Re: Group Policy is refreshing, but not working

Hello rosevilleca@xxxxxxxxx,

That policies are processed correctly make sure that on all domain machines only domain internal DNS servers are used, no ip addresses from external DNS servers like your ISP's. Please post an unedited ipconfig /all from a problem machine and your DNS server. Also make sure the the policy is linked to the OU where the computers are located.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

We set up a restricted group policy using the "member of" method to
add a group to the local administrators group of all the PC's in an
OU.
The policy works and adds the group on first reboot, but when the
group is manually removed from a client's local administrators group,
there is a very long delay before the group is re-added.
I checked the group policy refresh interval and it's set for 30
minutes with a 30 minute offset, so 60 minutes is the longest amount
of time it takes before it would refresh.
I also checked to make sure the refresh was working on the client by
running the Group Policy Results report on the machine and it does
show "Last time Group Policy was processed" refreshing on time between
30 minutes and an hour.
Despite the policy refreshing, the deleted group is not re-added to
the local administrators group even after rebooting the client.

The group is re-added to the client's local admins group only under
the following scenarios:

If I wait 24 hours and reboot, the group is re-added.
If I run gpupdate with the "force" switch at the client, the group is
re-added.
If I make any edits to the group policy, the group is re-added.
Shouldn't the group automatically re-add during the time of the
refresh interval (30-60 minutes)?

How can this be fixed?
I tried running the gpmonitor tool, but I don't see any kind of
instructions on how to use it. The help file has nothing usefeul,
just a glossary.


.

Relevant Pages

  • Group Policy is refreshing, but not working
    ... We set up a restricted group policy using the "member of" method to ... group is manually removed from a client's local administrators group, ... I checked the group policy refresh interval and it's set for 30 ... I also checked to make sure the refresh was working on the client by ...
    (microsoft.public.windows.group_policy)
  • RE: Local user policy
    ... > Thank you for posting to the SBS Newsgroup. ... > When client computer starts up, the command will be executed by system ... > account to add the domain users group to local administrators group. ... You are in the Group Policy Object Editor. ...
    (microsoft.public.windows.server.sbs)
  • RE: Local user policy
    ... Thank you for posting to the SBS Newsgroup. ... local administrators group on client computers. ... account to add the domain users group to local administrators group. ... You are in the Group Policy Object Editor. ...
    (microsoft.public.windows.server.sbs)
  • Re: how to add a domain user to all computer local groups?
    ... that would be best done as a computer startup script ... assigned with Group Policy, as opposed to a user login script. ... local administrators group, you'd enter in the group policy computer startup ...
    (microsoft.public.windows.server.active_directory)
  • RE: Default applying time for new GPOs
    ... To change the policy refresh interval setting, ... Controllers Group Policy object, which is linked to the Domain Controllers ... gpudate.exe using syntax gpupdate /force you can force reapplying all gpo ...
    (microsoft.public.windows.group_policy)