Re: DST Updates Deployed via Group Policy

In KB914387 Microsoft gives you the registry keys that need to be changed
for W2K. Aren't these "patches" for XP and 2003 just the same registry
entries in a
patch file or is there something more to it?

I am in the EST time zone and when I applied the XP patch to my computer I
saw that my EST reg entries were the same as my 2003 server and 2000
workstations that I patched so far. If these patches are just registry
entries can't I just create a policy to deploy these registry entries to all
computers

There is a FREE utility from DesktopStandards callled PolicyMaker Registry
Extensions to import the registry keys easily and automatically via Group
Policies. Could I just make this a domain policy and never have to worry
about patching a computer in the future regardless of XP, 2000, or 2003?


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:%23$TENjLYHHA.4368@xxxxxxxxxxxxxxxxxxxxxxx

"Jeff" <Jeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:08CD91E4-A618-477E-9874-101C2C366F21@xxxxxxxxxxxxxxxx
Thanks for the reply. Yes, your description is accurate, however a
previous
response to my post (from Florian) states that a GPO cannot be linked to
a
Security Group. I thought that it could, but now that its not working, I
can
see that this must be true (I need to brush up on ADS skills). However,
I
WAS able to select the group in the GPO editor so I assumed that it could
work without creating an OU and moving computer accounts there.


But, if you did do as I had described, then you used what is called
security group filtering. If the GPO carries computer section settings,
and if you have removed Authenticated Users and replaced this with
your custom group for the Read/Apply settings, then the GPO will
be applied by machines that are members of that custom group,
provided
1) the GPO is linked so that the computers are within its scope
(i.e. linked to the domain, or to an OU that has the computer
objects within or within a sub-OU of the link-point)
2) if the computers at in an OU, that OU is not blocking inheritance
if the GPO is linked at site, domain, or a higher OU level
3) a later applied GPO does not reset the policy values - not a
concern here where you are using (startup ?) script
4) things are working, that is, the machines are being healthy little
domain members and GPO distribution is working

I am using one machine to test the script at the moment and rebooting it
did
not apply the update, however I have not tested the script locally on the
machine from the Netlogon share because this is the only machine I can
test
without disrupting users at the moment.

No troubleshooting steps except for checking for log entries, however I
am
going to run the policy from an OU as opposed to the group and test it.
--
Thanks, Jeff


"Roger Abell [MVP]" wrote:

So, you are having a startup or shutdown script run, as defined
in a GPO that you have filtered by use of a security group that
you defined having the machine accounts of W2k machines as
members. This security filtered GPO you have then linked to
the domain, or otherwise sufficiently high that all W2k machine
objects are within its scope of application.
Is this correct?
Have the W2k machines rebooted (needed to see the new group
membership as well as to cause the script to run)?
If you place something simple in the script, like
echo this junk > c:\text.txt
can you verify that the script is running?
If you log into one of the machines as an admin can you
manually run the script sourced from the network location ?
What other troubleshooting step/info have your taken/gathered?

Roger

"Jeff" <Jeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C458D398-DD94-4391-B4E2-6CCF8114AC2B@xxxxxxxxxxxxxxxx
Hello everyone,

Although our shop is mostly XP Pro, sp2 and 2003 servers, we have some
Windows 2000 Pro machines and 2 Windows 2000 Servers that require this
update. I've followed instructions in the following KB article:

http://support.microsoft.com/kb/914387/en-us

and all the scripts are setup and replicated, yet none of my windows
2000
machines are getting the update. I have setup a specific group for
Windows
2000 machines and created the GPO object to run that script. We are
using
Windows 2003 servers running ADS.

Any ideas?


--
Thanks, Jeff






.

Relevant Pages

  • Re: DST Updates Deployed via Group Policy
    ... Aren't these "patches" for XP and 2003 just the same registry ... WAS able to select thegroupin the GPO editor so I assumed that it ... things are working, that is, the machines are being healthy little ... however I have not tested the script locally on ...
    (microsoft.public.windows.group_policy)
  • Re: Norton Personal Firewall 2003
    ... Most applications do not get rid of all the registry ... entries when you do an uninstall from the control panel applet. ... NPF is trying to make their firewall less ... So i'm using nav on all machines, ...
    (comp.security.firewalls)
  • Re: What are these registry entries?
    ... > While looking through the startup files, I found these two entries in ... > the registry that have me wondering what they could be. ... > program called Pest Patrol to view both the startup files and the ... machines as one of those "hijacker/adware" packages. ...
    (microsoft.public.security)
  • Re: Weird BSOD with Bioshock and Crysis
    ... refuses to work - despite uninstalling, removing all entries from the ... registry etc. etc. presumably because I swapped DVD/R drives in trying to ... I have other virtual machines all stored on their own ...
    (comp.sys.ibm.pc.games.action)
  • Change, but dont add registry value
    ... the registry change should only take place on those machines where the ... The registry of machines where the application is ... Is this possible using an .adm file? ... But there is the same problem as with GPO: ...
    (microsoft.public.windows.group_policy)