none
Can we seed DA configuration on remote machines, without running GPUPDATE. RRS feed

  • Question

  • Hello,

    I cannot run gpupdate on remote win 8 or 7 machine, until they are connected to DA first.

    but when DA settings are completely gone, is there way to copy them from 1 machine and inject them to a remote one.

    offcource I cannot gpupdate.

    Thanks

    Monday, November 25, 2013 6:57 AM

Answers

  • Hi,

    With Powershell 3.0 you have invoke-gpupdate commandlet you can use to remotely update group Policy throught DirectAccess.

    For non VPN client, there is no solution. Only way is to use Security compliance Manager to generate a local-GPO to be imported on client computers. This is not domain GPO way but local GPO way.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Marked as answer by Beadmin Wednesday, November 27, 2013 7:21 AM
    Tuesday, November 26, 2013 10:12 AM

All replies

  • Hi

    If you cannot run the GPUPDATE.EXE command to force group Policy update, this process is automatically performed by the operating system each 90-120 minutes. And Evry Ten hours (from memory), system perform a GPUPDATE /FORCE. But if computer group membership changed (added/removed to security group used by group Policy), a new Kerberos ticket will be required. Kerberos tickets are valid during 10 hours by default.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, November 25, 2013 3:01 PM
  • Thanks Benoit for this information.

    But I am looking for this information for remote clients, home users which are not connected to any VPN yet.

    since they dont have domain access to send gpupdate, so my question is  "can I configure das cleint manually"

    Tuesday, November 26, 2013 9:45 AM
  • Hi,

    With Powershell 3.0 you have invoke-gpupdate commandlet you can use to remotely update group Policy throught DirectAccess.

    For non VPN client, there is no solution. Only way is to use Security compliance Manager to generate a local-GPO to be imported on client computers. This is not domain GPO way but local GPO way.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Marked as answer by Beadmin Wednesday, November 27, 2013 7:21 AM
    Tuesday, November 26, 2013 10:12 AM