Update Domain Policy on all pcs

[aconti]

Hello what is the best way to update a GPO domain policy like for example I have just changed a security option on an IPSec policy and I want it to be used by all pcs connected to the domain immediately. I have tried gpupdate on all pcs but it has no effect or takes a very long time. If I restarts all including the server then it is ok but I want a simpler way.

Thank you

[Sneakie]

Try



Gpupdate /force



and it gets done then and there



"aconti" <aconti.3o25vb@DoNotSpam.com> wrote in message
news:aconti.3o25vb@DoNotSpam.com...
>
> Hello what is the best way to update a GPO domain policy like for
> example I have just changed a security option on an IPSec policy and I
> want it to be used by all pcs connected to the domain immediately. I
> have tried gpupdate on all pcs but it has no effect or takes a very long
> time. If I restarts all including the server then it is ok but I want a
> simpler way.
>
> Thank you
>
>
> --
> aconti
> ------------------------------------------------------------------------
> aconti's Profile: http://forums.techarena.in/members/aconti.htm
> View this thread: http://forums.techarena.in/server-ne...ng/1128503.htm
>
> http://forums.techarena.in
>

[Giorgos]

Aconti,

I don't think there's a simpler way, except from doing what you said or
waiting for the GP to update itself.

Good luck.

--------

Networking and Telecommunications group
http://groups.google.com/group/networking_and_telecoms

[Meinolf Weber [MVP-DS]]

Hello aconti,

Gpupdate /force will do the update immediately. This command will not work
on OS earlier then XP/2003. There you have to use "secedit /refreshpolicy
machine_policy /enforce" or "secedit /refreshpolicy user_policy /enforce"
depending on the part of the GPO. That policies applied correct make sure
that DNS is setup correct and your machines use only domain internal DNS
servers on there NIC, no externals like your ISP's DNS server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello what is the best way to update a GPO domain policy like for
> example I have just changed a security option on an IPSec policy and I
> want it to be used by all pcs connected to the domain immediately. I
> have tried gpupdate on all pcs but it has no effect or takes a very
> long time. If I restarts all including the server then it is ok but I
> want a simpler way.
>
> Thank you
>
> http://forums.techarena.in
>

[aconti]

Also should all pcs have their default gateway set with the ip address of the domain controller or I just can set it as my router ip address. What effects would the latter leave on the domain. In brief to join a domain a pc should have the dns set to the correct domain controller which hosts the dns service and what as regards to the gateway ?

[Bill Grant]

Why would you set the default gateway to your DC address? The default
gateway is the IP address of your default router.

"aconti" <aconti.3o4xvb@DoNotSpam.com> wrote in message
news:aconti.3o4xvb@DoNotSpam.com...
>
> Also should all pcs have their default gateway set with the ip address
> of the domain controller or I just can set it as my router ip address.
> What effects would the latter leave on the domain. In brief to join a
> domain a pc should have the dns set to the correct domain controller
> which hosts the dns service and what as regards to the gateway ?
>
>
> --
> aconti
> ------------------------------------------------------------------------
> aconti's Profile: http://forums.techarena.in/members/aconti.htm
> View this thread: http://forums.techarena.in/server-ne...ng/1128503.htm
>
> http://forums.techarena.in
>

[Meinolf Weber [MVP-DS]]

Hello aconti,

The default gateway is the "exit" of your subnet/LAN. So the server should
not be the exit, it should be the router to the outside world. DNS have to
point to the domain DNS server, if you have no "exit" default gateway must
not be configured.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Also should all pcs have their default gateway set with the ip address
> of the domain controller or I just can set it as my router ip address.
> What effects would the latter leave on the domain. In brief to join a
> domain a pc should have the dns set to the correct domain controller
> which hosts the dns service and what as regards to the gateway ?
>
> http://forums.techarena.in
>

[aconti]

The reason is that I thought that for example if you set a GPO on a DC that would block internet traffic to all authenticated pcs but the pcs would have a default gateway of the router then they could skip this rule because internet traffic will sort of bypass the DC and communicate directly with the router and the internet. Can you see my point?