Manual Update Group Policy on Windows 2000 Server

  • Thread starter Thread starter Guest
  • Start date Start date
Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I recently created a group policy that is applicable to machines via
secuirty group membership in Active Directory. So, for example I have
a Group Policy named GP1 associated with a container in Active
Directory. Additionally, I created group that servers have to be a
member of in order to receive the Group Policy settings.

I've added several servers to the group which makes the group policy
applicable to them. However, the GPO settings are applied to the
servers after a reboot. Is there a way to manually push the new group
policy to the servers without rebooting them? The servers are Windows
2000 boxes and I've tried running secedit /refreshpolicy
MACHINE_POLICY /enforce to no avail.

Thanks.
-n
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Not that I know of. The machines don't have the group membership in their
session token and this is necessary to access thte GPO.

--
--
Brian Desmond
Windows Server MVP
desmondb@payton.cps.k12.il.us

Http://www.briandesmond.com


"nasteric" <nasteric@yahoo.com> wrote in message
news:e651d8ae.0410231548.361eca51@posting.google.com...
> I recently created a group policy that is applicable to machines via
> secuirty group membership in Active Directory. So, for example I have
> a Group Policy named GP1 associated with a container in Active
> Directory. Additionally, I created group that servers have to be a
> member of in order to receive the Group Policy settings.
>
> I've added several servers to the group which makes the group policy
> applicable to them. However, the GPO settings are applied to the
> servers after a reboot. Is there a way to manually push the new group
> policy to the servers without rebooting them? The servers are Windows
> 2000 boxes and I've tried running secedit /refreshpolicy
> MACHINE_POLICY /enforce to no avail.
>
> Thanks.
> -n
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Brian is right. The server does not have its new group SID in its token.
However, you can delete all machine account kerberos tickets, then force the
update.
But this requires getting kerbtray or klist (resource kit tools) on the
server, then setup a script to run in the system context to delete the
tickets.
Much easier to reboot IMHO


"Brian Desmond [MVP]" <desmondb@payton.cps.k12.il.us> wrote in message
news:eHiTFrXuEHA.2804@TK2MSFTNGP14.phx.gbl...
> Not that I know of. The machines don't have the group membership in their
> session token and this is necessary to access thte GPO.
>
> --
> --
> Brian Desmond
> Windows Server MVP
> desmondb@payton.cps.k12.il.us
>
> Http://www.briandesmond.com
>
>
> "nasteric" <nasteric@yahoo.com> wrote in message
> news:e651d8ae.0410231548.361eca51@posting.google.com...
>> I recently created a group policy that is applicable to machines via
>> secuirty group membership in Active Directory. So, for example I have
>> a Group Policy named GP1 associated with a container in Active
>> Directory. Additionally, I created group that servers have to be a
>> member of in order to receive the Group Policy settings.
>>
>> I've added several servers to the group which makes the group policy
>> applicable to them. However, the GPO settings are applied to the
>> servers after a reboot. Is there a way to manually push the new group
>> policy to the servers without rebooting them? The servers are Windows
>> 2000 boxes and I've tried running secedit /refreshpolicy
>> MACHINE_POLICY /enforce to no avail.
>>
>> Thanks.
>> -n
>
>
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks all for your help. That sounds right!


"Brian Desmond [MVP]" <desmondb@payton.cps.k12.il.us> wrote in message news:<eHiTFrXuEHA.2804@TK2MSFTNGP14.phx.gbl>...
> Not that I know of. The machines don't have the group membership in their
> session token and this is necessary to access thte GPO.
>
> --
> --
> Brian Desmond
> Windows Server MVP
> desmondb@payton.cps.k12.il.us
>
> Http://www.briandesmond.com
>
>
> "nasteric" <nasteric@yahoo.com> wrote in message
> news:e651d8ae.0410231548.361eca51@posting.google.com...
> > I recently created a group policy that is applicable to machines via
> > secuirty group membership in Active Directory. So, for example I have
> > a Group Policy named GP1 associated with a container in Active
> > Directory. Additionally, I created group that servers have to be a
> > member of in order to receive the Group Policy settings.
> >
> > I've added several servers to the group which makes the group policy
> > applicable to them. However, the GPO settings are applied to the
> > servers after a reboot. Is there a way to manually push the new group
> > policy to the servers without rebooting them? The servers are Windows
> > 2000 boxes and I've tried running secedit /refreshpolicy
> > MACHINE_POLICY /enforce to no avail.
> >
> > Thanks.
> > -n
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom