Computer Accounts Group Membership

[Bhargav Shukla]

We are trying to figure out a way so that we can put our servers in a group
and apply a group policy to that group.

The problem is:

When we add computers to groups, and attach a GPO to it, it will not take
effect until we reboot the server (to make computer's group membership
effective). This essentially results in touching every server (we have to
work on 250) for automation. Ultimate result? no automation.

How can we force a computer group membership to take effect immediately
instead or relying on computer reboot schedules? We cannot reboot all 250
servers out of their reboot schedule just to make them member of certain
group.

Thanks for all your help.

TIA,
Bhargav

 

[Chriss3]

Default GPO Refresh time is 90minutes.

You can self change the time by define Group Policy refresh interval for
computers or Group Policy refresh interval for domain controllers within a
Group Policy

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1

 

[Marco]

SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE:

may work: the doc states that only updates the Group Policy settings for the
secedit client side extension. It will not refresh any other settings.

 

[Bhargav Shukla]

Forgot to mention, The refresh does not seem to change computer's group
membership.

 

[Bhargav Shukla]

Forgot to mention secedit does nto change group membership of the computer
account. I tried that with no success.

Thanks,
Bhargav

SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE:

may work: the doc states that only updates the Group Policy settings for the
secedit client side extension. It will not refresh any other settings.

--
Execute applications with elevated privileges [ www.neovalens.com ]
--

We are trying to figure out a way so that we can put our servers in a group
and apply a group policy to that group.

The problem is:

When we add computers to groups, and attach a GPO to it, it will not take
effect until we reboot the server (to make computer's group membership
effective). This essentially results in touching every server (we have to
work on 250) for automation. Ultimate result? no automation.

How can we force a computer group membership to take effect immediately
instead or relying on computer reboot schedules? We cannot reboot all 250
servers out of their reboot schedule just to make them member of certain
group.

Thanks for all your help.

TIA,
Bhargav

 

[Chriss3]

Bhargav I suppose you have to renew the Kerberos ticket to go around this.

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1