none
unable to apply GPO setting without running gpupdate /force

    Question

  • I am trying to deploy a root certificate using GPO. The problem is the certificate won't install into the local certificate store until I run the gpupdate /force command. When I checked the Windows client using gpresult, it did show that the GPO was applied.

    Any thought? Thanks

    Thursday, February 23, 2017 8:00 PM

All replies

  • examine the event logs on the pc (or if it's an older OS, you may need to enable verbose logging).

    check for the events around the time of pc startup (that's when the underlying GPSvc starts up).

    is there a problem recorded? Is the network available at the correct time?

    eg, in some wireless or vpn scenarios, and even sometimes in wired LAN scenarios, there can be some delay in attaching to the network (due to authentication or negotiation) and this *can* be the cause of "no computer/startup gpo running".

    In such scenarios, by the time the user logs on, and either forces a refresh, or a scheduled refresh occurs, the relevant network authentication/negotiation has occurred so it works fine at that later point in time.

    you *can* consider the use of the gpo setting "wait for network", but that can be troublesome in some scenarios, it can degrade the startup/logon times a lot...

    In Windows 7, MSFT did introduce a number of 'improvements/efficiencies', and that included startup time improvements, which basically means "don't always process GPO at startup, do that later it's ok".... [except, it's not always ok....]


    Don [doesn't work for MSFT, and they're probably glad about that ;]



    Thursday, February 23, 2017 8:37 PM
  • Thanks for the quick reply. 

    I have left the machine running for few days and didn't see any change until I did the gpupdate /force.

    I will check the GPSrv log tomorrow. 

    Thursday, February 23, 2017 8:50 PM
  • Hi,

    Was your issue resolved? If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, February 27, 2017 8:15 AM
    Moderator