GPO not updating on Client Workstations?

[Prophecy]

Using this article http://technet.microsoft.com/en-us/library...echNet.10).aspx and others similar I am using the GPO on a 2k3 server to add port exceptions on XP SP2 Clients. However for some reason these changes are not taking and the syntax is right however they dont seem to be showing up on the workstations.

Even after using the cmd line and using gpupdate /force Nothing is taking. Even I restart the machines or log off and back on nothing seems to be taking.

Server(s) 2k3 latest updates

Machines are XP sp2

Any ideas why these changes arent taking effect?

example

115:TCP:localsubnet:enabled:ServiceName

Any ideas

Edited June 6, 2008 by Prophecy

[majortom1981]

Try using gpresult /r and see if the group policy is listed on the output.

Also if your not already use the group policy management tool . Its tons better then what is the default way of doing it.

[JMann Veteran]

Have you tried another workstation than the one you are currently testing this on? I experienced this problem on a DC when trying to roll out NOD32 Port Exclusion using GPO & NOD32 RA. On one PC it just failed to do anything, even with gpupdate /force; but on trying it with another workstation it worked ok with the gpupdate /force.

Computer account in AD, make sure that is also showing up another problem we found - yes the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything. :laugh:

Also try rejoining the Workstation to the domain, sometimes that can't jolt the GPO into action.

[Sophism]

I would try rejoining the Workstation to the domain as JMann suggested, has worked for me in the past.

[Prophecy]

This is going on with numerous workstations, I really dont want to go to eachone and have them all re-add.

Any other ideas

[JMann Veteran]

This is going on with numerous workstations, I really dont want to go to eachone and have them all re-add.

Any other ideas

Ah apologies, I thought you were on the testing phase. ;) Can these machines in question take any GPO and apply it? Maybe just try setting up a demo GPO and test it to see if it works?

If it does I would of thought that the GPO for that Port you made was incorrect, and you would need to look into the setup again.

[Joel]

the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything.

You have GOT to be kidding. :|

[bobbba]

Try using gpresult /r and see if the group policy is listed on the output.

Also if your not already use the group policy management tool . Its tons better then what is the default way of doing it.

Do these first (specifically group management console>results) before you waste time on other more drastic measures like removing from the domain.

[JMann Veteran]

You have GOT to be kidding. :|

Believe me some clients we have to work for are complete idiots. :pinch:

[aclarke_31]

the Network Admin at the client site was deleting Computer Accounts in AD as he thought they didn't do anything.

Well I'm shocked at that.... Why would they be in AD if there wasn't a purpose for them x.x

Makes me wonder how these people sleep at night >.<;

[justintjacob]

You can use PsExec to update group policy to all client computers ,this is a sysinternal application ,using this we can run any command on a single  remote machine  or to all domain computers ,download Psexec and the syntax is follows

 

Psexec \\computer name command argument

 

for eg:

 

psexec \\computer1 gpupdate /force

 

if you need to gpupdate on all machine is a group policy you can the below command

 

psecec \\* gpupdate /force

[BeerFan]

^^  Holy 5-year-old thread resurrection, batman!

 

But, still good and applicable information, even if the OP and everyone else is now 5 years older than they were then.  (Y)