Jump to content



Photo

GPO not updating on Client Workstations?


  • Please log in to reply
11 replies to this topic

#1 Prophecy

Prophecy

    Looking for the way...

  • Joined: 29-May 02

Posted 06 June 2008 - 19:26

Using this article http://technet.micro...echNet.10).aspx and others similar I am using the GPO on a 2k3 server to add port exceptions on XP SP2 Clients. However for some reason these changes are not taking and the syntax is right however they dont seem to be showing up on the workstations.

Even after using the cmd line and using gpupdate /force Nothing is taking. Even I restart the machines or log off and back on nothing seems to be taking.

Server(s) 2k3 latest updates
Machines are XP sp2

Any ideas why these changes arent taking effect?

example
115:TCP:localsubnet:enabled:ServiceName

Any ideas

Edited by Prophecy, 06 June 2008 - 19:43.



#2 majortom1981

majortom1981

    The crazy one

  • Tech Issues Solved: 1
  • Joined: 30-November 01

Posted 06 June 2008 - 19:29

Try using gpresult /r and see if the group policy is listed on the output.

Also if your not already use the group policy management tool . Its tons better then what is the default way of doing it.

#3 +JMann

JMann

    NeoRequest.net

  • Tech Issues Solved: 1
  • Joined: 12-May 03
  • Location: Somerset, UK

Posted 06 June 2008 - 19:44

Have you tried another workstation than the one you are currently testing this on? I experienced this problem on a DC when trying to roll out NOD32 Port Exclusion using GPO & NOD32 RA. On one PC it just failed to do anything, even with gpupdate /force; but on trying it with another workstation it worked ok with the gpupdate /force.

Computer account in AD, make sure that is also showing up another problem we found - yes the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything. :laugh:

Also try rejoining the Workstation to the domain, sometimes that can't jolt the GPO into action.

#4 Sophism

Sophism

    Neowinian Senior

  • Joined: 05-December 03
  • Location: Greenbelt, MD

Posted 06 June 2008 - 19:52

I would try rejoining the Workstation to the domain as JMann suggested, has worked for me in the past.

#5 OP Prophecy

Prophecy

    Looking for the way...

  • Joined: 29-May 02

Posted 06 June 2008 - 20:09

This is going on with numerous workstations, I really dont want to go to eachone and have them all re-add.

Any other ideas

#6 +JMann

JMann

    NeoRequest.net

  • Tech Issues Solved: 1
  • Joined: 12-May 03
  • Location: Somerset, UK

Posted 06 June 2008 - 20:13

This is going on with numerous workstations, I really dont want to go to eachone and have them all re-add.

Any other ideas


Ah apologies, I thought you were on the testing phase. ;) Can these machines in question take any GPO and apply it? Maybe just try setting up a demo GPO and test it to see if it works?

If it does I would of thought that the GPO for that Port you made was incorrect, and you would need to look into the setup again.

#7 Joel

Joel

    Neowinian Senior

  • Joined: 07-August 01

Posted 06 June 2008 - 22:06

the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything.

You have GOT to be kidding. :|

#8 bobbba

bobbba

    Neowinian Senior

  • Joined: 11-January 05
  • Location: England

Posted 07 June 2008 - 07:36

Try using gpresult /r and see if the group policy is listed on the output.

Also if your not already use the group policy management tool . Its tons better then what is the default way of doing it.


Do these first (specifically group management console>results) before you waste time on other more drastic measures like removing from the domain.

#9 +JMann

JMann

    NeoRequest.net

  • Tech Issues Solved: 1
  • Joined: 12-May 03
  • Location: Somerset, UK

Posted 07 June 2008 - 13:31

You have GOT to be kidding. :|


Believe me some clients we have to work for are complete idiots. :pinch:

#10 aclarke_31

aclarke_31

    Neowinian

  • Joined: 23-January 05

Posted 09 June 2008 - 09:02

the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything.


Well I'm shocked at that.... Why would they be in AD if there wasn't a purpose for them x.x

Makes me wonder how these people sleep at night >.<;

#11 justintjacob

justintjacob

    Resident One Post Wonder

  • Joined: 26-June 13

Posted 26 June 2013 - 10:28

You can use PsExec to update group policy to all client computers ,this is a sysinternal application ,using this we can run any command on a single  remote machine  or to all domain computers ,download Psexec and the syntax is follows

 

Psexec \\computer name command argument

 

for eg:

 

psexec \\computer1 gpupdate /force

 

if you need to gpupdate on all machine is a group policy you can the below command

 

psecec \\* gpupdate /force



#12 BeerFan

BeerFan

    Neowinian Senior

  • Joined: 19-July 06

Posted 27 June 2013 - 10:58

^^  Holy 5-year-old thread resurrection, batman!

 

But, still good and applicable information, even if the OP and everyone else is now 5 years older than they were then.  (Y)