Re: Group Policy refresh question
- From: Jorge_de_Almeida_Pinto <UseLinkToEmail@xxxxxxxxxxxxxxxxx>
- Date: 1 Jul 2005 23:36:05 -0400
"" wrote:
> This question concerns a WinServer 2003 environment, but I
> didn't see a
> discussion group for Win2k3 Active Directory :-( This
> question is about the
> mechanics of Group Policy refresh.
>
> I understand Group Policy refreshes at a preset interval. I'm
> also pretty
> sure Group Policy will refresh when you reboot a computer.
>
> Last night I made adjustments to Group Policy. I then ran
> gpupdate /force
> on the workstation to apply those changes immediately. After
> running it, the
> gpupdate process required me to reboot the computer.
>
> So here's my question. Why not just reboot a computer if
> gpupdate is going
> to require you to reboot anyway??? Why bother with gpupdate
> /force?
>
> I see all the MS docs about the refresh interval - but that
> concerns PCs
> that are running and won't be rebooted. They'll get the
> update at the
> interval.
> If I don't want to wait, MS suggests using gpupdate, but they
> don't suggest
> rebooting as a method to immediately apply the new policy.
> Won't it do the
> same thing?
>
> Thanks in advance for your help.
this might have to do with the by default enabled fast logon
optimization
what is your setting for the following GPO setting:
Always wait for the network at computer startup and logon (admin
templates - system - logon)
DESCRIPTION:
Determines whether Windows XP waits for the network during computer
startup and user logon. By default, Windows XP does not wait for the
network to be fully initialized at startup and logon. Existing users
are logged on using cached credentials, which results in shorter logon
times. Group Policy is applied in the background once the network
becomes available.
Note that because this is a background refresh, extensions such as
Software Installation and Folder Redirection take two logons to apply
changes. To be able to operate safely, these extensions require that
no users be logged on. Therefore, they must be processed in the
foreground before users are actively using the computer. In addition,
changes that are made to the user object, such as adding a roaming
profile path, home directory, or user object logon script, may take up
to two logons to be detected.
If a user with a roaming profile, home directory, or user object logon
script logs on to a computer, Windows XP always waits for the network
to be initialized before logging the user on.
If a user has never logged on to this computer before, Windows XP
always waits for the network to be initialized.
If you enable this setting, logons are performed in the same way as
for Windows 2000 clients, in that Windows XP waits for the network to
be fully initialized before users are logged on. Group Policy is
applied in the foreground, synchronously.
If you disable or do not configure this setting, Windows does not wait
for the network to be fully initialized and users are logged on with
cached credentials. Group Policy is applied asynchronously in the
background.
Note: If you want to guarantee the application of Folder Redirection,
Software Installation, or roaming user profile settings in just one
logon, enable this setting to ensure that Windows waits for the
network to be available before applying policy.
Note: For servers, the startup and logon processing always behaves as
if this policy setting is enabled.
Cheers,
--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-Group-Policy-refresh-ftopict551692.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1748287
.
- Prev by Date: Re: Re: Active Directory Users and Computers Tool
- Next by Date: Re: Re: Password Restrictions
- Previous by thread: Re: Re: Active Directory Users and Computers Tool
- Next by thread: Re: Trust Between 2 domain Controllers
- Index(es):
Relevant Pages
|
