have no Windows 2000 Server that I can reboot during the working hours.

Is there other command to update the Group Policy, by means of Group
Policy Filtering, for Windows 2000 Server with SP4 and Window 2003 Server?

Thanks so much
 
F

Florian Frommherz

Howdy M. Eteum!

M. Eteum said:
Is there other command to update the Group Policy, by means of Group
Policy Filtering, for Windows 2000 Server with SP4 and Window 2003 Server?
Click to expand...

Your commands were correct, as far as I can see.

Where did you apply the GPO? Do the computers or users, that shall apply
the settings reside in the OU you assigned the GPO to? Did you specify
any WMI filters oder "security-ACL"-filters?

cheers,

Florian
 
M

M. Eteum

Florian said:
Howdy M. Eteum!



Your commands were correct, as far as I can see.

Where did you apply the GPO? Do the computers or users, that shall apply
the settings reside in the OU you assigned the GPO to? Did you specify
any WMI filters oder "security-ACL"-filters?

cheers,

Florian
Click to expand...

Thanks for the reply.
The GP resides in the OU and I did not specify any WMI filter. How do
you do use WMI filter in Group Policy?

The question is that why do I have to apply "gpupdate /sync" which
require a reboot, for the Windows 2003 to recognize the Group Policy?

I still could not test for the Windows 2000 since I have no spare server
to test it too(they are all in production). I presume it will work as
soon as I reboot the machine, but not sure though.

Thanks again.
 
F

Florian Frommherz

Howdy!

M. Eteum said:
The GP resides in the OU and I did not specify any WMI filter. How do
you do use WMI filter in Group Policy?
Click to expand...

Have a look at this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;555253
The question is that why do I have to apply "gpupdate /sync" which
require a reboot, for the Windows 2003 to recognize the Group Policy?
Click to expand...

Most policies can be applied during the background refresh that normally
occurs every 90 minutes (plus a random time span of max. 30 minutes,
iirc). Some policies do require a reboot to apply the changes as some
client side extentions need to load the new values (and require that
reboot for that) - such as software deployment, folder redirection, etc.
I still could not test for the Windows 2000 since I have no spare server
to test it too(they are all in production). I presume it will work as
soon as I reboot the machine, but not sure though.
Click to expand...

As said above: depending on which settings you made, it need to reboot
the machine.

cheers,

Florian
 
M

M. Eteum

Florian said:
Howdy!



Have a look at this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;555253


Most policies can be applied during the background refresh that normally
occurs every 90 minutes (plus a random time span of max. 30 minutes,
iirc). Some policies do require a reboot to apply the changes as some
client side extentions need to load the new values (and require that
reboot for that) - such as software deployment, folder redirection, etc.


As said above: depending on which settings you made, it need to reboot
the machine.

cheers,

Florian
Click to expand...

Actually, I'm only trying to configure WSUS thru Group Policy Security
Filtering, therefore I can apply the Group Policy on the Computers OU.

I created a Group Policy, named 'WSUS - AutoUpdateAutoRebootAnytime' and
apply it on the Computer OU.

I then, created a computer Security Groups, e.g. "WSUS Clients"
containing 16 servers(4-W2K3, 12-W2K), and using GPMC, under the Scope
-> Security Filtering, I removed the Authenticated Users and add the
newly created computer security group "WSUS Client".

Then I ran gpupdate /force on all the domain controllers, and the
4-W2K3, and secedit /refreshpolicy machine_policy on those 12-W2K servers.

Do I really need to reboot each server in order this Group Policy
Security Filtering to work?

Please advice.

Thanks
 
?

=?iso-8859-1?Q?Rodolfo_Parrado_Guti=E9rrez_=5BMVP=

some computers policies apply only when computer reboot, and other for users only when the user logoff/logon


--
---------------------------------------------------------------------------­-------------------------
Rodolfo Parrado Gutiérrez
https://mvp.support.microsoft.com/profile=ea9074bd-2810-4d32-868a-e09d07ff1244
Bogotá - Colombia
---------------------------------------------------------------------------­-------------------------
MVP Windows Server Security
MCT, MCSE, MCSA, MCDST, MCP+I
---------------------------------------------------------------------------­-------------------------
Este mensaje se proporciona "como está" sin garantías de ninguna índole, y no otorga ningún derecho.
---------------------------------------------------------------------------­-------------------------
 
M

M. Eteum

Rodolfo said:
some computers policies apply only when computer reboot, and other for users only when the user logoff/logon
Click to expand...
Thanks. Do you happen to know where to find info to what group policy
that needs computer reboot or user to logoff? Can I force reboot/logoff
after the policy change?

Thanks
 
?

=?iso-8859-1?Q?Rodolfo_Parrado_Guti=E9rrez_=5BMVP=

with XP/2003 run in the local client

gpupdate /force

in www.sysinternals.com download pstools and run

psexec \\computername_remote gpupdate /force

--
---------------------------------------------------------------------------­-------------------------
Rodolfo Parrado Gutiérrez
https://mvp.support.microsoft.com/profile=ea9074bd-2810-4d32-868a-e09d07ff1244
Bogotá - Colombia
---------------------------------------------------------------------------­-------------------------
MVP Windows Server Security
MCT, MCSE, MCSA, MCDST, MCP+I
---------------------------------------------------------------------------­-------------------------
Este mensaje se proporciona "como está" sin garantías de ninguna índole, y no otorga ningún derecho.
---------------------------------------------------------------------------­-------------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Time Service Policy not being applied -- going crazy!!! 1
Incorrect GPResult result 3
local security policy does not get applied 2
Group Policy Not Being Applied?? 11
Software installation problem 5
SUS Group Policy Help??? 3
Group Policy Processing differences ... 3
Windows XP Logon script location 3

Top