Sign in to follow this  
Followers 0

GPO not updating on Client Workstations?

12 posts in this topic

Posted (edited)

Using this article http://technet.microsoft.com/en-us/library...echNet.10).aspx and others similar I am using the GPO on a 2k3 server to add port exceptions on XP SP2 Clients. However for some reason these changes are not taking and the syntax is right however they dont seem to be showing up on the workstations.

Even after using the cmd line and using gpupdate /force Nothing is taking. Even I restart the machines or log off and back on nothing seems to be taking.

Server(s) 2k3 latest updates

Machines are XP sp2

Any ideas why these changes arent taking effect?

example

115:TCP:localsubnet:enabled:ServiceName

Any ideas

Edited by Prophecy

Share this post


Link to post
Share on other sites

Posted

Try using gpresult /r and see if the group policy is listed on the output.

Also if your not already use the group policy management tool . Its tons better then what is the default way of doing it.

Share this post


Link to post
Share on other sites

Posted

Have you tried another workstation than the one you are currently testing this on? I experienced this problem on a DC when trying to roll out NOD32 Port Exclusion using GPO & NOD32 RA. On one PC it just failed to do anything, even with gpupdate /force; but on trying it with another workstation it worked ok with the gpupdate /force.

Computer account in AD, make sure that is also showing up another problem we found - yes the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything. :laugh:

Also try rejoining the Workstation to the domain, sometimes that can't jolt the GPO into action.

Share this post


Link to post
Share on other sites

Posted

I would try rejoining the Workstation to the domain as JMann suggested, has worked for me in the past.

Share this post


Link to post
Share on other sites

Posted

This is going on with numerous workstations, I really dont want to go to eachone and have them all re-add.

Any other ideas

Share this post


Link to post
Share on other sites

Posted

This is going on with numerous workstations, I really dont want to go to eachone and have them all re-add.

Any other ideas

Ah apologies, I thought you were on the testing phase. ;) Can these machines in question take any GPO and apply it? Maybe just try setting up a demo GPO and test it to see if it works?

If it does I would of thought that the GPO for that Port you made was incorrect, and you would need to look into the setup again.

Share this post


Link to post
Share on other sites

Posted

the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything.

You have GOT to be kidding. :|

Share this post


Link to post
Share on other sites

Posted

Try using gpresult /r and see if the group policy is listed on the output.

Also if your not already use the group policy management tool . Its tons better then what is the default way of doing it.

Do these first (specifically group management console>results) before you waste time on other more drastic measures like removing from the domain.

Share this post


Link to post
Share on other sites

Posted

You have GOT to be kidding. :|

Believe me some clients we have to work for are complete idiots. :pinch:

Share this post


Link to post
Share on other sites

Posted

the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything.

Well I'm shocked at that.... Why would they be in AD if there wasn't a purpose for them x.x

Makes me wonder how these people sleep at night >.<;

Share this post


Link to post
Share on other sites

Posted

You can use PsExec to update group policy to all client computers ,this is a sysinternal application ,using this we can run any command on a single  remote machine  or to all domain computers ,download Psexec and the syntax is follows

 

Psexec \\computer name command argument

 

for eg:

 

psexec \\computer1 gpupdate /force

 

if you need to gpupdate on all machine is a group policy you can the below command

 

psecec \\* gpupdate /force

Share this post


Link to post
Share on other sites

Posted

^^  Holy 5-year-old thread resurrection, batman!

 

But, still good and applicable information, even if the OP and everyone else is now 5 years older than they were then.  (Y)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.