[gptalk] Re: GPO Processing after adding computer object to security group
- From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Tue, 7 Nov 2006 15:38:41 -0800
Nope, that would be a new one. Gpupdate /force shouldn't be able to do that.
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of David Cliffe
Sent: Tuesday, November 07, 2006 2:16 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO Processing after adding computer object to
security group
Thanks as always Darren...
Have you ever heard of machines NOT picking up the new group even after
reboot UNLESS you first GPUPDATE with /force?
-DC
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Tuesday, November 07, 2006 5:14 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO Processing after adding computer object to
security group
Dave-
Picking up the new computer group membership requires a reboot
unfortunately in all cases.
Sec grp. Membership is not recorded in userenv but it is returned by
gpresult or the GPMC GP results wizard.
Darren
-----Original Message-----
From: "David Cliffe" <David.Cliffe@xxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx
Sent: 11/7/2006 1:58 PM
Subject: [gptalk] GPO Processing after adding computer object to security
group
Hi,
I have some questions about this scenario --> When delegation is
configured on a computer-based GPO [whereby only members of a specific
security group can read and apply the policy], and the computer object is
subsequently added to the necessary group:
Does the computer require a reboot to pick up the fact that it is now a
member of the new security group (similar to logoff/logon for a user to get
new token when added to a group)? Or does the next policy refresh (or
forced policy refresh) enable it to "realize" it is now a member of that
group without a reboot?
Also, does the enumeration of the computer's security groups get logged
in USERENV.LOG? I don't see anything about it, but then again I have yet to
enable the DEBUGGER flag (0x30002) - maybe it shows only with that flag?
Thanks,
DaveC
This email was sent to you by Reuters, the global news and information
company.
To find out more about Reuters visit www.about.reuters.com
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of Reuters
Ltd.
[truncated by sender]
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
This email was sent to you by Reuters, the global news and information
company.
To find out more about Reuters visit www.about.reuters.com
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of Reuters
Ltd.
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
