Manual Update Group Policy on Windows 2000 Server

  • Thread starter Thread starter nasteric
  • Start date Start date
N

nasteric

I recently created a group policy that is applicable to machines via
secuirty group membership in Active Directory. So, for example I have
a Group Policy named GP1 associated with a container in Active
Directory. Additionally, I created group that servers have to be a
member of in order to receive the Group Policy settings.

I've added several servers to the group which makes the group policy
applicable to them. However, the GPO settings are applied to the
servers after a reboot. Is there a way to manually push the new group
policy to the servers without rebooting them? The servers are Windows
2000 boxes and I've tried running secedit /refreshpolicy
MACHINE_POLICY /enforce to no avail.

Thanks.
-n
 
Not that I know of. The machines don't have the group membership in their
session token and this is necessary to access thte GPO.

--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us

Http://www.briandesmond.com
 
Brian is right. The server does not have its new group SID in its token.
However, you can delete all machine account kerberos tickets, then force the
update.
But this requires getting kerbtray or klist (resource kit tools) on the
server, then setup a script to run in the system context to delete the
tickets.
Much easier to reboot IMHO
 
Thanks all for your help. That sounds right!


Brian Desmond said:
Not that I know of. The machines don't have the group membership in their
session token and this is necessary to access thte GPO.

--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us

Http://www.briandesmond.com
Click to expand...
 
Back
Top