none
Group Policy Not Applying Immediately

    Frage

  • Here is the scenario.

    I created a new group policy for my own computer. In the scope I removed Authenticated Users and added my user and computer accounts and checked permissions to ensure both had READ and APPLY GP rights. As we have two DCs, I checked to make sure the policy had replicated to the other DC. I ran GPUPDATE on my computer, but GPRESULT /R did not show the new policy as either applied or filtered out. I ran GPUPDATE /FORCE, checked results again, and they were the same. I rebooted my computer a couple of times. Still no application of the new GP. 

    As I had observed this behavior before, I did nothing else and waited until the next day. Sure enough, this morning the new GP is now showing it is applied when running GPRESULT /R. 

    Am I missing a step somewhere? Once the new GP has been created, linked, etc, shouldn't it be available for use immediately? There is a process that seems to be running on the server overnight that makes the new GP available. That's my impression, but nowhere in my Google research have I found that something needs to be done at the server level to make a new GP usable by client computers. Walking away and waiting until the next day does the trick, but when trying to troubleshoot GPs you can certainly understand how that can make the task extremely difficult.

    Any thoughts or suggestions? Thanks for any help provided. 

    Donnerstag, 17. Mai 2018 15:51

Alle Antworten

  • Hi,

    May I ask whether you have two sites and the two DCs are not in the same site?

    If yes, that would be an expected behavior as policy settings of a GPO is stored in two locations:

    Group Policy Container (GPC)

    The Group Policy container (GPC) is an Active Directory container that contains GPO properties, such as version information, GPO status, and other component settings.

    Replicated using Active Directory replication

    Group Policy Template (GPT)

    The Group Policy template (GPT) is a file system folder that includes policy data specified by .adm files, security settings, script files, and information about applications that are available for installation. The GPT is located in the system volume folder (SysVol) in the domain \Policies subfolder.

    Replicated by the File Replication Service.

    For your reference:

    https://msdn.microsoft.com/en-us/library/aa374180(v=vs.85).aspx

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc772726(v%3dws.10)

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc755994(v%3dws.10)


    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Freitag, 18. Mai 2018 06:24
  • William,

    I will check out the reference material you provided.

    We have two virtual DCs on two different virtual hosts in the same site. They are physically stacked one on top of the other, and both on the same network. My computer is on the same network in the same site as the two DCs mentioned above.

    FYI, we have a second site at another campus with another DC with both networks connected via VPN. 

    Freitag, 18. Mai 2018 13:49