[gptalk] GPO Processing after adding computer object to security group

  • From: David Cliffe <David.Cliffe@xxxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Tue, 07 Nov 2006 16:58:33 -0500

    I have some questions about  this scenario --> When delegation is
configured on a computer-based GPO [whereby only members of a specific
security group can read and apply the policy], and the computer object
is subsequently added to the necessary group:
    Does the computer require a reboot to pick up the fact that it is
now a member of the new security group (similar to logoff/logon for a
user to get new token when added to a group)?  Or does the next policy
refresh (or forced policy refresh) enable it to "realize" it is now a
member of that group without a reboot?
    Also, does the enumeration of the computer's security groups get
logged in USERENV.LOG?  I don't see anything about it, but then again I
have yet to enable the DEBUGGER flag (0x30002) - maybe it shows only
with that flag?

This email was sent to you by Reuters, the global news and information company. 
To find out more about Reuters visit www.about.reuters.com

Any views expressed in this message are those of the individual sender, except 
where the sender specifically states them to be the views of Reuters Ltd.

Other related posts: