> I have an environment that does not have access to all domain> controllers by design. Is there a way to point to a specific domain> controller when updating group policy on a server or workstation? ThanksNo, there isn't. No direct way. But you maya) use site coverage (check out GPO settings in Computer Configuration -Policies - Administrative Templates - System - NetLogon - DC Locator DNSRecords)b) tweak DNS or hosts (not recommended)sincerely, Martin
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
According to the description, I understand that you want to run gpupdate /force on the DC via domain user.
If there is anything misunderstand, please feel free to let me know.
I have an environment that does not have access to all domain controllers by design.
>> This is a policy setting under Default Domain Controllers Policy: Computer Configuration -> Policies -> Windows Settings -> Security Setting -> User Rights Assignment -> Allow log on locally.
On workstations and servers: Administrators, Backup Operators, Power Users, Users, and Guest.
On domain controllers: Account Operators, Administrators, Backup Operators, Print Operators, and Server Operators.
For details: Allow log on locally (http://technet.microsoft.com/en-us/library/cc756809(v=ws.10).aspx)
We can add the domain user to Allow log on locally so that domain user can logon DC.
Is there a way to point to a specific domain controller when updating group policy on a server or workstation?
>> I'd like to suggest to use RDP to achieve the target:
Allow users to connect remotely using remote desktop Services
1. Windows Server 2008 and later: Computer Configuration ->Policies ->Administrative Templates ->Windows Components ->remote desktop Services ->remote desktop Session Host ->Connections ->Allow users to connect remotely using Remote Desktop Services
2. Window Server 2003: Computer Configuration ->Administrative Templates ->Windows Components ->Terminal Services ->Allow users to connect remotely using Terminal Services
1. Computer Configuration -> Policies -> Windows Settings -> Security Settings
2. Right-click Restricted Groups, and then click Add Group.
3. Click Browse, add Remote Desktop Users, click Ok.
4. Add the members what you want.
Allow log on through Terminal Services(RDS on DC)
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Terminal Services
Then, domain users can logon via RDP to run gpupdate /force.
Hope this helps!
TechNet Community Support
Thanks for posting in Microsoft TechNet forums.
As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
TechNet Community Support