GPO not updating on Client Workstations?


Recommended Posts

Using this article http://technet.microsoft.com/en-us/library...echNet.10).aspx and others similar I am using the GPO on a 2k3 server to add port exceptions on XP SP2 Clients. However for some reason these changes are not taking and the syntax is right however they dont seem to be showing up on the workstations.

Even after using the cmd line and using gpupdate /force Nothing is taking. Even I restart the machines or log off and back on nothing seems to be taking.

Server(s) 2k3 latest updates

Machines are XP sp2

Any ideas why these changes arent taking effect?

example

115:TCP:localsubnet:enabled:ServiceName

Any ideas

Edited by Prophecy
Link to comment
Share on other sites

Try using gpresult /r and see if the group policy is listed on the output.

Also if your not already use the group policy management tool . Its tons better then what is the default way of doing it.

Link to comment
Share on other sites

Have you tried another workstation than the one you are currently testing this on? I experienced this problem on a DC when trying to roll out NOD32 Port Exclusion using GPO & NOD32 RA. On one PC it just failed to do anything, even with gpupdate /force; but on trying it with another workstation it worked ok with the gpupdate /force.

Computer account in AD, make sure that is also showing up another problem we found - yes the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything. :laugh:

Also try rejoining the Workstation to the domain, sometimes that can't jolt the GPO into action.

Link to comment
Share on other sites

This is going on with numerous workstations, I really dont want to go to eachone and have them all re-add.

Any other ideas

Ah apologies, I thought you were on the testing phase. ;) Can these machines in question take any GPO and apply it? Maybe just try setting up a demo GPO and test it to see if it works?

If it does I would of thought that the GPO for that Port you made was incorrect, and you would need to look into the setup again.

Link to comment
Share on other sites

Try using gpresult /r and see if the group policy is listed on the output.

Also if your not already use the group policy management tool . Its tons better then what is the default way of doing it.

Do these first (specifically group management console>results) before you waste time on other more drastic measures like removing from the domain.

Link to comment
Share on other sites

the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything.

Well I'm shocked at that.... Why would they be in AD if there wasn't a purpose for them x.x

Makes me wonder how these people sleep at night >.<;

Link to comment
Share on other sites

  • 5 years later...

You can use PsExec to update group policy to all client computers ,this is a sysinternal application ,using this we can run any command on a single  remote machine  or to all domain computers ,download Psexec and the syntax is follows

 

Psexec \\computer name command argument

 

for eg:

 

psexec \\computer1 gpupdate /force

 

if you need to gpupdate on all machine is a group policy you can the below command

 

psecec \\* gpupdate /force

Link to comment
Share on other sites

^^  Holy 5-year-old thread resurrection, batman!

 

But, still good and applicable information, even if the OP and everyone else is now 5 years older than they were then.  (Y)

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.