locked
GPO only works with gpupdate /force RRS feed

  • Question

  • Hello, i am running server 2008 and applying a user gpo (IE settings).  for some reason multiple machines upon logon and reboot dont get the settings until a gpupdate /force is submitted.  I know the registry that is being modified and modify it and wait 10 hours and nothing happens.  As soon as i issue a gpupdate /force everything works properly. I ran gpresult and all  the proper gpos are being applied.

     

    Does anyone have a solution?


    ski3987
    Thursday, February 24, 2011 2:03 AM

Answers

  • Hi,

     

    For your information, after an administrator has linked a GPO, and the change has been replicated to the client’s domain controller, the GPO still needs to reach the client. This occurs during Group Policy refresh. You can either wait for a background refresh or force the refresh.

     

    For the clients which we need to run the command “gpupdate /force”, it may occur when the network is still not ready when the clients are rebooted. If you would like to ensure group policy is applied when rebooting, you may consider disabling Fast Logon feature. Refer to: Administrative Templates\System\Logon\Always wait for the network at computer startup and logon.

     

    As you said that “I know the registry that is being modified and modify it and wait 10 hours…”, do you mean the registry settings have been updated on the client, but the IE settings does not apply, please help clarify it.

     

    Before running “gpupdate /force”, please run “gpresult /v” to check whether the policy is applied on the client. If the policy is applied, the cause can be the Internet Explorer related settings.

     

    Also, please describe your GP settings briefly, so that I can reproduce the issue on my side, you can paste the gpresult here for research.

     

    Best Regards,

     

    Nina Liu

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, February 25, 2011 8:41 AM

All replies

  • Hello,

    if GPOs are not applied correct one reason can be DNS, so please post an unedited ipconfig /all from a problem machine and the DC/DNS servers of your domain.

    Did you make sure the that all DCs are in sync with repadmin command line?

    Is AD sites and services configured according to your physical topology?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, February 24, 2011 3:18 AM
  • Meinolf,

    Thank you for your reply.  Unfortenatly i cannot post too many details (IPs, etc).  I am not the domain admin, but am working with the team on this issue.  I can tell you that the DNS servers point to the DCs.  I will have the other folks check on your other requests.  Thank you very much.


    ski3987
    Thursday, February 24, 2011 3:35 AM
  • Hi,

     

    For your information, after an administrator has linked a GPO, and the change has been replicated to the client’s domain controller, the GPO still needs to reach the client. This occurs during Group Policy refresh. You can either wait for a background refresh or force the refresh.

     

    For the clients which we need to run the command “gpupdate /force”, it may occur when the network is still not ready when the clients are rebooted. If you would like to ensure group policy is applied when rebooting, you may consider disabling Fast Logon feature. Refer to: Administrative Templates\System\Logon\Always wait for the network at computer startup and logon.

     

    As you said that “I know the registry that is being modified and modify it and wait 10 hours…”, do you mean the registry settings have been updated on the client, but the IE settings does not apply, please help clarify it.

     

    Before running “gpupdate /force”, please run “gpresult /v” to check whether the policy is applied on the client. If the policy is applied, the cause can be the Internet Explorer related settings.

     

    Also, please describe your GP settings briefly, so that I can reproduce the issue on my side, you can paste the gpresult here for research.

     

    Best Regards,

     

    Nina Liu

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, February 25, 2011 8:41 AM
  • Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

     

    Best Regards,

    Nina


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, March 2, 2011 9:42 AM