Group Policy is refreshing, but not working
- From: rosevilleca@xxxxxxxxx
- Date: Thu, 24 Jul 2008 08:39:31 -0700 (PDT)
We set up a restricted group policy using the "member of" method to
add a group to the local administrators group of all the PC's in an
OU.
The policy works and adds the group on first reboot, but when the
group is manually removed from a client's local administrators group,
there is a very long delay before the group is re-added.
I checked the group policy refresh interval and it's set for 30
minutes with a 30 minute offset, so 60 minutes is the longest amount
of time it takes before it would refresh.
I also checked to make sure the refresh was working on the client by
running the Group Policy Results report on the machine and it does
show "Last time Group Policy was processed" refreshing on time between
30 minutes and an hour.
Despite the policy refreshing, the deleted group is not re-added to
the local administrators group even after rebooting the client.
The group is re-added to the client's local admins group only under
the following scenarios:
If I wait 24 hours and reboot, the group is re-added.
If I run gpupdate with the "force" switch at the client, the group is
re-added.
If I make any edits to the group policy, the group is re-added.
Shouldn't the group automatically re-add during the time of the
refresh interval (30-60 minutes)?
How can this be fixed?
I tried running the gpmonitor tool, but I don't see any kind of
instructions on how to use it. The help file has nothing usefeul,
just a glossary.
.
- Follow-Ups:
- Re: Group Policy is refreshing, but not working
- From: Meinolf Weber
- Re: Group Policy is refreshing, but not working
- Prev by Date: Re: Apply Short Date Format through GPO on Domain
- Next by Date: Re: Group Policy is refreshing, but not working
- Previous by thread: Apply Short Date Format through GPO on Domain
- Next by thread: Re: Group Policy is refreshing, but not working
- Index(es):
Relevant Pages
|
Loading
