Re-appling Group Polices 1

[Mark2K]

Hi all,

I have a custom adm file that re-points the All users folders to the server. We have created a special user that runs an install script that goes through a list of programs and installs any that haven't been installed. This works fine except it places all the shortcuts on the server. The only way we've managed to bypass this is to import a reg file that re-points the folders back to the local computer. However, when an ordinary user logs on the start menu shows the local computers All Users folder.

So, is there away of making the computer reapply the group policy each time the computer boots up?

Many Thanks

Mark

 

[Stevehewitt]

Huh? Don't happen to have an English version of that do you!

Sorry, what exactly are you trying to do?


Steve
MCP Win2k

 

[Mark2K]

Hi Stevehewitt,

Sorry about that, I will try again

Bascially, is there away to force a computer to re-apply a policy even if it hasn't changed?

Hope this is better

Mark

 

[Stevehewitt]

To my knowledge, if you have a script in the logon/logoff part of a GP then it always gets reapplied regardless of changes.

What part of the GP isn't working?


Steve
MCP Win2k

P.S. Sorry, your surname doesn't happen to be Jakes does it?!

 

[Mark2K]

Hi Stevehewitt,

As far as I can tell, the GP is working fine. I'm just manually changing it when a specail user logs on through importing a reg file. The problem is, the computer doesn't reapply the GP on a reboot and as such, any user that logs on after, gets the same settings as the specail user.

I think it doesn't re-apply the GP (and please correct me if I'm wrong) because the computer side of the GP will only be re-applied if it detects a change in the policy and since I'm not modifing the policy (I'm importing a reg file when this special user logs in), the computer is unaware that it has changed.

I hope this makes sense.

Mark

PS, No my surname is not Jakes

 

[Stevehewitt]

OK, I think I'm getting it now...(Getting low on the caffine!)

I have only used this script to refresh the GP's after I have made a change. Only ever ran it on the server though.

rem Refreshes the Machine Policy in AD
secedit /refreshpolicy machine_policy /enforce

rem Refreshes the User Policy in AD
secedit /refreshpolicy user_policy /enforce

Slap it in a batch file and away you go. I don't know how often you need to refresh the policies. (E.G. how often this special user logs on). If its every 30 mins or so then I personally would whack it in schduled tasks.

You may also be interested in the following Group Policy:

Computer Configuration
|
|_Administrative Tools
|
|_System
|
|_Group Policy
|
|_Group Policy Refresh interval for computers

Maybe one or two more in there aswell.

Hope this helps!!!

Steve.

P.S. Sorry about the surname thing, it was a long shot!

 

[Mark2K]

Hi Steve,

I will give it a try on Monday and will get back to you.

The special user is used by us to automate software installations.

Many thanks for your help.

Mark

 

[Mark2K]

Hi Steve,

Sorry for the deley in getting back to you. I added it to the log on script but with no luck. All I can say is it can't be what I'm thinking it was.

Mark

 

[Stevehewitt]

I have done a few tests, and the script does what it should. Seems like that isn't the problem.



Steve.

 

[Mark2K]

That's my thought

Mark

 

[FeetofClay]

Don't know whether this will help but you can force a GPO refresh on a client pc by running GPUPDATE at a command prompt.

 

[Mark2K]

Hi Freetofclay,

I can't find the gpupdate program. I've search through the hard drive (both Win2k Pro and Server) but I can't find it.

Mark

 

[Stevehewitt]

Hey,

No, I can't say that I have heard of it.

Mark, let me clarify something:

You want to re-enforce a Group Policy that you have set back to a client as something has changed?
Group Polices should override any settings on clients after a reboot. Certianly the script I use does the trick. If I make any change now and reboot any one of my clients it will recognise the change at the next logon. Even without the script.

Are you using Windows 2000 or Windows XP?

 

[Mark2K]

Hi Stevehewitt,

Sorry for the delay, its been a bit busy here

We are using Win2k Pro on the clients and Win2k Advanced Server.

I thought that re-enforceing a group policy would be what I was looking for. However after trying your secedit script nothing changed so I am starting to wonder if it is the problem after all.

Many thanks
Mark

 

[Stevehewitt]

I don't think it is the problem. Like I said, Windows doesn't even need the script for changes - infact many changes take place just a few seconds after you modify the group policy.

I would take this from a different angle. Instead of looking for a way around the problem, address the cause. Why do you need to make these changes to the system? What changes does this installation user cause to the system that requires GP to have to be re-enforced etc...

Is there another way round?

Good Luck,

Steve.

Steve.