Restricted Group Policy not working in timely manner
From: boomboom21 (chris.boom_at_qci.com)
Date: 12/09/04
- Next message: Darren Mar-Elia: "Re: Restricted Group Policy not working in timely manner"
- Previous message: Derek Schauland: "GPMC"
- Next in thread: Darren Mar-Elia: "Re: Restricted Group Policy not working in timely manner"
- Reply: Darren Mar-Elia: "Re: Restricted Group Policy not working in timely manner"
- Messages sorted by: [ date ] [ thread ]
Date: 9 Dec 2004 12:15:54 -0800
We have defined "Domain Admins" as a restricted group in the Default
Domain Policy GPO. The problem is that if we add someone to the
restricted group it can take well over a couple hours for the policy to
remove that user from the group. A normal GPUPDATE will not do
anything, but a "GPUPDATE /FORCE" ran on a DC does work to force the
policy to remove the user from the restricted group. The only
difference between GPUPDATE and GPUPDATE /FORCE (from what I can tell)
is that GPUPDATE only refreshes policies that have changed....and
GPUPDATE /FORCE refreshes all policies regardless of change???
GPO Refresh Frequency has not been modified from default settings. If
I'm correct, this policy should be refreshed on DC's every 5 minutes by
default. I am not seeing any GPO errors in the Event Log. Any ideas
what could be causing this delay?
Thanks
- Next message: Darren Mar-Elia: "Re: Restricted Group Policy not working in timely manner"
- Previous message: Derek Schauland: "GPMC"
- Next in thread: Darren Mar-Elia: "Re: Restricted Group Policy not working in timely manner"
- Reply: Darren Mar-Elia: "Re: Restricted Group Policy not working in timely manner"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
